plutonium 0.14.0 → 0.15.0.pre.rc1

data/lib/plutonium/reloader.rb

@@ -1,15 +1,21 @@
-require "active_support/notifications"
+# frozen_string_literal: true
 
-# Be sure to restart your server when you modify this file.
+require "active_support/notifications"
 
 module Plutonium
+  # Reloader class for Plutonium
+  #
+  # This class is responsible for managing the reloading of Plutonium components
+  # and related files during development.
   class Reloader
     class << self
+      # Start the reloader
+      #
+      # @return [void]
       def start!
         puts "=> [plutonium] starting reloader"
 
         ActiveSupport::Notifications.instrument("plutonium.reloader.start") do
-          # Task code here
           @listener&.stop
           @listener = initialize_listener
         end
@@ -17,37 +23,49 @@ module Plutonium
 
       private
 
+      # Initialize the file listener
+      #
+      # @return [Listen::Listener, nil] the initialized listener or nil if no paths to watch
       def initialize_listener
         require "listen"
 
         reload_paths = gather_reload_paths
-        return unless reload_paths.any?
+        return if reload_paths.empty?
 
-        listener = Listen.to(*reload_paths, only: /\.rb$/) do |modified, added, removed|
+        Listen.to(*reload_paths, only: /\.rb$/) { |modified, added, removed|
           handle_file_changes(modified, added, removed)
-        end
-        listener.start
-        listener
+        }.tap(&:start)
       end
 
+      # Gather paths to be watched for changes
+      #
+      # @return [Array<String>] list of paths to watch
       def gather_reload_paths
         reload_paths = []
 
-        if Plutonium.development?
-          reload_paths << Plutonium.lib_root.to_s
-          reload_paths << Plutonium.root.join("app", "views", "components").to_s
-          reload_paths << Plutonium.root.join("config", "initializers").to_s
+        if Plutonium.configuration.development?
+          reload_paths.concat([
+            Plutonium.lib_root.to_s,
+            Plutonium.root.join("app", "views", "components").to_s,
+            Plutonium.root.join("config", "initializers").to_s
+          ])
         end
 
-        packages_dir = Rails.root.join("packages/").to_s
+        packages_dir = Rails.root.join("packages").to_s
         reload_paths << packages_dir if File.directory?(packages_dir)
 
         reload_paths
       end
 
+      # Handle file changes detected by the listener
+      #
+      # @param modified [Array<String>] list of modified files
+      # @param added [Array<String>] list of added files
+      # @param removed [Array<String>] list of removed files
+      # @return [void]
       def handle_file_changes(modified, added, removed)
         (modified + added).each do |file|
-          Plutonium.logger.debug "[plutonium] change detected: #{file}"
+          Plutonium.logger.debug { "[plutonium] change detected: #{file}" }
 
           if file == __FILE__
             reload_file(file)
@@ -62,48 +80,72 @@ module Plutonium
         end
       end
 
+      # Check if the file is within the packages directory
+      #
+      # @param file [String] path to the file
+      # @return [Boolean] true if the file is within the packages directory
       def file_starts_with_packages_dir?(file)
-        packages_dir = Rails.root.join("packages/").to_s
-        file.starts_with?(packages_dir)
+        file.start_with?(Rails.root.join("packages").to_s)
       end
 
+      # Handle changes to files within the packages directory
+      #
+      # @param file [String] path to the changed file
+      # @param added [Array<String>] list of added files
+      # @return [void]
       def handle_package_file_changes(file, added)
         return if added.include?(file)
 
         case File.basename(file)
         when "engine.rb"
           reload_engine_and_routes(file)
-        else
-          # Non-engine package files are reloaded by Rails automatically
         end
       end
 
+      # Reload engine and routes
+      #
+      # @param file [String] path to the engine file
+      # @return [void]
       def reload_engine_and_routes(file)
-        Plutonium.logger.debug "[plutonium] reloading: engine+routes"
+        Plutonium.logger.debug { "[plutonium] reloading: engine+routes" }
         load file
         Rails.application.reload_routes!
       end
 
