oxen_user 0.2.0

data/app/controllers/oxen/invitations_controller.rb

@@ -0,0 +1,66 @@
+class Oxen::InvitationsController < Devise::InvitationsController
+
+  #
+  # POST /resource/invitation
+  def create
+    self.resource = invite_resource
+    resource_invited = self.resource.errors.empty?
+    yield resource if block_given?
+    if resource_invited
+      # if is_flashing_format? && self.resource.invitation_sent_at
+      #   set_flash_message :notice, :send_instructions, :email => self.resource.email
+      # end
+      flash[:info] = t('.invited')
+      render layout: false, status: 200, locals: { result: true }
+    else
+      flash[:error] = t('.not_invited', error:  resource.errors.collect{|v,k| k }.join(', '))
+      render layout: false, status: 401, locals: { result: false, resource: self.resource }
+    #
+    #   respond_with resource, :location => after_invite_path_for(current_inviter)
+    # else
+    #   respond_with_navigational(resource) { render :new }
+    end
+  end
+
+
+  # def update
+  #   if this
+  #     redirect_to root_path
+  #   else
+  #     super
+  #   end
+  # end
+
+  private
+
+    # this is called when creating invitation
+    # should return an instance of resource class
+    def invite_resource
+      ## skip sending emails on invite
+      resource_class.invite!(resource_params, current_user)
+      # resource_class.invite!(resource_params, current_user) do |u|
+      #   # u.skip_invitation = true
+      # end
+    end
+
+    def resource_params
+      params[:user][:role] ||= "user"
+      {email: params[:user][:email], name: params[:user][:name], account_id: params[:user][:account_id], role: params[:user][:role] }
+
+      # {email: params[:user][:email], name: params[:user][:name], account_id: params[:user][:account_id] }
+      # params.permit(user: [:name, :email,:invitation_token, :your_params_here])[:user]
+    end
+
+    # this is called when accepting invitation
+    # should return an instance of resource class
+    def accept_resource
+      resource = resource_class.accept_invitation!(update_resource_params)
+      ## Report accepting invitation to analytics
+      # Analytics.report('invite.accept', resource.id)
+      resource
+    end
+
+    # def after_invite_path_for(usr)
+    # end
+
+end

data/app/controllers/oxen/users_controller.rb

@@ -0,0 +1,96 @@
+class Oxen::UsersController < AbstractResourcesController
+  # before_filter :authenticate_user!
+  # after_action :verify_authorized
+  before_filter :check_user_permissions, only: :create
+
+  def confirm
+    authorize resource
+    if resource.confirm
+      flash[:info] = t('user.confirmed_ok')
+      render :confirm, layout: false, status: 200 and return
+    else
+      flash[:info] = t('user.not_confirmed_ok')
+      render :confirm, layout: false, status: 401 and return
+    end
+  end
+  # def index
+  #   @users = User.all
+  #   authorize User
+  # end
+  # def index
+  #   @resources = policy_scope(User)
+  #   authorize User
+  # end
+  #
+  # def show
+  #   @user = User.find(params[:id])
+  #   authorize @user
+  # end
+  #
+  # def update
+  #   @user = User.find(params[:id])
+  #   authorize @user
+  #   if @user.update_attributes(secure_params)
+  #     redirect_to users_path, :notice => "User updated."
+  #   else
+  #     redirect_to users_path, :alert => "Unable to update user."
+  #   end
+  # end
+  #
+  # def destroy
+  #   user = User.find(params[:id])
+  #   authorize user
+  #   user.destroy
+  #   redirect_to users_path, :notice => "User deleted."
+  # end
+
+  def update
+    if params[:user][:password].blank? && params[:user][:password].blank?
+      params[:user].delete :password
+      params[:user].delete :password_confirmation
+    end
+    authorize resource
+    resource.max_role = current_user.role
+    if resource.update_attributes(secure_params)
+      redirect_to users_path, :notice => "User updated."
+    else
+      render :edit, :alert => "Unable to update user."
+    end
+
+    # super
+  end
+
+
+  private
+
+    def resource_params
+      secure_params
+    end
+
+    def secure_params
+      params.require(:user).permit(:role,:name,:email,:active,:account_id, :password, :password_confirmation)
+    end
+
+    def check_user_permissions
+      UserPermission.where(email: params[:user][:email]).count == 1
+    end
+
+
+    #
+    # build options for fixed action button - implement on each controller to customize
+    # raise an exception
+    def set_fab_button_options
+      opt = { items: {}}
+      case params[:action]
+      when 'nothing'; opt = opt
+      when 'edit';  opt[:items].merge!  list: { ajax: 'get', icon: 'list', class: 'blue', url: "/admin/accounts/#{resource.account.id}" },
+                                        print: { ajax: 'get', icon: 'print', class: 'blue lighten-2', url: "/admin/accounts/#{resource.account.id}/print", browser: 'new' }
+      when 'show';  opt[:items].merge!  list: { ajax: 'get', icon: 'list', class: 'blue', url: "/admin/accounts/#{resource.account.id}" },
+                                        print: { ajax: 'get', icon: 'print', class: 'blue lighten-2', url: "/admin/accounts/#{resource.account.id}/print", browser: 'new' }
+      end
+
+      # = build_print_link(f.object, list: false, print_options: "print_cmd=print_label", button: 'icon-tag', text: 'Udskriv dæk label')
+      @fab_button_options = opt
+    end
+
+end

data/app/helpers/oxen/users_helper.rb

@@ -0,0 +1,8 @@
+module Oxen
+  module UsersHelper
+    def invited_user? user
+      # "blue-grey lighten-2"
+      user.invitation_token.nil? ? "" : "invited_user"
+    end
+  end
+end

