RubyGems - motor-admin - Versions diffs - 0.1.54 → 0.1.60 - Mend

motor-admin 0.1.54 → 0.1.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

checksums.yaml +4 -4
data/README.md +6 -4
data/app/controllers/concerns/motor/current_ability.rb +21 -0
data/app/controllers/concerns/motor/current_user_method.rb +8 -7
data/app/controllers/motor/alerts_controller.rb +4 -4
data/app/controllers/motor/api_base_controller.rb +1 -12
data/app/controllers/motor/application_controller.rb +1 -0
data/app/controllers/motor/audits_controller.rb +1 -1
data/app/controllers/motor/auth_tokens_controller.rb +36 -0
data/app/controllers/motor/configs_controller.rb +2 -2
data/app/controllers/motor/dashboards_controller.rb +8 -4
data/app/controllers/motor/data_controller.rb +9 -4
data/app/controllers/motor/forms_controller.rb +4 -4
data/app/controllers/motor/icons_controller.rb +2 -0
data/app/controllers/motor/queries_controller.rb +4 -4
data/app/controllers/motor/resource_methods_controller.rb +2 -0
data/app/controllers/motor/resources_controller.rb +2 -2
data/app/controllers/motor/run_queries_controller.rb +12 -1
data/app/controllers/motor/ui_controller.rb +1 -1
data/app/views/motor/ui/show.html.erb +1 -1
data/config/routes.rb +1 -0
data/lib/motor.rb +1 -0
data/lib/motor/admin.rb +20 -0
data/lib/motor/api_query/build_json.rb +101 -47
data/lib/motor/api_query/filter.rb +2 -0
data/lib/motor/api_query/search.rb +1 -0
data/lib/motor/assets.rb +10 -1
data/lib/motor/build_schema.rb +3 -1
data/lib/motor/build_schema/active_storage_attachment_schema.rb +1 -0
data/lib/motor/build_schema/apply_permissions.rb +50 -0
data/lib/motor/build_schema/find_display_column.rb +1 -0
data/lib/motor/build_schema/find_icon.rb +5 -1
data/lib/motor/cancan_utils.rb +7 -0
data/lib/motor/cancan_utils/ability_patch.rb +29 -0
data/lib/motor/cancan_utils/can_manage_all.rb +14 -0
data/lib/motor/configs/build_ui_app_tag.rb +26 -16
data/lib/motor/configs/load_from_cache.rb +20 -8
data/lib/motor/queries/run_query.rb +7 -3
data/lib/motor/version.rb +1 -1
data/ui/dist/{main-67fbb3a8f6a6388434c8.css.gz → main-96c4a62d2fb789ab1080.css.gz} +0 -0
data/ui/dist/main-96c4a62d2fb789ab1080.js.gz +0 -0
data/ui/dist/manifest.json +5 -5
metadata +12 -7
data/app/controllers/motor/schemas_controller.rb +0 -11
data/ui/dist/main-67fbb3a8f6a6388434c8.js.gz +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f9950ae7594d0e67084469151a267b131627fbfe5a2e7954628dd4b1afd5b12
-  data.tar.gz: cb6f0a797d08007c4e7eeef3b2f501a3b0768807e9ba4e9b36ad9912fe764f93
+  metadata.gz: 5d709fb5b88f56a20cb9c2f906f3540b53278e04becc96598556dba70a0dcb4f
+  data.tar.gz: 5ffca9ae9451e2aa373957116c1b9b6607f5aba3bc1fa1cee555682c1a2987be
 SHA512:
-  metadata.gz: 772e65f663cc7abb9212d31ccfd1dd3fa85a0d890e83e24a6c18a07120cc004a177a5f9efd95f41340e11e211e8ba698d46f0f3dd973579804a9b082eaf0f976
-  data.tar.gz: 8ec2b114b8689746d0a7f4e7656186c693653e3fcc359771dc82294ffe6a2f0b8e01e624bf9417c9f887a4fa65e8ab6609242a70a2d9bdd345b72f7a05d02347
+  metadata.gz: 944babec34990e1889a52e76f652ca725dda31f4bcbb75aefc47cb715beca9a1a6127d6c5aa1e70437beafdf6a0c9cfaaaf3cf29a901524980812e23134cefaa
+  data.tar.gz: c79c99d0491e3c02c05296f0ace0ace54bbeeef1cd11f927b49f5edd814503f3e5f0f5a017c184e97bbce9a4b02b7279db36333a8b3fb796fb6125f283e8604a

data/README.md CHANGED Viewed

@@ -1,8 +1,8 @@
-# ⚡ Motor Admin
+# ⚡ Motor Admin ⚡
 Low-code Admin panel and Business intelligence Rails engine **(no DSL - configurable from the UI)**.
-🤓 [Demo App](https://motor-admin.herokuapp.com/demo) | [Features overview](https://www.youtube.com/watch?v=ngVoci8Hll4&list=PLu7llEMh0KcOkR3Uy_RJT0cXPZQKAYVsq&index=1)
+🤓 [Demo App](https://motor-admin.herokuapp.com/demo) | 👀 [Features overview](https://www.youtube.com/watch?v=ngVoci8Hll4&list=PLu7llEMh0KcOkR3Uy_RJT0cXPZQKAYVsq&index=1) | ⭐ [Stargathers](https://github.com/omohokcoj/motor-admin/stargazers)
 [![Admin Panel](https://user-images.githubusercontent.com/5418788/119318538-1f30e300-bc82-11eb-94a4-107c31c93b13.png)](https://motor-admin.herokuapp.com/demo)
@@ -32,6 +32,7 @@ $ rails motor:install && rake db:migrate
 * [Data visualization](#data-visualization)
 * [Dashboards](#dashboards)
 * [Email alerts](#email-alerts)
+* [Authorization](#authorization)
 * [Intelligence search](#intelligence-search)
 * [Optimized for mobile](#optimized-for-mobile)
 * [Configurations sync between environments](#configurations-sync)
@@ -90,6 +91,9 @@ Sender address can be specified using `MOTOR_ALERTS_FROM_ADDRESS` environment va
 Intelligence search can be opened via the top right corner button or using <kbd>Cmd</kbd> + <kbd>P</kbd> shortcut.
+### Authorization
+Motor Admin allows to set row-level and column-level permissions via [cancan](https://github.com/CanCanCommunity/cancancan) gem. Admin UI permissions should be defined in `app/models/motor/ability.rb` file in `Motor::Ability` class. See [Motor Admin guide](https://github.com/omohokcoj/motor-admin/blob/master/guides/defining_permissions.md) and [CanCan documentation](https://github.com/CanCanCommunity/cancancan/blob/develop/docs/Defining-Abilities.md) to learn how to define user permissions.
 ### Optimized for Mobile
@@ -141,8 +145,6 @@ MOTOR_DEVELOPMENT=true rails s
 ## Comming Soon
-* User groups
-* Row-level permissions
 * Multiple databases
 * NoSQL data sources
 * Pro Bussines intelligence features