+      # Reload the framework and file
+      #
+      # @param file [String] path to the file
+      # @return [void]
       def reload_framework_and_file(file)
-        # # Ensure that the file loads correctly before we do any reloading
-        # load file
-
-        Plutonium.logger.debug "[plutonium] reloading: app+framework"
+        Plutonium.logger.debug { "[plutonium] reloading: app+framework" }
         Rails.application.reloader.reload!
-        Plutonium::ZEITWERK_LOADER.reload
-        # reload components
+        Plutonium::Loader.reload
+        reload_components
+      end
+
+      # Reload components
+      #
+      # @return [void]
+      def reload_components
         Object.send(:remove_const, "PlutoniumUi")
         load Plutonium.root.join("app", "views", "components", "base.rb")
-        # # Ensure files that do not contain constants are loaded again e.g. initializers
-        # load file
       end
 
+      # Reload a single file
+      #
+      # @param file [String] path to the file
+      # @return [Boolean] true if the file was successfully loaded
       def reload_file(file)
-        load file
+        load(file)
       end
 
+      # Log reload failure
+      #
+      # @param file [String] path to the file that failed to reload
+      # @param error [StandardError] the error that occurred during reloading
+      # @return [void]
       def log_reload_failure(file, error)
-        Plutonium.logger.error "\n[plutonium] reloading failed\n\n#{error.message}\n"
+        Plutonium.logger.error { "\n[plutonium] reloading failed\n\n#{error.message}\n" }
       end
     end
   end

data/lib/plutonium/resource/controller.rb

@@ -10,16 +10,15 @@ module Plutonium
     module Controller
       extend ActiveSupport::Concern
       include Pagy::Backend
-      include Plutonium::Core::Controllers::Base
-      include Plutonium::Core::Controllers::Authorizable
-      include Plutonium::Core::Controllers::Presentable
-      include Plutonium::Core::Controllers::Queryable
-      include Plutonium::Core::Controllers::CrudActions
-      include Plutonium::Core::Controllers::InteractiveActions
+      include Plutonium::Core::Controller
+      include Plutonium::Resource::Controllers::Defineable
+      include Plutonium::Resource::Controllers::Authorizable
+      include Plutonium::Resource::Controllers::Presentable
+      include Plutonium::Resource::Controllers::Queryable
+      include Plutonium::Resource::Controllers::CrudActions
+      include Plutonium::Resource::Controllers::InteractiveActions
 
       included do
-        class_attribute :resource_class, instance_writer: false, instance_predicate: false
-
         # https://github.com/ddnexus/pagy/blob/master/docs/extras/headers.md#headers
         after_action { pagy_headers_merge(@pagy) if @pagy }
 
@@ -27,49 +26,55 @@ module Plutonium
       end
 
       class_methods do
+        include Plutonium::Lib::SmartCache
+
         # Sets the resource class for the controller
-        # @param [Class] resource_class The resource class
+        # @param [ActiveRecord::Base] resource_class The resource class
         def controller_for(resource_class)
-          self.resource_class = resource_class
+          @resource_class = resource_class
         end
+
+        # Gets the resource class for the controller
+        # @return [ActiveRecord::Base] The resource class
+        def resource_class
+          return @resource_class if @resource_class.present?
+
+          name.to_s.gsub(/^#{current_package}::/, "").gsub(/Controller$/, "").classify.constantize
+        rescue NameError
+          raise NameError, "Failed to determine the resource class. Please call `controller_for(MyResource)` in #{name}."
+        end
+        memoize_unless_reloading :resource_class
       end
 
       private
 
-      # Creates a policy context
-      # @return [Plutonium::Resource::PolicyContext] The policy context
-      def policy_context
-        Plutonium::Resource::PolicyContext.new(
-          user: current_user,
-          resource_context: resource_context
-        )
+      def resource_class
+        self.class.resource_class
       end
 
       # Returns the resource record based on path parameters
       # @return [ActiveRecord::Base, nil] The resource record
       def resource_record
-        @resource_record ||= policy_scope(resource_class).from_path_param(params[:id]).first! if params[:id].present?
+        @resource_record ||= current_authorized_scope.from_path_param(params[:id]).first! if params[:id].present?
         @resource_record
       end
 
