plutonium 0.14.1 → 0.15.0.pre.rc1

data/lib/plutonium/models/has_cents.rb

@@ -0,0 +1,170 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module Models
+    # HasCents module provides functionality to handle monetary values stored as cents
+    # and expose them as decimal values. It also ensures that validations applied to
+    # the cents attribute are inherited by the decimal attribute.
+    #
+    # @example Usage
+    #   class Product < ApplicationRecord
+    #     include Plutonium::Models::HasCents
+    #
+    #     has_cents :price_cents
+    #     has_cents :cost_cents, name: :wholesale_price, rate: 1000
+    #     has_cents :quantity_cents, name: :quantity, rate: 1
+    #     has_cents :total_cents, suffix: "value"
+    #
+    #     validates :price_cents, numericality: { greater_than_or_equal_to: 0 }
+    #   end
+    #
+    # @example Basic Usage
+    #   product = Product.new(price: 10.99)
+    #
+    #   product.price_cents #=> 1099
+    #   product.price #=> 10.99
+    #
+    #   product.wholesale_price = 5.5
+    #   product.cost_cents #=> 5500
+    #
+    #   product.quantity = 3
+    #   product.quantity_cents #=> 3
+    #
+    # @example Truncation
+    #   product.price = 10.991
+    #   product.price_cents #=> 1099
+    #
+    #   product.price = 10.995
+    #   product.price_cents #=> 1099
+    #
+    #   product.price = 10.999
+    #   product.price_cents #=> 1099
+    #
+    #   product.total_value = 100.50
+    #   product.total_cents #=> 10050
+    #
+    # @example Validation Inheritance
+    #   product = Product.new(price: -10.99)
+    #   product.valid? #=> false
+    #   product.errors[:price_cents] #=> ["must be greater than or equal to 0"]
+    #   product.errors[:price] #=> ["is invalid"]
+    #
+    # @example Reflection
+    #   Product.has_cents_attributes
+    #   #=> {
+    #   #     price_cents: { name: :price, rate: 100 },
+    #   #     cost_cents: { name: :wholesale_price, rate: 1000 },
+    #   #     quantity_cents: { name: :quantity, rate: 1 },
+    #   #     total_cents: { name: :total_value, rate: 100 }
+    #   #   }
+    #
+    #   Product.has_cents_attribute?(:price_cents) #=> true
+    #   Product.has_cents_attribute?(:name) #=> false
+    #   Product.has_cents_attributes[:cost_cents] #=> {name: :wholesale_price, rate: 1000}
+    #
+    # @note This module automatically handles validation propagation. If a validation error
+    #   is applied to the cents attribute, the decimal attribute will be marked as invalid.
+    #
+    # @note The module uses BigDecimal for internal calculations to ensure precision
+    #   in monetary operations.
+    #
+    # @see ClassMethods#has_cents for details on setting up attributes
+    module HasCents
+      extend ActiveSupport::Concern
+
+      included do
+        class_attribute :has_cents_attributes, instance_writer: false, default: {}
+      end
+
+      module ClassMethods
+        # # Inherit validations from cents attribute to decimal attribute
+        # def validate(*args, &block)
+        #   options = args.extract_options!
+        #   Array(options[:attributes]).each do |attribute|
+        #     attribute = attribute.to_sym
+        #     if has_cents_attribute?(attribute)
+        #       decimal_attribute = has_cents_attributes[attribute][:name]
+        #       options[:attributes] += [decimal_attribute]
+        #       args = args.map do |validator|
+        #         if validator.respond_to?(:attributes)
+        #           validator.instance_variable_set(:@attributes, validator.attributes + [decimal_attribute])
+        #           _validators[decimal_attribute] << validator
+        #           validator
+        #         end
+        #       end
+        #     end
+        #   end
+
+        #   super(*args, options, &block)
+        # end
+        # Defines getter and setter methods for a monetary value stored as cents,
+        # and ensures validations are applied to both cents and decimal attributes.
+        #
+        # @param cents_name [Symbol] The name of the attribute storing the cents value.
+        # @param name [Symbol, nil] The name for the generated methods. If nil, it's derived from cents_name.
+        # @param rate [Integer] The conversion rate from the decimal value to cents (default: 100).
+        #   This represents how many cents are in one unit of the decimal value.
+        #   For example:
+        #   - rate: 100 for dollars/cents (1 dollar = 100 cents)
+        #   - rate: 1000 for dollars/mils (1 dollar = 1000 mils)
+        #   - rate: 1 for a whole number representation
+        # @param suffix [String] The suffix to append to the cents_name if name is not provided (default: "amount").
+        #
+        # @example Standard currency (dollars and cents)
+        #   has_cents :price_cents
+        #
+        # @example Custom rate for a different currency division
+        #   has_cents :amount_cents, name: :cost, rate: 1000
+        #
+        # @example Whole number storage without decimal places
+        #   has_cents :quantity_cents, name: :quantity, rate: 1
+        #
+        # @example Using custom suffix
+        #   has_cents :total_cents, suffix: "value"
+        def has_cents(cents_name, name: nil, rate: 100, suffix: "amount")
+          cents_name = cents_name.to_sym
+          name ||= cents_name.to_s.gsub(/_cents$/, "")
+          name = name.to_sym
+          name = (name == cents_name) ? :"#{cents_name}_#{suffix}" : name
+
+          self.has_cents_attributes = has_cents_attributes.merge(
+            cents_name => {name: name, rate: rate}
+          )
+
+          class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            # Getter method for the decimal representation of the cents value.
+            #
+            # @return [BigDecimal, nil] The decimal value or nil if cents_name is not present.
+            def #{name}
+              #{cents_name}.to_d / #{rate} if #{cents_name}.present?
+            end
+
+            # Setter method for the decimal representation of the cents value.
+            #
+            # @param value [Numeric, nil] The decimal value to be set.
+            def #{name}=(value)
+              self.#{cents_name} = if value.present?
+                (BigDecimal(value.to_s) * #{rate}).to_i
+              end
+            end
+
+            # Mark decimal field as invalid if cents field is not valid
+            after_validation do
+              next unless errors[#{cents_name.inspect}].present?
+
+              errors.add(#{name.inspect}, :invalid)
+            end
+          RUBY
+        end
+
+        # Checks if a given attribute is defined with has_cents
+        #
+        # @param attribute [Symbol] The attribute to check
+        # @return [Boolean] true if the attribute is defined with has_cents, false otherwise
+        def has_cents_attribute?(attribute)
+          has_cents_attributes.key?(attribute.to_sym)
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/{pkg/base.rb → package/engine.rb}