data/app/controllers/concerns/motor/current_ability.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module Motor
+  module CurrentAbility
+    def current_ability
+      @current_ability ||=
+        if defined?(Motor::Ability) && current_user
+          klass = Motor::Ability.dup.tap do |k|
+            k.prepend(Motor::CancanUtils::AbilityPatch)
+          end
+          params = [current_user]
+          params << request if Motor::Ability.instance_method(:initialize).arity == 2
+          klass.new(*params)
+        else
+          Motor::CancanUtils::CanManageAll.new
+        end
+    end
+  end
+end

data/app/controllers/concerns/motor/current_user_method.rb CHANGED Viewed

@@ -3,13 +3,14 @@
 module Motor
   module CurrentUserMethod
     def current_user
-      if defined?(current_admin)
-        current_admin
-      elsif defined?(current_admin_user)
-        current_admin_user
-      elsif defined?(super)
-        super
-      end
+      @current_user ||=
+        if defined?(current_admin)
+          current_admin
+        elsif defined?(current_admin_user)
+          current_admin_user
+        elsif defined?(super)
+          super
+        end
     end
   end
 end

data/app/controllers/motor/alerts_controller.rb CHANGED Viewed

@@ -10,11 +10,11 @@ module Motor
     authorize_resource :alert, only: :create
     def index
-      render json: { data: Motor::ApiQuery::BuildJson.call(@alerts.active, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@alerts.active, params, current_ability) }
     end
     def show
-      render json: { data: Motor::ApiQuery::BuildJson.call(@alert, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@alert, params, current_ability) }
     end
     def create
@@ -25,7 +25,7 @@ module Motor
         Motor::Alerts::ScheduledAlertsCache.clear
         Motor::Configs::WriteToFile.call
-        render json: { data: Motor::ApiQuery::BuildJson.call(@alert, params) }
+        render json: { data: Motor::ApiQuery::BuildJson.call(@alert, params, current_ability) }
       end
     rescue Motor::Alerts::Persistance::InvalidInterval
       invalid_interval_response
@@ -36,7 +36,7 @@ module Motor
       Motor::Alerts::ScheduledAlertsCache.clear
       Motor::Configs::WriteToFile.call
-      render json: { data: Motor::ApiQuery::BuildJson.call(@alert, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@alert, params, current_ability) }
     rescue Motor::Alerts::Persistance::NameAlreadyExists
       name_already_exists_response
     rescue Motor::Alerts::Persistance::InvalidInterval

data/app/controllers/motor/api_base_controller.rb CHANGED Viewed

@@ -3,14 +3,7 @@
 module Motor
   class ApiBaseController < ActionController::API
     include Motor::CurrentUserMethod
-    class CanCanAbilityManageAll
-      include CanCan::Ability
-      def initialize(_)
-        can :manage, :all
-      end
-    end
+    include Motor::CurrentAbility
     unless Rails.env.test?
       rescue_from StandardError do |e|
@@ -19,9 +12,5 @@ module Motor
         render json: { errors: [e.message] }, status: :internal_server_error
       end
     end
-    def current_ability
-      CanCanAbilityManageAll.new(current_user)
-    end
   end
 end

data/app/controllers/motor/application_controller.rb CHANGED Viewed

@@ -3,5 +3,6 @@
 module Motor
   class ApplicationController < ActionController::Base
     include Motor::CurrentUserMethod
+    include Motor::CurrentAbility
   end
 end

data/app/controllers/motor/audits_controller.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Motor
       audits = Motor::ApiQuery.call(@audits, params)
       render json: {
-        data: Motor::ApiQuery::BuildJson.call(audits, params),
+        data: Motor::ApiQuery::BuildJson.call(audits, params, current_ability),
         meta: Motor::ApiQuery::BuildMeta.call(audits, params)
       }
     end

data/app/controllers/motor/auth_tokens_controller.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+module Motor
+  class AuthTokensController < ApiBaseController
+    GENERIC_TOKEN_TTL = 2.hours
+    skip_authorization_check
+    def create
+      return render json: {} unless current_user
+      if defined?(Devise::JWT)
+        respond_with_devise_jwt
+      elsif defined?(JWT)
+        respond_with_generic_jwt
+      else
+        render json: {}
+      end
+    end
+    private
+    def respond_with_devise_jwt
+      warden.set_user(current_user)
+      render json: { token: request.env['warden-jwt_auth.token'] }
+    end
+    def respond_with_generic_jwt
+      payload = { uid: current_user.id, exp: GENERIC_TOKEN_TTL.from_now.to_i }
+      token = JWT.encode(payload, Rails.application.secrets.secret_key_base)
+      render json: { token: token }
+    end
+  end
+end