       # Returns the submitted resource parameters
       # @return [Hash] The submitted resource parameters
       def submitted_resource_params
-        @submitted_resource_params ||= begin
-          strong_parameters = resource_class.strong_parameters_for(*permitted_attributes)
-          params.require(resource_param_key).permit(*strong_parameters).nilify.to_h
-        end
+        @submitted_resource_params ||= build_form(resource_class.new).extract_input(params)[resource_param_key.to_sym]
       end
 
       # Returns the resource parameters, including scoped and parent parameters
       # @return [Hash] The resource parameters
       def resource_params
-        input_params = submitted_resource_params.dup
+        @resource_params ||= begin
+          input_params = submitted_resource_params.dup
+          override_entity_scoping_params(input_params)
+          override_parent_params(input_params)
 
-        override_entity_scoping_params(input_params)
-        override_parent_params(input_params)
-
-        current_presenter.defined_field_inputs_for(*permitted_attributes).collect_all(input_params)
+          input_params
+        end
       end
 
       # Returns the resource parameter key
@@ -93,10 +98,20 @@ module Plutonium
       # @param [ActiveRecord::Base] resource_record The resource record
       # @return [Object] The resource presenter
       def resource_presenter(resource_class, resource_record)
-        presenter_class = "#{current_package}::#{resource_class}Presenter".constantize
+        presenter_class = [current_package, "#{resource_class}Presenter"].compact.join("::").constantize
         presenter_class.new resource_context, resource_record
       rescue NameError
-        super(resource_class, resource_record)
+        super
+      end
+
+      # Creates a resource definition
+      # @param [Class] resource_class The resource class
+      # @return [Object] The resource definition
+      def resource_definition(resource_class)
+        definition_class = [current_package, "#{resource_class}Definition"].compact.join("::").constantize
+        definition_class.new
+      rescue NameError
+        super
       end
 
       # Creates a resource query object
@@ -104,10 +119,10 @@ module Plutonium
       # @param [ActionController::Parameters] params The request parameters
       # @return [Object] The resource query object
       def resource_query_object(resource_class, params)
-        query_object_class = "#{current_package}::#{resource_class}QueryObject".constantize
+        query_object_class = [current_package, "#{resource_class}QueryObject"].compact.join("::").constantize
         query_object_class.new resource_context, params
       rescue NameError
-        super(resource_class, params)
+        super
       end
 
       # Applies submitted resource params if they have been passed
@@ -126,7 +141,9 @@ module Plutonium
           parent_class = current_engine.resource_register.route_key_lookup[parent_route_key]
           parent_scope = parent_class.from_path_param(params[parent_route_param])
           parent_scope = parent_scope.associated_with(current_scoped_entity) if scoped_to_entity?
-          parent_scope.first!
+          current_parent = parent_scope.first!
+          authorize! current_parent, to: :read?
+          current_parent
         end
       end
 
@@ -173,9 +190,9 @@ module Plutonium
       # @param [Array] args The URL arguments
       # @param [Hash] kwargs The keyword arguments
       # @return [Array] The URL arguments
-      def resource_url_args_for(*args, **kwargs)
+      def resource_url_args_for(*, **kwargs)
         kwargs[:parent] = current_parent unless kwargs.key?(:parent)
-        super(*args, **kwargs)
+        super
       end
     end
   end