@@ -1,6 +1,6 @@
 module Plutonium
-  module Pkg
-    module Base
+  module Package
+    module Engine
       extend ActiveSupport::Concern
 
       included do
@@ -16,6 +16,14 @@ module Plutonium
           end
           add_view_paths_initializer.instance_variable_set(:@block, ->(app) {})
         end
+
+        initializer :append_migrations do |app|
+          unless app.root.to_s.match root.to_s
+            config.paths["db/migrate"].expanded.each do |expanded_path|
+              app.config.paths["db/migrate"] << expanded_path
+            end
+          end
+        end
       end
     end
   end

data/lib/plutonium/{application → portal}/controller.rb

@@ -1,14 +1,10 @@
 module Plutonium
-  module Application
+  module Portal
     module Controller
       extend ActiveSupport::Concern
-      include Plutonium::Core::Controllers::Base
+      include Plutonium::Core::Controller
 
-      included do
-        helper_method :registered_resources
-      end
-
-      private
+      # private
 
       # # Menu Builder
       # def build_namespace_node(namespaces, resource, parent)
@@ -34,10 +30,6 @@ module Plutonium
       # def build_sidebar_menu
       #   build_namespace_tree(current_engine.resource_register)
       # end
-
-      def registered_resources
-        current_engine.resource_register.resources
-      end
     end
   end
 end

data/lib/plutonium/{application → portal}/dynamic_controllers.rb

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
 module Plutonium
-  module Application
+  module Portal
     # DynamicControllers module provides functionality for dynamically creating controller classes
     # when they are missing in the current module's namespace.
     #
     # @example Usage
     #   module MyApp
-    #     include Plutonium::Application::DynamicControllers
+    #     include Plutonium::Portal::DynamicControllers
     #   end
     #
     #   # Now, MyApp::SomeController will be dynamically created if it doesn't exist,
@@ -74,7 +74,7 @@ module Plutonium
           log_controller_creation(const_full_name, parent_controller)
           const_full_name.constantize
         rescue => e
-          Plutonium.logger.error "[plutonium] Failed to create dynamic controller: #{e.message}"
+          Plutonium.logger.error { "[plutonium] Failed to create dynamic controller: #{e.message}" }
           raise
         end
 