data/app/controllers/motor/configs_controller.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Motor
     load_and_authorize_resource
     def index
-      render json: { data: Motor::ApiQuery::BuildJson.call(@configs, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@configs, params, current_ability) }
     end
     def create
@@ -19,7 +19,7 @@ module Motor
       @config.save!
       Motor::Configs::WriteToFile.call
-      render json: { data: Motor::ApiQuery::BuildJson.call(@config, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@config, params, current_ability) }
     rescue ActiveRecord::RecordNotUnique
       retry
     end

data/app/controllers/motor/dashboards_controller.rb CHANGED Viewed

@@ -10,11 +10,11 @@ module Motor
     authorize_resource :dashboard, only: :create
     def index
-      render json: { data: Motor::ApiQuery::BuildJson.call(@dashboards.active, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@dashboards.active, params, current_ability) }
     end
     def show
-      render json: { data: Motor::ApiQuery::BuildJson.call(@dashboard, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@dashboard, params, current_ability) }
     end
     def create
@@ -24,7 +24,7 @@ module Motor
         ApplicationRecord.transaction { @dashboard.save! }
         Motor::Configs::WriteToFile.call
-        render json: { data: Motor::ApiQuery::BuildJson.call(@dashboard, params) }
+        render json: { data: Motor::ApiQuery::BuildJson.call(@dashboard, params, current_ability) }
       end
     rescue ActiveRecord::RecordNotUnique
       retry
@@ -34,7 +34,7 @@ module Motor
       Motor::Dashboards::Persistance.update_from_params!(@dashboard, dashboard_params)
       Motor::Configs::WriteToFile.call
-      render json: { data: Motor::ApiQuery::BuildJson.call(@dashboard, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@dashboard, params, current_ability) }
     rescue Motor::Dashboards::Persistance::TitleAlreadyExists
       render json: { errors: [{ source: 'title', detail: 'Title already exists' }] }, status: :unprocessable_entity
     end
@@ -51,6 +51,10 @@ module Motor
     def build_dashboard
       @dashboard = Motor::Dashboards::Persistance.build_from_params(dashboard_params)
+      @dashboard.define_singleton_method(:tags) do
+        taggable_tags.map(&:tag)
+      end
     end
     def dashboard_params

data/app/controllers/motor/data_controller.rb CHANGED Viewed

@@ -11,19 +11,19 @@ module Motor
       @resources = Motor::ApiQuery.call(@resources, params)
       render json: {
-        data: Motor::ApiQuery::BuildJson.call(@resources, params),
+        data: Motor::ApiQuery::BuildJson.call(@resources, params, current_ability),
         meta: Motor::ApiQuery::BuildMeta.call(@resources, params)
       }
     end
     def show
-      render json: { data: Motor::ApiQuery::BuildJson.call(@resource, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@resource, params, current_ability) }
     end
     def create
       @resource.save!
-      render json: { data: Motor::ApiQuery::BuildJson.call(@resource, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@resource, params, current_ability) }
     rescue ActiveRecord::RecordInvalid
       render json: { errors: @resource.errors }, status: :unprocessable_entity
     end
@@ -31,7 +31,7 @@ module Motor
     def update
       @resource.update!(resource_params)
-      render json: { data: Motor::ApiQuery::BuildJson.call(@resource, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@resource, params, current_ability) }
     rescue ActiveRecord::RecordInvalid
       render json: { errors: @resource.errors }, status: :unprocessable_entity
     end
@@ -47,6 +47,11 @@ module Motor
     end
     def execute
+      resource_preferences = Motor::Resource.find_by(name: @resource.class.name.underscore).preferences
+      resource_action = resource_preferences[:actions].find { |a| a[:preferences][:method_name] == params[:method] }
+      authorize!(resource_action[:name].to_sym, @resource)
       @resource.public_send(params[:method].to_sym)
       head :ok

data/app/controllers/motor/forms_controller.rb CHANGED Viewed

@@ -10,11 +10,11 @@ module Motor
     authorize_resource :form, only: :create
     def index
-      render json: { data: Motor::ApiQuery::BuildJson.call(@forms.active, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@forms.active, params, current_ability) }
     end
     def show
-      render json: { data: Motor::ApiQuery::BuildJson.call(@form, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@form, params, current_ability) }
     end
     def create
@@ -24,7 +24,7 @@ module Motor
         ApplicationRecord.transaction { @form.save! }
         Motor::Configs::WriteToFile.call
-        render json: { data: Motor::ApiQuery::BuildJson.call(@form, params) }
+        render json: { data: Motor::ApiQuery::BuildJson.call(@form, params, current_ability) }
       end
     rescue ActiveRecord::RecordNotUnique
       retry
@@ -34,7 +34,7 @@ module Motor
       Motor::Forms::Persistance.update_from_params!(@form, form_params)
       Motor::Configs::WriteToFile.call
-      render json: { data: Motor::ApiQuery::BuildJson.call(@form, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@form, params, current_ability) }
     rescue Motor::Forms::Persistance::NameAlreadyExists
       render json: { errors: [{ source: 'name', detail: 'Name already exists' }] }, status: :unprocessable_entity
     end

data/app/controllers/motor/icons_controller.rb CHANGED Viewed

@@ -2,6 +2,8 @@
 module Motor
   class IconsController < ApiBaseController
+    skip_authorization_check
     CACHE_STORE = ActiveSupport::Cache::MemoryStore.new
     def index

data/app/controllers/motor/queries_controller.rb CHANGED Viewed

@@ -10,11 +10,11 @@ module Motor
     authorize_resource :query, only: :create
     def index
-      render json: { data: Motor::ApiQuery::BuildJson.call(@queries.active, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@queries.active, params, current_ability) }
     end
     def show
-      render json: { data: Motor::ApiQuery::BuildJson.call(@query, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@query, params, current_ability) }
     end
     def create
@@ -24,7 +24,7 @@ module Motor
         ApplicationRecord.transaction { @query.save! }
         Motor::Configs::WriteToFile.call
-        render json: { data: Motor::ApiQuery::BuildJson.call(@query, params) }
+        render json: { data: Motor::ApiQuery::BuildJson.call(@query, params, current_ability) }
       end
     rescue ActiveRecord::RecordNotUnique
       retry
@@ -34,7 +34,7 @@ module Motor
       Motor::Queries::Persistance.update_from_params!(@query, query_params)
       Motor::Configs::WriteToFile.call
-      render json: { data: Motor::ApiQuery::BuildJson.call(@query, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@query, params, current_ability) }
     rescue Motor::Queries::Persistance::NameAlreadyExists
       render json: { errors: [{ source: 'name', detail: 'Name already exists' }] }, status: :unprocessable_entity
     end