data/lib/plutonium/resource/controllers/authorizable.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module Resource
+    module Controllers
+      # The Authorizable module provides authorization functionality for controllers,
+      # specifically for the current resource being handled by the controller.
+      # It integrates with ActionPolicy to enforce authorization checks and scoping.
+      #
+      # @example Including the module in a controller
+      #   class MyController < ApplicationController
+      #     include Plutonium::Resource::Controllers::Authorizable
+      #   end
+      #
+      # @note This module assumes the existence of methods like `resource_record`,
+      #   `resource_class`, `current_parent`, and `entity_scope_for_authorize`.
+      #
+      # @see ActionPolicy
+      module Authorizable
+        extend ActiveSupport::Concern
+
+        # Custom exception for missing authorize_current call
+        class ActionMissingAuthorizeCurrent < ActionPolicy::UnauthorizedAction; end
+
+        # Custom exception for missing current_authorized_scope call
+        class ActionMissingCurrentAuthorizedScope < ActionPolicy::UnauthorizedAction; end
+
+        included do
+          verify_authorized
+          after_action :verify_authorize_current
+          after_action :verify_current_authorized_scope, except: %i[new create]
+
+          helper_method :current_policy, :permitted_attributes
+
+          attr_writer :authorize_current_count
+          attr_writer :current_authorized_scope_count
+
+          protected :authorize_current_count=, :authorize_current_count
+          protected :current_authorized_scope_count=, :current_authorized_scope_count
+        end
+
+        private
+
+        # Verifies that authorize_current has been called
+        #
+        # @raise [ActionMissingAuthorizeCurrent] if authorize_current hasn't been called
+        def verify_authorize_current
+          return if verify_authorized_skipped
+
+          raise ActionMissingAuthorizeCurrent.new(controller_path, action_name) if authorize_current_count.zero?
+        end
+
+        # Verifies that current_authorized_scope has been called
+        #
+        # @raise [ActionMissingCurrentAuthorizedScope] if current_authorized_scope hasn't been called
+        def verify_current_authorized_scope
+          return if verify_authorized_skipped
+
+          raise ActionMissingCurrentAuthorizedScope.new(controller_path, action_name) if current_authorized_scope_count.zero?
+        end
+
+        # @return [Integer] the number of times authorize_current has been called
+        def authorize_current_count
+          @authorize_current_count ||= 0
+        end
+
+        # @return [Integer] the number of times current_authorized_scope has been called
+        def current_authorized_scope_count
+          @current_authorized_scope_count ||= 0
+        end
+
+        # Returns the policy for the current resource
+        #
+        # @return [ActionPolicy::Base] the policy for the current resource
+        def current_policy
+          @current_policy ||= policy_for(record: current_policy_subject, context: current_policy_context)
+        end
+
+        # Returns the authorized scope for the current resource
+        #
+        # @return [ActiveRecord::Relation] the authorized scope for the current resource
+        def current_authorized_scope
+          self.current_authorized_scope_count += 1
+          authorized_scope(resource_class.all, context: current_policy_context)
+        end
+
+        # Sets the policy context scope value to the current parent if available
+        #
+        # @return [Hash] default context for the current resource's policy
+        def current_policy_context
+          {scope: current_parent || entity_scope_for_authorize}
+        end
+
+        # Authorizes the current action for the given record of the current resource
+        #
+        # @param record [Object] the record to authorize
+        # @param options [Hash] additional options for authorization
+        # @raise [ActionPolicy::Unauthorized] if the action is not authorized
+        def authorize_current!(record, **options)
+          options[:context] = (options[:context] || {}).deep_merge(current_policy_context)
+          authorize!(record, **options)
+          self.authorize_current_count += 1
+        end
+
+        # Returns the list of permitted attributes for the current action on the current resource
+        #
+        # @return [Array<Symbol>] the list of permitted attributes for the current action
+        def permitted_attributes
+          @permitted_attributes ||= current_policy.send_with_report(:"permitted_attributes_for_#{action_name}")
+        end
+
+        # Returns the list of permitted associations for the current resource
+        #
+        # @return [Array<Symbol>] the list of permitted associations
+        def permitted_associations
+          @permitted_associations ||= current_policy.send_with_report(:permitted_associations)
+        end
+
+        # Returns the subject for the current resource's policy
+        #
+        # @return [Object] the subject for the policy (either resource_record or resource_class)
+        def current_policy_subject
+          resource_record || resource_class
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/{core → resource}/controllers/crud_actions.rb

@@ -1,5 +1,5 @@
 module Plutonium
-  module Core
+  module Resource
     module Controllers
       module CrudActions
         extend ActiveSupport::Concern
@@ -10,44 +10,40 @@ module Plutonium
 
         # GET /resources(.{format})
         def index
-          authorize resource_class
+          authorize_current! resource_class
           set_page_title resource_class.model_name.human.pluralize.titleize
 
           @search_object = current_query_object
-          base_query = policy_scope(resource_class)
+          base_query = current_authorized_scope
           base_query = @search_object.apply(base_query)
-          base_query = base_query.public_send(params[:scope].to_sym) if params[:scope].present?
+          # base_query = base_query.public_send(params[:scope].to_sym) if params[:scope].present?
           @pagy, @resource_records = pagy base_query
-          @collection = build_collection
 
           render :index
         end
 
         # GET /resources/1(.{format})
         def show
-          authorize resource_record
+          authorize_current! resource_record
           set_page_title resource_record.to_label.titleize
 