@@ -100,7 +100,7 @@ module Plutonium
         # @param const_full_name [String] The full name of the created controller
         # @param parent_controller [Class] The parent controller class
         def log_controller_creation(const_full_name, parent_controller)
-          Plutonium.logger.info "[plutonium] Dynamically created #{const_full_name} < #{parent_controller}"
+          Plutonium.logger.info { "[plutonium] Dynamically created #{const_full_name} < #{parent_controller}" }
         end
       end
     end

data/lib/plutonium/portal/engine.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module Portal
+    module Engine
+      extend ActiveSupport::Concern
+      include Plutonium::Engine
+      include Plutonium::Package::Engine
+
+      included do
+        isolate_namespace to_s.deconstantize.constantize
+      end
+    end
+  end
+end

data/lib/plutonium/railtie.rb

@@ -21,6 +21,14 @@ module Plutonium
       plutonium.css plutonium.png plutonium.ico
     ].freeze
 
+    initializer "plutonium.base" do
+      Rails.application.class.include Plutonium::Engine
+    end
+
+    initializer "plutonium.deprecator" do |app|
+      app.deprecators[:plutonium] = Plutonium.deprecator
+    end
+
     initializer "plutonium.assets" do
       setup_asset_pipeline if Rails.application.config.respond_to?(:assets)
     end
@@ -45,13 +53,22 @@ module Plutonium
       extend_action_dispatch
     end
 
+    initializer "plutonium.active_record_extensions" do
+      extend_active_record
+    end
+
+    initializer "plutonium.phlexi_themes" do
+      setup_phlexi_themes
+    end
+
     rake_tasks do
       load "tasks/create_rodauth_admin.rake"
     end
 
     config.after_initialize do
       Plutonium::Reloader.start! if Plutonium.configuration.enable_hotreload
-      Plutonium::ZEITWERK_LOADER.eager_load if Rails.env.production?
+      Plutonium::Loader.eager_load if Rails.env.production?
+      ActionPolicy::PerThreadCache.enabled = !Rails.env.local?
     end
 
     private
@@ -83,10 +100,25 @@ module Plutonium
       )
     end
 
+    def setup_phlexi_themes
+      Rails.application.config.to_prepare do
+        Phlexi::Form::Theme.instance = Plutonium::UI::Form::Theme.instance
+        Phlexi::Display::Theme.instance = Plutonium::UI::Display::Theme.instance
+        Phlexi::Table::Theme.instance = Plutonium::UI::Table::Theme.instance
+        Phlexi::Table::DisplayTheme.instance = Plutonium::UI::Table::DisplayTheme.instance
+      end
+    end
+
     def extend_action_dispatch
       ActionDispatch::Routing::Mapper.prepend Plutonium::Routing::MapperExtensions
       ActionDispatch::Routing::RouteSet.prepend Plutonium::Routing::RouteSetExtensions
       Rails::Engine.include Plutonium::Routing::ResourceRegistration
     end
+
+    def extend_active_record
+      ActiveSupport.on_load(:active_record) do
+        include Plutonium::Resource::Record
+      end
+    end
   end
 end

data/lib/plutonium/reloader.rb

@@ -65,7 +65,7 @@ module Plutonium
       # @return [void]
       def handle_file_changes(modified, added, removed)
         (modified + added).each do |file|
-          Plutonium.logger.debug "[plutonium] change detected: #{file}"
+          Plutonium.logger.debug { "[plutonium] change detected: #{file}" }
 
           if file == __FILE__
             reload_file(file)
@@ -107,7 +107,7 @@ module Plutonium
       # @param file [String] path to the engine file
       # @return [void]
       def reload_engine_and_routes(file)
-        Plutonium.logger.debug "[plutonium] reloading: engine+routes"
+        Plutonium.logger.debug { "[plutonium] reloading: engine+routes" }
         load file
         Rails.application.reload_routes!
       end
@@ -117,9 +117,9 @@ module Plutonium
       # @param file [String] path to the file
       # @return [void]
       def reload_framework_and_file(file)
-        Plutonium.logger.debug "[plutonium] reloading: app+framework"
+        Plutonium.logger.debug { "[plutonium] reloading: app+framework" }
         Rails.application.reloader.reload!
-        Plutonium::ZEITWERK_LOADER.reload
+        Plutonium::Loader.reload
         reload_components
       end
 