data/app/controllers/motor/resource_methods_controller.rb CHANGED Viewed

@@ -2,6 +2,8 @@
 module Motor
   class ResourceMethodsController < ApiBaseController
+    skip_authorization_check
     before_action :authorize_resource
     def show

data/app/controllers/motor/resources_controller.rb CHANGED Viewed

@@ -7,14 +7,14 @@ module Motor
     load_and_authorize_resource
     def index
-      render json: { data: Motor::ApiQuery::BuildJson.call(@resources, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@resources, params, current_ability) }
     end
     def create
       Motor::BuildSchema::PersistResourceConfigs.call(@resource)
       Motor::Configs::WriteToFile.call
-      render json: { data: Motor::ApiQuery::BuildJson.call(@resource, params) }
+      render json: { data: Motor::ApiQuery::BuildJson.call(@resource, params, current_ability) }
     end
     private

data/app/controllers/motor/run_queries_controller.rb CHANGED Viewed

@@ -20,7 +20,8 @@ module Motor
     private
     def render_result
-      query_result = Queries::RunQuery.call(@query, variables_hash: params[:variables])
+      variables = params.fetch(:variables, {}).merge(current_user_variables)
+      query_result = Queries::RunQuery.call(@query, variables_hash: variables)
       if query_result.error
         render json: { errors: [{ detail: query_result.error }] }, status: :unprocessable_entity
@@ -29,6 +30,16 @@ module Motor
       end
     end
+    def current_user_variables
+      return {} unless current_user
+      current_user
+        .attributes
+        .slice('id', 'email')
+        .transform_keys { |key| "current_user_#{key}" }
+        .compact
+    end
     def query_result_hash(query_result)
       {
         data: query_result.data,

data/app/controllers/motor/ui_controller.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Motor
   class UiController < ApplicationController
     layout 'motor/application'
-    helper_method :current_user
+    helper_method :current_user, :current_ability
     def index
       render_ui

data/app/views/motor/ui/show.html.erb CHANGED Viewed

	@@ -1 +1 @@
1	- <%= raw(Motor::Configs::BuildUiAppTag.call(current_user)) %>
1	+ <%= raw(Motor::Configs::BuildUiAppTag.call(current_user, current_ability)) %>

data/config/routes.rb CHANGED Viewed

@@ -5,6 +5,7 @@ Motor::Admin.routes.draw do
     scope 'api', as: :api do
       resources :run_queries, only: %i[show create]
       resources :send_alerts, only: %i[create]
+      resources :auth_tokens, only: %i[create]
       resources :queries, only: %i[index show create update destroy]
       resources :tags, only: %i[index]
       resources :configs, only: %i[index create]

data/lib/motor.rb CHANGED Viewed

@@ -53,6 +53,7 @@ require 'motor/version'
 require 'motor/admin'
 require 'motor/assets'
 require 'motor/active_record_utils'
+require 'motor/cancan_utils'
 require 'motor/build_schema'
 require 'motor/api_query'
 require 'motor/tags'

data/lib/motor/admin.rb CHANGED Viewed

@@ -65,10 +65,30 @@ module Motor
       end
     end
+    initializer 'warden.configure.dispatch_requests' do
+      next unless defined?(Warden::JWTAuth)
+      config.after_initialize do
+        Warden::JWTAuth.configure do |config|
+          config.dispatch_requests += [
+            ['POST', /\A#{Regexp.escape(Motor::Admin.routes.url_helpers.motor_api_auth_tokens_path)}\z/]
+          ]
+        end
+      end
+    end
     initializer 'motor.active_storage.extensions' do
       config.after_initialize do
         next unless defined?(ActiveStorage::Engine)
+        ActiveSupport.on_load(:active_storage_attachment) do
+          ActiveStorage::Attachment.include(Motor::ActiveRecordUtils::ActiveStorageLinksExtension)
+        end
+        ActiveSupport.on_load(:active_storage_blob) do
+          ActiveStorage::Blob.singleton_class.prepend(Motor::ActiveRecordUtils::ActiveStorageBlobPatch)
+        end
         ActiveStorage::Attachment.include(Motor::ActiveRecordUtils::ActiveStorageLinksExtension)
         ActiveStorage::Blob.singleton_class.prepend(Motor::ActiveRecordUtils::ActiveStorageBlobPatch)
       end

