milia 1.2.1 → 1.3.1.beta1

data/lib/generators/milia/templates/devise_permitted_parameters.rb

@@ -0,0 +1,18 @@
+module DevisePermittedParameters
+	extend ActiveSupport::Concern
+
+	included do
+		before_filter :configure_permitted_parameters
+	end
+
+	protected
+
+	def configure_permitted_parameters
+		devise_parameter_sanitizer.permit(:sign_up,        keys: [:email, :password, :password_confirmation])
+		devise_parameter_sanitizer.permit(:account_update, keys: [:email, :password, :password_confirmation, :current_password])
+
+	end
+
+end
+
+DeviseController.send :include, DevisePermittedParameters

data/lib/generators/milia/templates/initializer.rb

@@ -5,9 +5,9 @@ Milia.setup do |config|
 
 # true if you wish to use a coupon-based option in your sign-up form
 # false to otherwise not expect a coupon attribute in the parameters
-  config.use_coupon = true
+  config.use_coupon = false
 
-# true if you use recaptcha on your sign-up form; 
+# true if you use recaptcha on your sign-up form;
   # be sure to include the gem 'recaptcha' in your Gemfile
 # false if you do not
   config.use_recaptcha = <%= !@skip_recaptcha %>
@@ -20,7 +20,7 @@ Milia.setup do |config|
   # be sure to include the gem 'airbrake' in your Gemfile
 # false if you do not
 # In certain situations, milia will notify airbrake of a situation which
-  # is not necessarily an exception: such as if someone attempts to 
+  # is not necessarily an exception: such as if someone attempts to
   # sign up but you're limited new sign ups (such as when in beta mode)
   # then you'll get notified via airbrake of the email of the person
   # attempting the signup (in case you wish to contact them)
@@ -30,12 +30,6 @@ Milia.setup do |config|
 # ASSUMES User model
   config.use_invite_member = <%= !@skip_invite_member %>
 
-  # whitelist user params list
-  # allows an app to expand the permitted attribute list
-  # specify each attribute as a symbol
-  # example: [:name]
-  # config.whitelist_user_params = []
-
   # whitelist tenant params list
   # allows an app to expand the permitted attribute list
   # specify each attribute as a symbol

data/lib/milia.rb

@@ -29,30 +29,11 @@ module Milia
   mattr_accessor :use_invite_member
   @@use_invite_member = true
 
-
-  # whitelist user params list
-  # allows an app to expand the permitted attribute list
-  # specify each attribute as a symbol
-  # example: [:name]
-  # config.whitelist_user_params = []
-  @@whitelist_user_params = []
-
-  def self.whitelist_user_params=(list)
-    raise ArgumentError unless !list.nil? && list.kind_of?( Array )
-    @@whitelist_user_params = list
-  end
-
-  def self.whitelist_user_params()
-    return [:email, :password, :password_confirmation] + 
-           @@whitelist_user_params
-  end
-
-
-  # whitelist user params list
+  # whitelist tenant params list
   # allows an app to expand the permitted attribute list
   # specify each attribute as a symbol
   # example: [:name]
-  # config.whitelist_user_params = []
+  # config.whitelist_tenant_params = []
   @@whitelist_tenant_params = []
 
   def self.whitelist_tenant_params=(list)
@@ -68,7 +49,7 @@ module Milia
   # allows an app to expand the permitted attribute list
   # specify each attribute as a symbol
   # example: [:name]
-  # config.whitelist_user_params = []
+  # config.whitelist_coupon_params = []
   @@whitelist_coupon_params = []
 
   def self.whitelist_coupon_params=(list)

data/lib/milia/base.rb

@@ -14,36 +14,29 @@ module Milia
 # Forces all references to be limited to current_tenant rows
 # ------------------------------------------------------------------------
       def acts_as_tenant()
-        belongs_to  :tenant
+        belongs_to :tenant
         validates_presence_of :tenant_id
 