@@ -145,7 +145,7 @@ module Plutonium
       # @param error [StandardError] the error that occurred during reloading
       # @return [void]
       def log_reload_failure(file, error)
-        Plutonium.logger.error "\n[plutonium] reloading failed\n\n#{error.message}\n"
+        Plutonium.logger.error { "\n[plutonium] reloading failed\n\n#{error.message}\n" }
       end
     end
   end

data/lib/plutonium/resource/controller.rb

@@ -10,16 +10,15 @@ module Plutonium
     module Controller
       extend ActiveSupport::Concern
       include Pagy::Backend
-      include Plutonium::Core::Controllers::Base
-      include Plutonium::Core::Controllers::Authorizable
-      include Plutonium::Core::Controllers::Presentable
-      include Plutonium::Core::Controllers::Queryable
-      include Plutonium::Core::Controllers::CrudActions
-      include Plutonium::Core::Controllers::InteractiveActions
+      include Plutonium::Core::Controller
+      include Plutonium::Resource::Controllers::Defineable
+      include Plutonium::Resource::Controllers::Authorizable
+      include Plutonium::Resource::Controllers::Presentable
+      include Plutonium::Resource::Controllers::Queryable
+      include Plutonium::Resource::Controllers::CrudActions
+      include Plutonium::Resource::Controllers::InteractiveActions
 
       included do
-        class_attribute :resource_class, instance_writer: false, instance_predicate: false
-
         # https://github.com/ddnexus/pagy/blob/master/docs/extras/headers.md#headers
         after_action { pagy_headers_merge(@pagy) if @pagy }
 
@@ -27,49 +26,55 @@ module Plutonium
       end
 
       class_methods do
+        include Plutonium::Lib::SmartCache
+
         # Sets the resource class for the controller
-        # @param [Class] resource_class The resource class
+        # @param [ActiveRecord::Base] resource_class The resource class
         def controller_for(resource_class)
-          self.resource_class = resource_class
+          @resource_class = resource_class
         end
+
+        # Gets the resource class for the controller
+        # @return [ActiveRecord::Base] The resource class
+        def resource_class
+          return @resource_class if @resource_class.present?
+
+          name.to_s.gsub(/^#{current_package}::/, "").gsub(/Controller$/, "").classify.constantize
+        rescue NameError
+          raise NameError, "Failed to determine the resource class. Please call `controller_for(MyResource)` in #{name}."
+        end
+        memoize_unless_reloading :resource_class
       end
 
       private
 
-      # Creates a policy context
-      # @return [Plutonium::Resource::PolicyContext] The policy context
-      def policy_context
-        Plutonium::Resource::PolicyContext.new(
-          user: current_user,
-          resource_context: resource_context
-        )
+      def resource_class
+        self.class.resource_class
       end
 
       # Returns the resource record based on path parameters
       # @return [ActiveRecord::Base, nil] The resource record
       def resource_record
-        @resource_record ||= policy_scope(resource_class).from_path_param(params[:id]).first! if params[:id].present?
+        @resource_record ||= current_authorized_scope.from_path_param(params[:id]).first! if params[:id].present?
         @resource_record
       end
 
       # Returns the submitted resource parameters
       # @return [Hash] The submitted resource parameters
       def submitted_resource_params
-        @submitted_resource_params ||= begin
-          strong_parameters = resource_class.strong_parameters_for(*permitted_attributes)
-          params.require(resource_param_key).permit(*strong_parameters).nilify.to_h
-        end
+        @submitted_resource_params ||= build_form(resource_class.new).extract_input(params)[resource_param_key.to_sym]
       end
 
       # Returns the resource parameters, including scoped and parent parameters
       # @return [Hash] The resource parameters
       def resource_params
-        input_params = submitted_resource_params.dup
+        @resource_params ||= begin
+          input_params = submitted_resource_params.dup
+          override_entity_scoping_params(input_params)
+          override_parent_params(input_params)
 
-        override_entity_scoping_params(input_params)
-        override_parent_params(input_params)
-
-        current_presenter.defined_field_inputs_for(*permitted_attributes).collect_all(input_params)
+          input_params
+        end
       end
 
       # Returns the resource parameter key
@@ -93,10 +98,20 @@ module Plutonium
       # @param [ActiveRecord::Base] resource_record The resource record
       # @return [Object] The resource presenter
       def resource_presenter(resource_class, resource_record)
-        presenter_class = "#{current_package}::#{resource_class}Presenter".constantize
+        presenter_class = [current_package, "#{resource_class}Presenter"].compact.join("::").constantize
         presenter_class.new resource_context, resource_record
       rescue NameError
-        super(resource_class, resource_record)
+        super
+      end
+
+      # Creates a resource definition
+      # @param [Class] resource_class The resource class
+      # @return [Object] The resource definition
+      def resource_definition(resource_class)
+        definition_class = [current_package, "#{resource_class}Definition"].compact.join("::").constantize
+        definition_class.new
+      rescue NameError
+        super
       end
 