data/app/models/ox_user.rb

@@ -0,0 +1,89 @@
+class OxUser < AbstractResource #< ActiveRecord::Base
+  self.table_name = 'users'
+  establish_connection ((Rails.env=="development") ? :dev_oxen_tables : :oxen_tables )
+
+  include Roleable
+
+  has_paper_trail
+
+  belongs_to :account, foreign_key: 'account_id'
+  has_many :invitations, :class_name => self.to_s, :as => :invited_by
+
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable and :omniauthable, :database_authenticatable
+  # devise :cas_authenticatable
+  devise :invitable, :registerable, :confirmable, :database_authenticatable,
+         :recoverable, :rememberable, :trackable, :validatable, :zxcvbnable #, :cas_authenticatable
+
+  validates :name, presence: true
+
+  # #after_create :create_account
+  #
+  # # belongs_to :account
+  #
+  # # validates :name, presence: true
+  #
+  #
+  # def create_account(account_name=nil)
+  #   account_name ||= self.name
+  #   if self.account.nil?
+  #     self.account= Account.create name: account_name
+  #   end
+  # end
+  #
+  # def good_roles
+  #   User.roles.keys.map {|r| ([r.titleize,r] if User.roles[role] >= User.roles[r]) }
+  # end
+  #
+
+  # This is an internal method called every time Devise needs
+  # to send a notification/mail. This can be overridden if you
+  # need to customize the e-mail delivery logic. For instance,
+  # if you are using a queue to deliver e-mails (delayed job,
+  # sidekiq, resque, etc), you must add the delivery to the queue
+  # just after the transaction was committed. To achieve this,
+  # you can override send_devise_notification to store the
+  # deliveries until the after_commit callback is triggered:
+  #
+  #     class User
+  #       devise :database_authenticatable, :confirmable
+  #
+  #       after_commit :send_pending_notifications
+  #
+  #       protected
+  #
+  #       def send_devise_notification(notification, *args)
+  #         # If the record is new or changed then delay the
+  #         # delivery until the after_commit callback otherwise
+  #         # send now because after_commit will not be called.
+  #         if new_record? || changed?
+  #           pending_notifications << [notification, args]
+  #         else
+  #           devise_mailer.send(notification, self, *args).deliver
+  #         end
+  #       end
+  #
+  #       def send_pending_notifications
+  #         pending_notifications.each do |notification, args|
+  #           devise_mailer.send(notification, self, *args).deliver
+  #         end
+  #
+  #         # Empty the pending notifications array because the
+  #         # after_commit hook can be called multiple times which
+  #         # could cause multiple emails to be sent.
+  #         pending_notifications.clear
+  #       end
+  #
+  #       def pending_notifications
+  #         @pending_notifications ||= []
+  #       end
+  #     end
+  #
+  # def send_devise_notification(notification, *args)
+  #  devise_mailer.send(notification, self, *args).deliver
+  # end
+
+
+
+
+end

data/app/policies/oxen/user_policy.rb

@@ -0,0 +1,48 @@
+module Oxen
+  class UserPolicy < AbstractResourcePolicy
+
+    class Scope < Scope
+      def resolve
+        if current_user.nil?
+          super
+        elsif current_user.admin?
+          scope.all
+        else
+          scope.where(account_id: current_user.account.id)
+        end
+      end
+    end
+
+
+    def index?
+      current_user.admin? || current_user.account_admin?
+    end
+
+    def show?
+      current_user.admin? or current_user.account_admin? or current_user == model
+    end
+
+    def update?
+      current_user.admin? || current_user.account_admin?
+    end
+
+    def create?
+      current_user.admin? || current_user.account_admin?
+    end
+
+    def destroy?
+      return false if @current_user == model
+      current_user.admin? || current_user.account_admin?
+    end
+
+    def confirm?
+      current_user.admin? || current_user.account_admin?
+    end
+
+    def invite?
+      current_user.admin? || current_user.account_admin?
+    end
+
+  end
+
+end

data/app/views/devise/confirmations/new.html.haml

@@ -0,0 +1,13 @@
+%h2= t('resend.confirmation.instructions')
+
+= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f|
+  = f.error_notification
+  = f.full_error :confirmation_token
+
+  .form-inputs
+    = f.input :email, required: true, autofocus: true
+
+  .form-actions
+    = f.button :submit, t('resend.confirmation.instructions')
+
+= render "devise/shared/links"

data/app/views/devise/mailer/eksempel

@@ -0,0 +1,10 @@
+http://buttons.cm/
+
+<div><!--[if mso]>
+	  <v:roundrect xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w="urn:schemas-microsoft-com:office:word" href="http://" style="height:40px;v-text-anchor:middle;width:200px;" arcsize="10%" strokecolor="#1e3650" fill="t">
+    <v:fill type="tile" src="http://i.imgur.com/0xPEf.gif" color="#556270" />
+    <w:anchorlock/>
+    <center style="color:#ffffff;font-family:sans-serif;font-size:13px;font-weight:bold;">Show me the button!</center>
+  </v:roundrect>
+<![endif]--><a href="http://"
+style="background-color:#556270;background-image:url(http://i.imgur.com/0xPEf.gif);border:1px solid #1e3650;border-radius:4px;color:#ffffff;display:inline-block;font-family:sans-serif;font-size:13px;font-weight:bold;line-height:40px;text-align:center;text-decoration:none;width:200px;-webkit-text-size-adjust:none;mso-hide:all;">Show me the button!</a></div>