-        default_scope lambda { where( "#{table_name}.tenant_id = ?", Thread.current[:tenant_id] ) }
+        default_scope lambda { where("#{table_name}.tenant_id = ?", Thread.current[:tenant_id]) }
 
-      # ..........................callback enforcers............................
-        before_validation(:on => :create) do |obj|   # force tenant_id to be correct for current_user
-          obj.tenant_id = Thread.current[:tenant_id]
-          true  #  ok to proceed
+        # ..........................callback enforcers............................
+        after_initialize do |obj|
+          # Whenever we initialize a new object it needs to have the correct tenant_id of the current_user.
+          # Ensures that destroy can be called on tenanted records which haven't been persisted yet.
+          obj.tenant_id ||= Thread.current[:tenant_id]
         end
 
-      # ..........................callback enforcers............................
-        before_save do |obj|   # force tenant_id to be correct for current_user
+        # ..........................callback enforcers............................
+        before_save do |obj| # force tenant_id to be correct for current_user
           # raise exception if updates attempted on wrong data
           raise ::Milia::Control::InvalidTenantAccess unless obj.tenant_id == Thread.current[:tenant_id]
-          true  #  ok to proceed
         end
 
-      # ..........................callback enforcers............................
-        # no longer needed because before_save invoked prior to before_update
-        #
-#         before_update do |obj|   # force tenant_id to be correct for current_user
-#           raise ::Milia::Control::InvalidTenantAccess unless obj.tenant_id == Thread.current[:tenant_id]
-#           true  #  ok to proceed
-#         end
-
-      # ..........................callback enforcers............................
-        before_destroy do |obj|   # force tenant_id to be correct for current_user
-          raise ::Milia::Control::InvalidTenantAccess unless obj.tenant_id == Thread.current[:tenant_id]
-          true  #  ok to proceed
+        # ..........................callback enforcers............................
+        before_destroy do |obj| # force tenant_id to be correct for current_user
+          if (obj.tenant_id != Thread.current[:tenant_id])
+            raise ::Milia::Control::InvalidTenantAccess
+          end
         end
 
       end
@@ -53,32 +46,24 @@ module Milia
 # Forces all reference to the universal tenant (nil)
 # ------------------------------------------------------------------------
       def acts_as_universal()
-        belongs_to  :tenant
+        belongs_to :tenant
 
-        default_scope { where( "#{table_name}.tenant_id IS NULL" ) }
+        default_scope { where("#{table_name}.tenant_id IS NULL") }
 
-      # ..........................callback enforcers............................
-        before_save do |obj|   # force tenant_id to be universal
-          raise ::Milia::Control::InvalidTenantAccess unless obj.tenant_id.nil?
-          true  #  ok to proceed
+        # ..........................callback enforcers............................
+        before_save do |obj| # force tenant_id to be universal
+          if obj.tenant_id.present?
+            raise ::Milia::Control::InvalidTenantAccess
+          end
         end
 
-      # ..........................callback enforcers............................
-#         before_update do |obj|   # force tenant_id to be universal
-        # no longer needed because before_save invoked prior to before_update
-        #
-#           raise ::Milia::Control::InvalidTenantAccess unless obj.tenant_id.nil?
-#           true  #  ok to proceed
-#         end
-
-      # ..........................callback enforcers............................
-        before_destroy do |obj|   # force tenant_id to be universal
+        # ..........................callback enforcers............................
+        before_destroy do |obj| # force tenant_id to be universal
           raise ::Milia::Control::InvalidTenantAccess unless obj.tenant_id.nil?
-          true  #  ok to proceed
         end
 
       end
-      
+
 # ------------------------------------------------------------------------
 # acts_as_universal_and_determines_tenant_reference
 # All the characteristics of acts_as_universal AND also does the magic
@@ -90,96 +75,96 @@ module Milia
 
         acts_as_universal()
 
-           # validate that a tenant exists prior to a user creation
+        # validate that a tenant exists prior to a user creation
         before_create do |new_user|
           if Thread.current[:tenant_id].blank? ||
-             !Thread.current[:tenant_id].kind_of?(Integer) ||
-             Thread.current[:tenant_id].zero?
+              !Thread.current[:tenant_id].kind_of?(Integer) ||
+              Thread.current[:tenant_id].zero?
 
