lotus_admin 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3f1b026cfd1e070c4d1a0fff64c4d0214818a713c9cfbfaed3a0a476d870321e
4
- data.tar.gz: cbe3427768813ca6c7c7df6a97bbf6b2a599a2904e1a1c91f3c3c89781a9a56b
3
+ metadata.gz: 82eb960c647ff89e930551906a0886cdac56255ea0fe989ab6861cb486f81ca1
4
+ data.tar.gz: df0111ec129d5ad11c9e01fc40891a5199bead2a68322b186c445842e32d9010
5
5
  SHA512:
6
- metadata.gz: 644eeb24a1917d4ce1cc6ee9385151b6e059f409a0618fc751b88f5476ffd2aa7bf669c050c6abd17f946b30a53cf017d76a16b3cbb4deac3f51e404abac4522
7
- data.tar.gz: fbb8c7db19e309b90fed1d44ebc8697cba74420a043560f7a4a2450adbb8c6108e0cea5f06aaa8e888a8836a5bc04f83383050afd7a894fc42e303ad7dbddc3b
6
+ metadata.gz: 72efc100e64e636b9cda77a6f67610e336b2e9445d6081cba2a93006063e18ed060f0e1bc09ee0becd9da07c8820c9d6d49271f1e77d8d222f62e31c77c57b69
7
+ data.tar.gz: b5539dd34e997fb8c3502a4dc5818a2effc7126ab0ca0b082deef56d5cd3aa2e4bd857fb97cd17c8834e153551631b6fda834e6a9c290684c07ebdaa6163d5f1
@@ -0,0 +1,40 @@
1
+ module LotusAdmin
2
+ module Authorization
3
+ extend ActiveSupport::Concern
4
+
5
+ include Pundit
6
+
7
+ class_methods do
8
+ def policy_class(policy_class_or_name)
9
+ self._policy_class_name = policy_class_or_name.to_s
10
+ end
11
+ end
12
+
13
+ included do
14
+ class_attribute :_policy_class_name, instance_accessor: false
15
+
16
+ rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
17
+ end
18
+
19
+ private
20
+
21
+ def pundit_user
22
+ current_administrator
23
+ end
24
+
25
+ def beginning_of_association_chain
26
+ chain = super
27
+
28
+ if self.class._policy_class_name.present?
29
+ policy_scope(chain, policy_scope_class: "#{ self.class._policy_class_name }::Scope".constantize)
30
+ else
31
+ chain
32
+ end
33
+ end
34
+
35
+ def user_not_authorized
36
+ flash[:alert] = "You are not authorized to perform this action."
37
+ redirect_to(request.referrer || root_path)
38
+ end
39
+ end
40
+ end
@@ -9,7 +9,6 @@ module LotusAdmin
9
9
  self.filters_enabled = false
10
10
 
11
11
  class_attribute :_beginning_of_scope_chain, instance_accessor: false
12
- beginning_of_scope_chain {}
13
12
 
14
13
  let(:filters) { self.class.filters_config }
15
14
  let(:apply_filters?) do
@@ -17,7 +16,7 @@ module LotusAdmin
17
16
  end
18
17
 
19
18
  let(:filters_enabled?) { self.class.filters_enabled }
20
- let(:ransack_object) { instance_exec(&self.class._beginning_of_scope_chain).ransack(params[:q]) }
19
+ let(:ransack_object) { beginning_of_association_chain.ransack(params[:q]) }
21
20
  end
22
21
 
23
22
  class_methods do
@@ -38,6 +37,10 @@ module LotusAdmin
38
37
 
39
38
  private
40
39
 
40
+ def beginning_of_association_chain
41
+ instance_exec(&self.class._beginning_of_scope_chain)
42
+ end
43
+
41
44
  def end_of_association_chain
42
45
  paginate(ransack_object.result)
43
46
  end
@@ -1,9 +1,9 @@
1
1
  class LotusAdmin::AuthenticatedController < LotusAdmin::ApplicationController
2
2
  include LotusAdmin::PermittedParams
3
3
  include LotusAdmin::FilterableController
4
- include LotusAdmin::ResourcefulController
5
4
  include LotusAdmin::FileStreamer
6
5
  include LotusAdmin::Decorations
6
+ include LotusAdmin::Authorization
7
7
 
8
8
  before_action :authenticate_administrator!
9
9
  around_action :use_user_time_zone, if: :administrator_signed_in?
@@ -1,8 +1,20 @@
1
1
  class LotusAdmin::ResourceController < LotusAdmin::AuthenticatedController
2
- let(:resource) { resource_class.find(params[:id]) }
2
+ beginning_of_scope_chain { resource_class.all }
3
+
4
+ let(:resource) { beginning_of_association_chain.find(params[:id]) }
3
5
 