data/lib/motor/api_query/build_json.rb CHANGED Viewed

@@ -5,83 +5,90 @@ module Motor
     module BuildJson
       module_function
-      def call(rel, params)
-        rel = rel.none if params.dig(:page, :limit).yield_self { |limit| limit.present? && limit.to_i.zero? }
+      # @param rel [ActiveRecord::Base, ActiveRecord::Relation]
+      # @param params [Hash]
+      # @param current_ability [CanCan::Ability]
+      # @return [Hash]
+      def call(rel, params, current_ability = Motor::CancanUtils::CanManageAll.new)
+        rel = rel.none if limit_zero_params?(params)
         rel = rel.preload_associations_lazily if rel.is_a?(ActiveRecord::Relation)
-        json_params = {}.with_indifferent_access
-        assign_include_params(json_params, rel, params)
-        assign_fields_params(json_params, rel, params)
-        rel.as_json(json_params)
-      end
+        model = rel.is_a?(ActiveRecord::Relation) ? rel.klass : rel.class
-      def assign_include_params(json_params, _rel, api_params)
-        return if api_params['include'].blank?
+        include_hash = build_include_hash(params['include'])
+        models_index = build_models_index(model, include_hash)
-        include_params = api_params['include']
+        json_params = normalize_include_params(include_hash)
-        if include_params.is_a?(String)
-          include_params =
-            include_params.split(',').reduce({}) do |accumulator, path|
-              hash = {}
+        assign_fields_params!(json_params, model, params, current_ability, models_index)
-              path.split('.').reduce(hash) do |acc, part|
-                acc_hash = {}
-                acc[part] = acc_hash
+        rel.as_json(json_params.with_indifferent_access)
+      end
-                acc_hash
-              end
+      # @param include_params [Hash]
+      # @return [Hash]
+      def build_include_hash(include_params)
+        return {} if include_params.blank?
-              accumulator.deep_merge(hash)
-            end
+        if include_params.is_a?(String)
+          build_hash_from_string_path(include_params)
+        else
+          include_params
         end
-        json_params.deep_merge!(normalize_include_params(include_params))
       end
-      def assign_fields_params(json_params, rel, params)
+      # @param json_params [Hash]
+      # @param model [Class<ActiveRecord::Base>]
+      # @param params [Hash]
+      # @param current_ability [CanCan::Ability]
+      # @param models_index [Hash]
+      # @return [void]
+      def assign_fields_params!(json_params, model, params, current_ability, models_index)
         return if params[:fields].blank?
-        model = rel.is_a?(ActiveRecord::Relation) ? rel.klass : rel.class
         params[:fields].each do |key, fields|
-          fields = fields.split(',') if fields.is_a?(String)
-          merge_fields_params!(json_params, key, fields, model)
-        end
-      end
+          fields_model = models_index[key]
-      def merge_fields_params!(json_params, key, fields, model)
-        model_name = model.name.underscore
+          next unless model
-        if key == model_name || model_name.split('/').last == key
-          json_params.merge!(build_fields_hash(model, fields))
-        else
-          hash = find_key_in_params(json_params, key)
+          fields = fields.split(',') if fields.is_a?(String)
-          fields_hash = build_fields_hash(model.reflections[key]&.klass, fields)
+          fields_hash = fields_model == model ? json_params : find_key_in_params(json_params, key)
-          hash.merge!(fields_hash)
+          fields_hash.merge!(build_fields_hash(fields_model, fields, current_ability))
         end
       end
-      def build_fields_hash(model, fields)
-        columns = model ? model.columns.map(&:name) : []
+      # @param model [Class<ActiveRecord::Base>]
+      # @param fields [Hash]
+      # @param current_ability [CanCan::Ability]
+      # @return [Hash]
+      def build_fields_hash(model, fields, current_ability)
+        return { 'methods' => fields } unless model
+        column_names = model.column_names.map(&:to_sym)
+        instance_methods = model.instance_methods
+        permitted_attributes = current_ability.permitted_attributes(:read, model)
+        is_permitted_all = column_names == permitted_attributes
         fields_hash = { 'only' => [], 'methods' => [] }
         fields.each_with_object(fields_hash) do |field, acc|
-          if field.in?(columns)
+          field_symbol = field.to_sym
+          next if !is_permitted_all && permitted_attributes.exclude?(field_symbol)
+          if column_names.include?(field_symbol)
             acc['only'] << field
-          elsif model.nil? || model.instance_methods.include?(field.to_sym)
+          elsif instance_methods.include?(field_symbol)
             acc['methods'] << field
           end
         end
       end
+      # @param params [Hash]
+      # @param key [String]
+      # @return [Hash]
       def find_key_in_params(params, key)
         params = params['include']
@@ -93,6 +100,8 @@ module Motor
         end
       end
+      # @param params [Hash]
+      # @return [Hash]
       def normalize_include_params(params)
         case params
         when Array
@@ -112,6 +121,51 @@ module Motor
           raise ArgumentError, "Wrong include param type #{params.class}"
         end
       end
+      # @param model [Class<ActiveRecord::Base>]
+      # @param includes_hash [Hash]
+      # @return [Hash]
+      def build_models_index(model, includes_hash)
+        default_index = {
+          model.name.underscore => model,
+          model.name.underscore.split('/').last => model
+        }
+        includes_hash.reduce(default_index) do |acc, (key, value)|
+          reflection = model.reflections[key]
+          next acc unless reflection
+          next acc if reflection.polymorphic?
+          acc[key] = reflection.klass
+          acc.merge(build_models_index(reflection.klass, value))
+        end
+      end
+      # @param string_path [String]
+      # @return [Hash]
+      def build_hash_from_string_path(string_path)
+        string_path.split(',').reduce({}) do |accumulator, path|
+          hash = {}
+          path.split('.').reduce(hash) do |acc, part|
+            acc_hash = {}
+            acc[part] = acc_hash
+            acc_hash
+          end
+          accumulator.deep_merge(hash)
+        end
+      end
+      # @param params [Hash]
+      # @return [Boolean]
+      def limit_zero_params?(params)
+        params.dig(:page, :limit).yield_self { |limit| limit.present? && limit.to_i.zero? }
+      end
     end
   end
 end

data/lib/motor/api_query/filter.rb CHANGED Viewed

@@ -49,6 +49,8 @@ module Motor
       def normalize_action(action, value)
         case action
+        when 'includes'
+          ['contains', value]
         when 'contains'
           ['ilike', value.sub(LIKE_FILTER_VALUE_REGEXP, '%\1%')]
         when 'starts_with'

data/lib/motor/api_query/search.rb CHANGED Viewed

@@ -57,6 +57,7 @@ module Motor
       def find_searchable_columns(model)
         model.columns.map do |column|
           next unless column.type.in?(COLUMN_TYPES)
+          next if column.respond_to?(:array?) && column.array?
           next if model.validators_on(column.name).any?(ActiveModel::Validations::InclusionValidator)
           column.name