-            raise ::Milia::Control::InvalidTenantAccess,"no existing valid current tenant" 
+            raise ::Milia::Control::InvalidTenantAccess, "no existing valid current tenant"
 
           end
-        end  # before create callback do
-        
-          # before create, tie user with current tenant
-          # return true if ok to proceed; false if break callback chain
+        end # before create callback do
+
+        # before create, tie user with current tenant
         after_create do |new_user|
-          tenant = Tenant.find( Thread.current[:tenant_id] )
+          tenant = Tenant.find(Thread.current[:tenant_id])
           unless tenant.users.include?(new_user)
-            tenant.users << new_user  # add user to this tenant if not already there
+            tenant.users << new_user # add user to this tenant if not already there
           end
-
         end # before_create do
-        
+
         before_destroy do |old_user|
-          old_user.tenants.clear    # remove all tenants for this user
-          true
+          old_user.tenants.clear # remove all tenants for this user
         end # before_destroy do
-        
-      end  # acts_as
+
+      end
 
 # ------------------------------------------------------------------------
 # ------------------------------------------------------------------------
-  def acts_as_universal_and_determines_tenant()
-    has_and_belongs_to_many :users
+      def acts_as_universal_and_determines_tenant()
+        has_and_belongs_to_many :users
 
-    acts_as_universal()
-    
-    before_destroy do |old_tenant|
-      old_tenant.users.clear  # remove all users from this tenant
-      true
-    end # before_destroy do
-  end
+        acts_as_universal()
+
+        before_destroy do |old_tenant|
+          old_tenant.users.clear # remove all users from this tenant
+          true
+        end # before_destroy do
+      end
 
 # ------------------------------------------------------------------------
 # current_tenant -- returns tenant obj for current tenant
-  # return nil if no current tenant defined
+# return nil if no current tenant defined
 # ------------------------------------------------------------------------
-  def current_tenant()
-    begin
-      tenant = (
-        Thread.current[:tenant_id].blank?  ?
-        nil  :
-        Tenant.find( Thread.current[:tenant_id] )
-      )
+      def current_tenant()
+        begin
+          tenant = (
+          Thread.current[:tenant_id].blank? ?
+              nil :
+              Tenant.find(Thread.current[:tenant_id])
+          )
+
+          return tenant
 
-      return tenant
+        rescue ActiveRecord::RecordNotFound
+          return nil
+        end
+      end
 
-    rescue ActiveRecord::RecordNotFound
-      return nil
-    end   
-  end
-    
 # ------------------------------------------------------------------------
 # current_tenant_id -- returns tenant_id for current tenant
 # ------------------------------------------------------------------------
-  def current_tenant_id()
-    return Thread.current[:tenant_id]
-  end
-  
+      def current_tenant_id()
+        return Thread.current[:tenant_id]
+      end
+
 # ------------------------------------------------------------------------
 # set_current_tenant -- model-level ability to set the current tenant
 # NOTE: *USE WITH CAUTION* normally this should *NEVER* be done from
 # the models ... it's only useful and safe WHEN performed at the start
 # of a background job (DelayedJob#perform)
 # ------------------------------------------------------------------------
-  def set_current_tenant( tenant )
-      # able to handle tenant obj or tenant_id
-    case tenant
-      when Tenant then tenant_id = tenant.id
-      when Integer then tenant_id = tenant
-      else
-        raise ArgumentError, "invalid tenant object or id"
-    end  # case
-    
-    old_id = ( Thread.current[:tenant_id].nil? ? '%' : Thread.current[:tenant_id] )
-    Thread.current[:tenant_id] = tenant_id
-    logger.debug("MILIA >>>>> [Tenant#change_tenant] new: #{tenant_id}\told:#{old_id}") unless logger.nil?
+      def set_current_tenant(tenant)
+        # able to handle tenant obj or tenant_id
+        case tenant
+          when Tenant then
+            tenant_id = tenant.id
+          when Integer then
+            tenant_id = tenant
+          else
+            raise ArgumentError, "invalid tenant object or id"
+        end # case
+
+        old_id                     = (Thread.current[:tenant_id].nil? ? '%' : Thread.current[:tenant_id])
+        Thread.current[:tenant_id] = tenant_id
+        logger.debug("MILIA >>>>> [Tenant#change_tenant] new: #{tenant_id}\told:#{old_id}") unless logger.nil?
+
+      end
 