4
6
  before_action :set_view_paths, only: [:new, :edit, :index, :show]
5
7
 
8
+ def self.manages(model_class)
9
+ self._resource_class = model_class
10
+ end
11
+
12
+ class_attribute :_resource_class, instance_accessor: false
13
+
14
+ let(:menu_identifier) { "#{ resource_class.model_name.route_key }_index" }
15
+ let(:resource_class) { self.class._resource_class }
16
+ let(:collection_path) { url_for(resource_class) }
17
+
6
18
  def new
7
19
  self.resource = build_resource
8
20
  end
@@ -25,6 +37,14 @@ class LotusAdmin::ResourceController < LotusAdmin::AuthenticatedController
25
37
  end
26
38
  end
27
39
 
40
+ def index(&block)
41
+ respond_to do |format|
42
+ format.html
43
+
44
+ block.call(format) if block.present?
45
+ end
46
+ end
47
+
28
48
  def destroy
29
49
  if resource.destroy
30
50
  flash[:notice] = "#{ resource_class.model_name.human } has been removed"
@@ -38,7 +58,7 @@ class LotusAdmin::ResourceController < LotusAdmin::AuthenticatedController
38
58
  private
39
59
 
40
60
  def build_resource(params = {})
41
- current_organization.association(association_name).build(params)
61
+ resource_class.new(params)
42
62
  end
43
63
 
44
64
  def association_name
@@ -1,13 +1,10 @@
1
1
  module LotusAdmin
2
- class UsersController < LotusAdmin::AuthenticatedController
2
+ class UsersController < LotusAdmin::ResourceController
3
3
  manages LotusAdmin.configuration.user_class
4
-
5
- let(:user) { resource_class.find(params[:id]) }
4
+ policy_class LotusAdmin.configuration.user_class_policy
6
5
 
7
6
  permit_params :first_name, :last_name, :email, :time_zone
8
7
 
9
- beginning_of_scope_chain { resource_class.all }
10
-
11
8
  filter :first_name
12
9
  filter :last_name
13
10
  filter :email
@@ -15,15 +12,15 @@ module LotusAdmin
15
12
  filter :last_sign_in_at
16
13
 
17
14
  def new
18
- self.user = resource_class.new
15
+ self.resource = resource_class.new
19
16
  end
20
17
 
21
18
  def create
22
- self.user = resource_class.new(permitted_params)
23
- user.password = Devise.friendly_token.first(8)
19
+ self.resource = resource_class.new(permitted_params)
20
+ resource.password = Devise.friendly_token.first(8)
24
21
 
25
- if user.save
26
- user.send_invited_email_notification
22
+ if resource.save
23
+ resource.send_invited_email_notification
27
24
 
28
25
  redirect_to [lotus_admin, resource_class], notice: "Created new #{ resource_class.model_name.human }"
29
26
  else
@@ -32,8 +29,8 @@ module LotusAdmin
32
29
  end
33
30
 
34
31
  def update
35
- if user.update(permitted_params)
36
- redirect_to [lotus_admin, user], notice: 'Changes saved'
32
+ if resource.update(permitted_params)
33
+ redirect_to [lotus_admin, resource], notice: 'Changes saved'
37
34
  else
38
35
  render :edit
39
36
  end
@@ -13,7 +13,7 @@ module LotusAdmin
13
13
  end
14
14
 
15
15
  def class_for_menu(identifier)
16
- return 'active' if menu_identifier == identifier
16
+ return 'active' if menu_identifier.to_s == identifier.to_s
17
17
  end
18
18
 
19
19
  def class_for_parent_menu_item(identifier)
@@ -0,0 +1,51 @@
1
+ module LotusAdmin
2
+ class ApplicationPolicy
3
+ attr_reader :user, :record
4
+
5
+ def initialize(user, record)
6
+ @user = user
7
+ @record = record
8
+ end
9
+
10
+ def index?
11
+ false
12
+ end
13
+
14
+ def show?
15
+ false
16
+ end
17
+
18
+ def create?
19
+ false
20
+ end
21
+
22
+ def new?
23
+ create?
24
+ end
25
+
26
+ def update?
27
+ false
28
+ end
29
+
30
+ def edit?
31
+ update?
32
+ end
33
+
34
+ def destroy?
35
+ false
36
+ end
37
+
38
+ class Scope
39
+ attr_reader :user, :scope
40
+
41
+ def initialize(user, scope)
42
+ @user = user
43
+ @scope = scope
44
+ end
45
+
46
+ def resolve
47
+ scope.all
48
+ end
49
+ end
50
+ end
51
+ end
@@ -1,4 +1,4 @@
1
- = material_form_for [lotus_admin, user] do |f|
1
+ = material_form_for [lotus_admin, resource] do |f|
2
2
  .form-inputs
3
3
  = f.input :first_name
4
4
  = f.input :last_name
@@ -6,5 +6,5 @@
6
6
  = f.input :time_zone, priority: /US/
7
7
 
8
8
  .form-actions
9
- = material_form_submit(user)
9
+ = material_form_submit(resource)
10
10
  = material_form_cancel(lotus_admin.polymorphic_path(resource_class))
@@ -2,8 +2,8 @@
2
2
  %h2= page_title!("#{ resource_class.model_name.human } Details")
3
3
 
4
4
  %ul.actions
5
- %li= edit_link(user)
6
- %li= destroy_link(user)
5
+ %li= edit_link(resource)
6
+ %li= destroy_link(resource)
7
7
 