data/lib/motor/assets.rb CHANGED Viewed

@@ -8,10 +8,19 @@ module Motor
     MANIFEST_PATH = ASSETS_PATH.join('manifest.json')
     DEV_SERVER_URL = 'http://localhost:9090/'
+    CACHE_STORE =
+      if Rails.env.production?
+        ActiveSupport::Cache::MemoryStore.new(size: 5.megabytes)
+      else
+        ActiveSupport::Cache::NullStore.new
+      end
     module_function
     def manifest
-      JSON.parse(MANIFEST_PATH.read)
+      CACHE_STORE.fetch('manifest') do
+        JSON.parse(MANIFEST_PATH.read)
+      end
     end
     def icons

data/lib/motor/build_schema.rb CHANGED Viewed

@@ -58,9 +58,10 @@ module Motor
     module_function
-    def call(cache_keys = {})
+    def call(cache_keys = {}, current_ability = nil)
       schema = LoadFromRails.call
       schema = MergeSchemaConfigs.call(schema, cache_keys)
+      schema = ApplyPermissions.call(schema, current_ability) if current_ability
       ReorderSchema.call(schema, cache_keys)
     end
@@ -75,4 +76,5 @@ require_relative './build_schema/find_icon'
 require_relative './build_schema/persist_resource_configs'
 require_relative './build_schema/reorder_schema'
 require_relative './build_schema/merge_schema_configs'
+require_relative './build_schema/apply_permissions'
 require_relative './build_schema/utils'

data/lib/motor/build_schema/active_storage_attachment_schema.rb CHANGED Viewed

@@ -5,6 +5,7 @@ module Motor
     ACTIVE_STORAGE_ATTACHMENT_SCHEMA = {
       name: 'active_storage/attachment',
       slug: 'active_storage__attachments',
+      class_name: 'ActiveStorage::Attachment',
       table_name: 'active_storage_attachments',
       primary_key: 'id',
       display_name: 'Attachments',

data/lib/motor/build_schema/apply_permissions.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+module Motor
+  module BuildSchema
+    module ApplyPermissions
+      module_function
+      def call(schema, ability)
+        schema.map do |model|
+          klass = model[:class_name].constantize
+          next unless ability.can?(:read, klass)
+          model[:associations] = filter_associations(model[:associations], ability)
+          model[:columns] = filter_columns(klass, model[:columns], ability)
+          model[:actions] = filter_actions(klass, model[:actions], ability)
+          model
+        end.compact
+      end
+      def filter_associations(associations, ability)
+        associations.select do |assoc|
+          ability.can?(:read, assoc[:model_name].classify.constantize)
+        end
+      end
+      def filter_columns(model, columns, ability)
+        columns.map do |column|
+          next unless ability.can?(:read, model, column[:name])
+          next if column.dig(:reference, :model_name).present? &&
+                  !ability.can?(:read, column[:reference][:model_name].classify.constantize)
+          unless ability.can?(:update, model, column[:name])
+            column = column.merge(access_type: BuildSchema::ColumnAccessTypes::READ_ONLY)
+          end
+          column
+        end.compact
+      end
+      def filter_actions(model, actions, ability)
+        actions.select do |action|
+          ability.can?(action[:name].to_sym, model)
+        end
+      end
+    end
+  end
+end

data/lib/motor/build_schema/find_display_column.rb CHANGED Viewed

@@ -55,6 +55,7 @@ module Motor
       def fetch_column_names(model)
         model.columns.map do |column|
           next unless column.type.in?(BuildSchema::SEARCHABLE_COLUMN_TYPES)
+          next if column.respond_to?(:array?) && column.array?
           column.name
         end.compact

data/lib/motor/build_schema/find_icon.rb CHANGED Viewed

@@ -35,6 +35,7 @@ module Motor
       'token' => 'key',
       'secret' => 'lock',
       'automation' => 'manual-gearbox',
+      'workflow' => 'manual-gearbox',
       'relationship' => 'hierarchy',
       'person' => 'user',
       'people' => 'users',
@@ -96,6 +97,8 @@ module Motor
       'page' => 'brand-pagekit',
       'date' => 'calendar-event',
       'customer' => 'users',
+      'client' => 'users',
+      'ticket' => 'ticket',
       'contact' => 'users',
       'member' => 'users',
       'admin' => 'user-check',
@@ -107,7 +110,8 @@ module Motor
       'product' => 'building-store',
       'html' => 'code',
       'stripe' => 'brand-stripe',
-      'email' => 'mail'
+      'email' => 'mail',
+      'status' => 'hash'
     }.freeze
     DEFAULT_ICON = 'database'

data/lib/motor/cancan_utils.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module CancanUtils
+end
+require_relative './cancan_utils/ability_patch'
+require_relative './cancan_utils/can_manage_all'

data/lib/motor/cancan_utils/ability_patch.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module Motor
+  module CancanUtils
+    module AbilityPatch
+      def serialized_rules
+        @rules.map do |rule|
+          {
+            base_behavior: rule.base_behavior,
+            actions: expand_actions(rule.actions),
+            subjects: rule.subjects.map(&:to_s),
+            attributes: rule.attributes,
+            conditions: rule.conditions.as_json
+          }
+        end
+      end
+      def rules_hash
+        serialized_rules.hash
+      end
+      private
+      def default_alias_actions
+        super.merge(destroy: %i[remove delete])
+      end
+    end
+  end
+end

data/lib/motor/cancan_utils/can_manage_all.rb ADDED Viewed

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+module Motor
+  module CancanUtils
+    class CanManageAll
+      include CanCan::Ability
+      prepend CancanUtils::AbilityPatch
+      def initialize(_ = nil)
+        can :manage, :all
+      end
+    end
+  end
+end