-          @detail = build_detail
-
           render :show
         end
 
         # GET /resources/new
         def new
-          authorize resource_class
+          authorize_current! resource_class
           set_page_title "Create #{resource_class.model_name.human.titleize}"
 
           @resource_record = resource_class.new
           maybe_apply_submitted_resource_params!
-          @form = build_form
 
           render :new
         end
 
         # POST /resources(.{format})
         def create
-          authorize resource_class
+          authorize_current! resource_class
           set_page_title "Create #{resource_class.model_name.human.titleize}"
 
           @resource_record = resource_class.new resource_params
@@ -61,7 +57,6 @@ module Plutonium
               format.any { render :show, status: :created, location: redirect_url_after_submit }
             else
               format.html do
-                @form = build_form
                 render :new, status: :unprocessable_entity
               end
               format.any do
@@ -74,18 +69,17 @@ module Plutonium
 
         # GET /resources/1/edit
         def edit
-          authorize resource_record
+          authorize_current! resource_record
           set_page_title "Update #{resource_record.to_label.titleize}"
 
           maybe_apply_submitted_resource_params!
-          @form = build_form
 
           render :edit
         end
 
         # PATCH/PUT /resources/1(.{format})
         def update
-          authorize resource_record
+          authorize_current! resource_record
           set_page_title "Update #{resource_record.to_label.titleize}"
 
           respond_to do |format|
@@ -97,7 +91,6 @@ module Plutonium
               format.any { render :show, status: :ok, location: redirect_url_after_submit }
             else
               format.html do
-                @form = build_form
                 render :edit, status: :unprocessable_entity
               end
               format.any do
@@ -110,13 +103,13 @@ module Plutonium
 
         # DELETE /resources/1(.{format})
         def destroy
-          authorize resource_record
+          authorize_current! resource_record
 
           respond_to do |format|
             resource_record.destroy
 
             format.html do
-              redirect_to resource_url_for(resource_class),
+              redirect_to redirect_url_after_destroy,
                 notice: "#{resource_class.model_name.human} was successfully deleted."
             end
             format.json { head :no_content }
@@ -143,13 +136,13 @@ module Plutonium
 
           url = case preferred_action_after_submit
           when "show"
-            resource_url_for(resource_record) if current_policy.show?
+            resource_url_for(resource_record) if current_policy.allowed_to? :show?
           when "edit"
-            resource_url_for(resource_record, action: :edit) if current_policy.edit?
+            resource_url_for(resource_record, action: :edit) if current_policy.allowed_to? :edit?
           when "new"
-            resource_url_for(resource_class, action: :new) if current_policy.new?
+            resource_url_for(resource_class, action: :new) if current_policy.allowed_to? :new?
           when "index"
-            resource_url_for(resource_class) if current_policy.index?
+            resource_url_for(resource_class) if current_policy.allowed_to? :index?
           else
             # ensure we have a valid value
             session[:action_after_submit_preference] = "show"
@@ -157,6 +150,14 @@ module Plutonium
           url || resource_url_for(resource_record)
         end
 
+        def redirect_url_after_destroy
+          if (return_to = url_from(params[:return_to]))
+            return return_to
+          end
+
+          resource_url_for(resource_class)
+        end
+
         def preferred_action_after_submit
           @preferred_action_after_submit = begin
             if %w[new edit show index].include? params[:commit]

data/lib/plutonium/resource/controllers/defineable.rb

@@ -0,0 +1,26 @@
+using Plutonium::Refinements::ParameterRefinements
+
+module Plutonium
+  module Resource
+    module Controllers
+      module Defineable
+        extend ActiveSupport::Concern
+
+        included do
+          helper_method :current_definition, :resource_definition
+        end
+
+        private
+
+        def resource_definition(resource_class)
+          definition_class = "#{resource_class}Definition".constantize
+          definition_class.new
+        end
+
+        def current_definition
+          @current_definition ||= resource_definition resource_class
+        end
+      end
+    end
+  end
+end