8
8
  .card
9
9
  .card-header
@@ -13,12 +13,12 @@
13
13
  .row
14
14
  .col-sm-6
15
15
  .list-group
16
- = panel_attribute(user, :first_name)
17
- = panel_attribute(user, :last_name)
18
- = panel_attribute(user, :time_zone)
16
+ = panel_attribute(resource, :first_name)
17
+ = panel_attribute(resource, :last_name)
18
+ = panel_attribute(resource, :time_zone)
19
19
 
20
20
  .col-sm-5
21
21
  .list-group
22
- = panel_attribute(user, :email)
23
- = panel_attribute(user, :created_at) do
24
- = I18n.l(user.created_at)
22
+ = panel_attribute(resource, :email)
23
+ = panel_attribute(resource, :created_at) do
24
+ = I18n.l(resource.created_at)
@@ -23,5 +23,13 @@ module LotusAdmin
23
23
  def user_class
24
24
  @user_class ||= user_class_name.constantize
25
25
  end
26
+
27
+ def user_class_policy=(policy_class_or_name)
28
+ @user_class_policy = policy_class_or_name.to_s
29
+ end
30
+
31
+ def user_class_policy
32
+ @user_class_policy&.safe_constantize
33
+ end
26
34
  end
27
35
  end
@@ -1,3 +1,3 @@
1
1
  module LotusAdmin
2
- VERSION = '1.3.0'
2
+ VERSION = '1.4.0'
3
3
  end
data/lib/lotus_admin.rb CHANGED
@@ -18,6 +18,7 @@ require 'page_title_helper'
18
18
  require 'kaminari'
19
19
  require 'ransack'
20
20
  require 'draper'
21
+ require 'pundit'
21
22
 
22
23
  require 'lotus_admin/configuration'
23
24
  require 'lotus_admin/form_builder'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lotus_admin
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Millsaps-Brewer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-03-25 00:00:00.000000000 Z
11
+ date: 2020-03-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -240,6 +240,20 @@ dependencies:
240
240
  - - ">="
241
241
  - !ruby/object:Gem::Version
242
242
  version: '4.0'
243
+ - !ruby/object:Gem::Dependency
244
+ name: pundit
245
+ requirement: !ruby/object:Gem::Requirement
246
+ requirements:
247
+ - - "~>"
248
+ - !ruby/object:Gem::Version
249
+ version: '2.1'
250
+ type: :runtime
251
+ prerelease: false
252
+ version_requirements: !ruby/object:Gem::Requirement
253
+ requirements:
254
+ - - "~>"
255
+ - !ruby/object:Gem::Version
256
+ version: '2.1'
243
257
  - !ruby/object:Gem::Dependency
244
258
  name: pg
245
259
  requirement: !ruby/object:Gem::Requirement
@@ -363,13 +377,13 @@ files:
363
377
  - app/assets/stylesheets/lotus_admin/components/_filters.scss
364
378
  - app/assets/stylesheets/lotus_admin/components/_forms.scss
365
379
  - app/assets/stylesheets/lotus_admin/components/_tables.scss
380
+ - app/controllers/concerns/lotus_admin/authorization.rb
366
381
  - app/controllers/concerns/lotus_admin/decorations.rb
367
382
  - app/controllers/concerns/lotus_admin/devise_controllers.rb
368
383
  - app/controllers/concerns/lotus_admin/exposure.rb
369
384
  - app/controllers/concerns/lotus_admin/file_streamer.rb
370
385
  - app/controllers/concerns/lotus_admin/filterable_controller.rb
371
386
  - app/controllers/concerns/lotus_admin/permitted_params.rb
372
- - app/controllers/concerns/lotus_admin/resourceful_controller.rb
373
387
  - app/controllers/lotus_admin/application_controller.rb
374
388
  - app/controllers/lotus_admin/authenticated_controller.rb
375
389
  - app/controllers/lotus_admin/confirmations_controller.rb
@@ -397,6 +411,7 @@ files:
397
411
  - app/models/lotus_admin/application_record.rb
398
412
  - app/models/lotus_admin/filters/configuration.rb
399
413
  - app/models/lotus_admin/user.rb
414
+ - app/policies/lotus_admin/application_policy.rb
400
415
  - app/services/lotus_admin/exporter.rb
401
416
  - app/views/administrators/_links.html.haml
402
417
  - app/views/administrators/confirmations/new.html.haml
@@ -1,25 +0,0 @@
1
- module LotusAdmin::ResourcefulController
2
- extend ActiveSupport::Concern
3
-
4
- included do
5
- class_attribute :_resource_class, instance_accessor: false
6
-
7
- let(:menu_identifier) { "#{ resource_class.model_name.route_key }_index" }
8
- let(:resource_class) { self.class._resource_class }
9
- let(:collection_path) { url_for(resource_class) }
10
- end
11
-
12
- class_methods do
13
- def manages(model_class)
14
- self._resource_class = model_class
15
- end
16
- end
17
-
18
- def index(&block)
19
- respond_to do |format|
20
- format.html
21
-
22
- block.call(format) if block.present?
23
- end
24
- end
25
- end