data/lib/motor/configs/build_ui_app_tag.rb CHANGED Viewed

@@ -12,57 +12,67 @@ module Motor
       module_function
-      def call(current_user = nil)
+      def call(current_user = nil, current_ability = nil)
         cache_keys = LoadFromCache.load_cache_keys
         CACHE_STORE.fetch("#{cache_keys.hash}#{current_user&.id}") do
           CACHE_STORE.clear
-          Motor::ApplicationController.helpers.tag.div('', id: 'app', data: build_data(cache_keys, current_user))
+          data = build_data(cache_keys, current_user, current_ability)
+          Motor::ApplicationController.helpers.tag.div('', id: 'app', data: data)
         end
       end
       # @return [Hash]
-      def build_data(cache_keys = {}, current_user = nil)
+      def build_data(cache_keys = {}, current_user = nil, current_ability = nil)
         {
           current_user: current_user&.as_json(only: %i[id email]),
+          current_rules: current_ability.serialized_rules,
           audits_count: Motor::Audit.count,
           base_path: Motor::Admin.routes.url_helpers.motor_path,
-          schema: Motor::BuildSchema.call(cache_keys),
+          schema: Motor::BuildSchema.call(cache_keys, current_ability),
           header_links: header_links_data_hash(cache_keys[:configs]),
-          queries: queries_data_hash(cache_keys[:queries]),
-          dashboards: dashboards_data_hash(cache_keys[:dashboards]),
-          alerts: alerts_data_hash(cache_keys[:alerts]),
-          forms: forms_data_hash(cache_keys[:forms])
+          queries: queries_data_hash(build_cache_key(cache_keys, :queries, current_user, current_ability),
+                                     current_ability),
+          dashboards: dashboards_data_hash(build_cache_key(cache_keys, :dashboards, current_user, current_ability),
+                                           current_ability),
+          alerts: alerts_data_hash(build_cache_key(cache_keys, :alerts, current_user, current_ability),
+                                   current_ability),
+          forms: forms_data_hash(build_cache_key(cache_keys, :forms, current_user, current_ability), current_ability)
         }
       end
+      # @return [String]
+      def build_cache_key(cache_keys, key, current_user, current_ability)
+        "#{cache_keys[key].hash}#{current_user&.id}#{current_ability&.rules_hash}"
+      end
       def header_links_data_hash(cache_key = nil)
         configs = Motor::Configs::LoadFromCache.load_configs(cache_key: cache_key)
         configs.find { |c| c.key == 'header.links' }&.value || []
       end
-      def queries_data_hash(cache_key = nil)
-        Motor::Configs::LoadFromCache.load_queries(cache_key: cache_key)
+      def queries_data_hash(cache_key = nil, current_ability = nil)
+        Motor::Configs::LoadFromCache.load_queries(cache_key: cache_key, current_ability: current_ability)
                                      .as_json(only: %i[id name updated_at],
                                               include: { tags: { only: %i[id name] } })
       end
-      def dashboards_data_hash(cache_key = nil)
-        Motor::Configs::LoadFromCache.load_dashboards(cache_key: cache_key)
+      def dashboards_data_hash(cache_key = nil, current_ability = nil)
+        Motor::Configs::LoadFromCache.load_dashboards(cache_key: cache_key, current_ability: current_ability)
                                      .as_json(only: %i[id title updated_at],
                                               include: { tags: { only: %i[id name] } })
       end
-      def alerts_data_hash(cache_key = nil)
-        Motor::Configs::LoadFromCache.load_alerts(cache_key: cache_key)
+      def alerts_data_hash(cache_key = nil, current_ability = nil)
+        Motor::Configs::LoadFromCache.load_alerts(cache_key: cache_key, current_ability: current_ability)
                                      .as_json(only: %i[id name is_enabled updated_at],
                                               include: { tags: { only: %i[id name] } })
       end
-      def forms_data_hash(cache_key = nil)
-        Motor::Configs::LoadFromCache.load_forms(cache_key: cache_key)
+      def forms_data_hash(cache_key = nil, current_ability = nil)
+        Motor::Configs::LoadFromCache.load_forms(cache_key: cache_key, current_ability: current_ability)
                                      .as_json(only: %i[id name updated_at],
                                               include: { tags: { only: %i[id name] } })
       end

data/lib/motor/configs/load_from_cache.rb CHANGED Viewed

@@ -32,27 +32,39 @@ module Motor
         end
       end
-      def load_queries(cache_key: nil)
+      def load_queries(cache_key: nil, current_ability: nil)
         maybe_fetch_from_cache('queries', cache_key) do
-          Motor::Query.all.active.preload(:tags).load
+          rel = Motor::Query.all.active.preload(:tags)
+          rel = rel.accessible_by(current_ability) if current_ability
+          rel.load
         end
       end
-      def load_dashboards(cache_key: nil)
+      def load_dashboards(cache_key: nil, current_ability: nil)
         maybe_fetch_from_cache('dashboards', cache_key) do
-          Motor::Dashboard.all.active.preload(:tags).load
+          rel = Motor::Dashboard.all.active.preload(:tags)
+          rel = rel.accessible_by(current_ability) if current_ability
+          rel.load
         end
       end
-      def load_alerts(cache_key: nil)
+      def load_alerts(cache_key: nil, current_ability: nil)
         maybe_fetch_from_cache('alerts', cache_key) do
-          Motor::Alert.all.active.preload(:tags).load
+          rel = Motor::Alert.all.active.preload(:tags)
+          rel = rel.accessible_by(current_ability) if current_ability
+          rel.load
         end
       end
-      def load_forms(cache_key: nil)
+      def load_forms(cache_key: nil, current_ability: nil)
         maybe_fetch_from_cache('forms', cache_key) do
-          Motor::Form.all.active.preload(:tags).load
+          rel = Motor::Form.all.active.preload(:tags)
+          rel = rel.accessible_by(current_ability) if current_ability
+          rel.load
         end
       end