-  end
 # ------------------------------------------------------------------------
 # ------------------------------------------------------------------------
- 
+
 # ------------------------------------------------------------------------
 # where_restrict_tenant -- gens tenant restrictive where clause for each klass
 # NOTE: subordinate join tables will not get the default scope by Rails
@@ -188,22 +173,16 @@ module Milia
 # right. adding an additional .where( where_restrict_tenants(klass1, klass2,...))
 # for each of the subordinate models in the join seems like a nice safety issue.
 # ------------------------------------------------------------------------
-  def where_restrict_tenant(*args)
-    args.map{|klass| "#{klass.table_name}.tenant_id = #{Thread.current[:tenant_id]}"}.join(" AND ")
-  end
-  
-# ------------------------------------------------------------------------
-# ------------------------------------------------------------------------
-
-# ------------------------------------------------------------------------
-# ------------------------------------------------------------------------
+      def where_restrict_tenant(*args)
+        args.map { |klass| "#{klass.table_name}.tenant_id = #{Thread.current[:tenant_id]}" }.join(" AND ")
+      end
 
 # ------------------------------------------------------------------------
 # ------------------------------------------------------------------------
 
-    end  # module ClassMethods
+    end # module ClassMethods
 # #############################################################################
 # #############################################################################
-    
-  end  # module Base
-end  # module Milia
+
+  end # module Base
+end # module Milia

data/lib/milia/control.rb

@@ -5,7 +5,7 @@ module Milia
     class InvalidTenantAccess < SecurityError; end
     class MaxTenantExceeded < ArgumentError; end
 # #############################################################################
-    
+
     def self.included(base)
       base.extend ClassMethods
     end
@@ -13,11 +13,11 @@ module Milia
 # #############################################################################
 # #############################################################################
     module ClassMethods
-      
+
     end  # module ClassMethods
 # #############################################################################
 # #############################################################################
-    
+
   public
 
 # ------------------------------------------------------------------------------
@@ -32,7 +32,7 @@ module Milia
 
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
-  def __milia_reset_tenant!( )
+  def __milia_reset_tenant!
     __milia_change_tenant!( nil )
     logger.debug("MILIA >>>>> [reset tenant] ") unless logger.nil?
   end
@@ -43,8 +43,8 @@ module Milia
     if ::Milia.trace_on
       tid = ( session[:tenant_id].nil? ? "%/#{Thread.current[:tenant_id]}" : session[:tenant_id].to_s )
       uid = ( current_user.nil?  ?  "%/#{session[:user_id]}"  : "#{current_user.id}")
-      logger.debug( 
-         "MILIA >>>>> [#{fm_msg}] stid: #{tid}\tuid: #{uid}\tus-in: #{user_signed_in?}" 
+      logger.debug(
+         "MILIA >>>>> [#{fm_msg}] stid: #{tid}\tuid: #{uid}\tus-in: #{user_signed_in?}"
       ) unless logger.nil?
     end # trace check
   end
@@ -58,11 +58,11 @@ module Milia
     def set_current_tenant( tenant_id = nil )
 
       if user_signed_in?
-        
+
         @_my_tenants ||= current_user.tenants  # gets all possible tenants for user
-        
+
         tenant_id ||= session[:tenant_id]   # use session tenant_id ?
-        
+
         if tenant_id.nil?  # no arg; find automatically based on user
           tenant_id = @_my_tenants.first.id  # just pick the first one
         else   # validate the specified tenant_id before setup
@@ -73,12 +73,12 @@ module Milia
         tenant_id = nil   # an impossible tenant_id
       end
 