data/lib/motor/queries/run_query.rb CHANGED Viewed

@@ -16,6 +16,8 @@ module Motor
       PG_ERROR_REGEXP = /\APG.+ERROR:/.freeze
+      RESERVED_VARIABLES = %w[current_user_id current_user_email].freeze
       module_function
       # @param query [Motor::Query]
@@ -110,11 +112,13 @@ module Motor
       end
       # @param variable_configs [Array<Hash>]
-      # @param variable_hash [Hash]
+      # @param variables_hash [Hash]
       # @return [Hash]
       def merge_variable_default_values(variable_configs, variables_hash)
-        variable_configs.each_with_object({}) do |variable, acc|
-          acc[variable[:name]] = variables_hash[variable[:name]] || variable[:default_value]
+        variable_configs.each_with_object(variables_hash.slice(*RESERVED_VARIABLES)) do |variable, acc|
+          next if RESERVED_VARIABLES.include?(variable[:name])
+          acc[variable[:name]] ||= variables_hash[variable[:name]] || variable[:default_value]
         end
       end
     end

data/lib/motor/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Motor
-  VERSION = '0.1.54'
+  VERSION = '0.1.60'
 end

data/ui/dist/{main-67fbb3a8f6a6388434c8.css.gz → main-96c4a62d2fb789ab1080.css.gz} RENAMED Viewed

Binary file

data/ui/dist/main-96c4a62d2fb789ab1080.js.gz ADDED Viewed

Binary file

data/ui/dist/manifest.json CHANGED Viewed

@@ -2068,11 +2068,11 @@
   "mail-opened.svg": "icons/mail-opened.svg",
   "mail.svg": "icons/mail.svg",
   "mailbox.svg": "icons/mailbox.svg",
-  "main-67fbb3a8f6a6388434c8.css.gz": "main-67fbb3a8f6a6388434c8.css.gz",
-  "main-67fbb3a8f6a6388434c8.js.LICENSE.txt": "main-67fbb3a8f6a6388434c8.js.LICENSE.txt",
-  "main-67fbb3a8f6a6388434c8.js.gz": "main-67fbb3a8f6a6388434c8.js.gz",
-  "main.css": "main-67fbb3a8f6a6388434c8.css",
-  "main.js": "main-67fbb3a8f6a6388434c8.js",
+  "main-96c4a62d2fb789ab1080.css.gz": "main-96c4a62d2fb789ab1080.css.gz",
+  "main-96c4a62d2fb789ab1080.js.LICENSE.txt": "main-96c4a62d2fb789ab1080.js.LICENSE.txt",
+  "main-96c4a62d2fb789ab1080.js.gz": "main-96c4a62d2fb789ab1080.js.gz",
+  "main.css": "main-96c4a62d2fb789ab1080.css",
+  "main.js": "main-96c4a62d2fb789ab1080.js",
   "man.svg": "icons/man.svg",
   "manual-gearbox.svg": "icons/manual-gearbox.svg",
   "map-2.svg": "icons/map-2.svg",

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: motor-admin
 version: !ruby/object:Gem::Version
-  version: 0.1.54
+  version: 0.1.60
 platform: ruby
 authors:
 - Pete Matsyburka
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-30 00:00:00.000000000 Z
+date: 2021-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord-filter
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.9'
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.9'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: cancancan
   requirement: !ruby/object:Gem::Requirement
@@ -121,6 +121,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- app/controllers/concerns/motor/current_ability.rb
 - app/controllers/concerns/motor/current_user_method.rb
 - app/controllers/concerns/motor/load_and_authorize_dynamic_resource.rb
 - app/controllers/concerns/motor/wrap_io_params.rb
@@ -130,6 +131,7 @@ files:
 - app/controllers/motor/application_controller.rb
 - app/controllers/motor/assets_controller.rb
 - app/controllers/motor/audits_controller.rb
+- app/controllers/motor/auth_tokens_controller.rb
 - app/controllers/motor/configs_controller.rb
 - app/controllers/motor/dashboards_controller.rb
 - app/controllers/motor/data_controller.rb
@@ -139,7 +141,6 @@ files:
 - app/controllers/motor/resource_methods_controller.rb
 - app/controllers/motor/resources_controller.rb
 - app/controllers/motor/run_queries_controller.rb
-- app/controllers/motor/schemas_controller.rb
 - app/controllers/motor/send_alerts_controller.rb
 - app/controllers/motor/tags_controller.rb
 - app/controllers/motor/ui_controller.rb
@@ -191,6 +192,7 @@ files:
 - lib/motor/build_schema.rb
 - lib/motor/build_schema/active_storage_attachment_schema.rb
 - lib/motor/build_schema/adjust_devise_model_schema.rb
+- lib/motor/build_schema/apply_permissions.rb
 - lib/motor/build_schema/find_display_column.rb
 - lib/motor/build_schema/find_icon.rb
 - lib/motor/build_schema/load_from_rails.rb
@@ -198,6 +200,9 @@ files:
 - lib/motor/build_schema/persist_resource_configs.rb
 - lib/motor/build_schema/reorder_schema.rb
 - lib/motor/build_schema/utils.rb
+- lib/motor/cancan_utils.rb
+- lib/motor/cancan_utils/ability_patch.rb
+- lib/motor/cancan_utils/can_manage_all.rb
 - lib/motor/configs.rb
 - lib/motor/configs/build_configs_hash.rb
 - lib/motor/configs/build_ui_app_tag.rb
@@ -1485,8 +1490,8 @@ files:
 - ui/dist/icons/zoom-money.svg.gz
 - ui/dist/icons/zoom-out.svg.gz
 - ui/dist/icons/zoom-question.svg.gz
-- ui/dist/main-67fbb3a8f6a6388434c8.css.gz
-- ui/dist/main-67fbb3a8f6a6388434c8.js.gz
+- ui/dist/main-96c4a62d2fb789ab1080.css.gz
+- ui/dist/main-96c4a62d2fb789ab1080.js.gz
 - ui/dist/manifest.json
 homepage:
 licenses:

data/app/controllers/motor/schemas_controller.rb DELETED Viewed

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-module Motor
-  class SchemasController < ApiBaseController
-    def show
-      render json: Motor::BuildSchema.call
-    end
-    def update; end
-  end
-end

data/ui/dist/main-67fbb3a8f6a6388434c8.js.gz DELETED Viewed

Binary file