-      __milia_change_tenant!( tenant_id )        
+      __milia_change_tenant!( tenant_id )
       trace_tenanting( "set_current_tenant" )
 
       true    # before filter ok to proceed
     end
-    
+
 # ------------------------------------------------------------------------------
 # initiate_tenant -- initiates first-time tenant; establishes thread
 # assumes not in a session yet (since here only upon new account sign-up)
@@ -87,9 +87,9 @@ module Milia
 #   tenant -- tenant obj of the new tenant
 # ------------------------------------------------------------------------------
   def initiate_tenant( tenant )
-      __milia_change_tenant!( tenant.id )        
+      __milia_change_tenant!( tenant.id )
   end
-  
+
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 
@@ -98,8 +98,8 @@ module Milia
 # -- authenticates user
 # -- sets current tenant
 # ------------------------------------------------------------------------------
-  def authenticate_tenant!()
-    unless authenticate_user!(force: true)
+  def authenticate_tenant!
+    unless current_user.present? || authenticate_user!(force: true)
       email = ( params.nil? || params[:user].nil?  ?  "<email missing>"  : params[:user][:email] )
       flash[:error] = "cannot sign in as #{email}; check email/password"
       logger.info("MILIA >>>>> [failed auth user] ") unless logger.nil?
@@ -123,33 +123,33 @@ module Milia
 
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
-  def max_tenants()
+  def max_tenants
     logger.info(
-      "MILIA >>>>> [max tenant signups] #{Time.now.to_s(:db)} - User: #{params[:user][:email]}, org: #{params[:tenant][:name]}"
+      "MILIA >>>>> [max tenant signups] #{Time.now.to_s(:db)} - User: '#{params[:user].try(:email)}', Tenant: '#{params[:tenant].try(:name)}'"
     ) unless logger.nil?
 
     flash[:error] = "Sorry: new accounts not permitted at this time"
-      
+
       # if using Airbrake & airbrake gem
     if ::Milia.use_airbrake
       notify_airbrake( $! )  # have airbrake report this -- requires airbrake gem
     end
     redirect_back
   end
-  
+
 # ------------------------------------------------------------------------------
 # invalid_tenant -- using wrong or bad data
 # ------------------------------------------------------------------------------
   def invalid_tenant
-    flash[:error] = "wrong tenant access; sign out & try again"
+    flash[:error] = "Wrong tenant access"
     redirect_back
   end
- 
+
 # ------------------------------------------------------------------------------
 # redirect_back -- bounce client back to referring page
 # ------------------------------------------------------------------------------
   def redirect_back
-    redirect_to :back rescue redirect_to root_path
+    super(fallback_location: root_path)
   end
 
 # ------------------------------------------------------------------------------
@@ -166,15 +166,15 @@ module Milia
     return option_obj if option_obj.instance_of?(klass)
     option_obj ||= {}  # if nil, makes it empty hash
     return klass.send( :new, option_obj )
-  end  
+  end
 
 # ------------------------------------------------------------------------------
   # prep_signup_view -- prepares for the signup view
   # args:
   #   tenant: either existing tenant obj or params for tenant
   #   user:   either existing user obj or params for user
-  # My signup form has fields for user's email, 
-  # organization's name (tenant model), coupon code, 
+  # My signup form has fields for user's email,
+  # organization's name (tenant model), coupon code,
 # ------------------------------------------------------------------------------
   def prep_signup_view(tenant=nil, user=nil, coupon={coupon:''})
     @user   = klass_option_obj( User, user )