       # Creates a resource query object
@@ -104,10 +119,10 @@ module Plutonium
       # @param [ActionController::Parameters] params The request parameters
       # @return [Object] The resource query object
       def resource_query_object(resource_class, params)
-        query_object_class = "#{current_package}::#{resource_class}QueryObject".constantize
+        query_object_class = [current_package, "#{resource_class}QueryObject"].compact.join("::").constantize
         query_object_class.new resource_context, params
       rescue NameError
-        super(resource_class, params)
+        super
       end
 
       # Applies submitted resource params if they have been passed
@@ -126,7 +141,9 @@ module Plutonium
           parent_class = current_engine.resource_register.route_key_lookup[parent_route_key]
           parent_scope = parent_class.from_path_param(params[parent_route_param])
           parent_scope = parent_scope.associated_with(current_scoped_entity) if scoped_to_entity?
-          parent_scope.first!
+          current_parent = parent_scope.first!
+          authorize! current_parent, to: :read?
+          current_parent
         end
       end
 
@@ -173,9 +190,9 @@ module Plutonium
       # @param [Array] args The URL arguments
       # @param [Hash] kwargs The keyword arguments
       # @return [Array] The URL arguments
-      def resource_url_args_for(*args, **kwargs)
+      def resource_url_args_for(*, **kwargs)
         kwargs[:parent] = current_parent unless kwargs.key?(:parent)
-        super(*args, **kwargs)
+        super
       end
     end
   end

data/lib/plutonium/resource/controllers/authorizable.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module Resource
+    module Controllers
+      # The Authorizable module provides authorization functionality for controllers,
+      # specifically for the current resource being handled by the controller.
+      # It integrates with ActionPolicy to enforce authorization checks and scoping.
+      #
+      # @example Including the module in a controller
+      #   class MyController < ApplicationController
+      #     include Plutonium::Resource::Controllers::Authorizable
+      #   end
+      #
+      # @note This module assumes the existence of methods like `resource_record`,
+      #   `resource_class`, `current_parent`, and `entity_scope_for_authorize`.
+      #
+      # @see ActionPolicy
+      module Authorizable
+        extend ActiveSupport::Concern
+
+        # Custom exception for missing authorize_current call
+        class ActionMissingAuthorizeCurrent < ActionPolicy::UnauthorizedAction; end
+
+        # Custom exception for missing current_authorized_scope call
+        class ActionMissingCurrentAuthorizedScope < ActionPolicy::UnauthorizedAction; end
+
+        included do
+          verify_authorized
+          after_action :verify_authorize_current
+          after_action :verify_current_authorized_scope, except: %i[new create]
+
+          helper_method :current_policy, :permitted_attributes
+
+          attr_writer :authorize_current_count
+          attr_writer :current_authorized_scope_count
+
+          protected :authorize_current_count=, :authorize_current_count
+          protected :current_authorized_scope_count=, :current_authorized_scope_count
+        end
+
+        private
+
+        # Verifies that authorize_current has been called
+        #
+        # @raise [ActionMissingAuthorizeCurrent] if authorize_current hasn't been called
+        def verify_authorize_current
+          return if verify_authorized_skipped
+
+          raise ActionMissingAuthorizeCurrent.new(controller_path, action_name) if authorize_current_count.zero?
+        end
+
+        # Verifies that current_authorized_scope has been called
+        #
+        # @raise [ActionMissingCurrentAuthorizedScope] if current_authorized_scope hasn't been called
+        def verify_current_authorized_scope
+          return if verify_authorized_skipped
+
+          raise ActionMissingCurrentAuthorizedScope.new(controller_path, action_name) if current_authorized_scope_count.zero?
+        end
+
+        # @return [Integer] the number of times authorize_current has been called
+        def authorize_current_count
+          @authorize_current_count ||= 0
+        end
+
+        # @return [Integer] the number of times current_authorized_scope has been called
+        def current_authorized_scope_count
+          @current_authorized_scope_count ||= 0
+        end
+
+        # Returns the policy for the current resource
+        #
+        # @return [ActionPolicy::Base] the policy for the current resource
+        def current_policy
+          @current_policy ||= policy_for(record: current_policy_subject, context: current_policy_context)
+        end
+
+        # Returns the authorized scope for the current resource
+        #
+        # @return [ActiveRecord::Relation] the authorized scope for the current resource
+        def current_authorized_scope
+          self.current_authorized_scope_count += 1
+          authorized_scope(resource_class.all, context: current_policy_context)
+        end
+
+        # Sets the policy context scope value to the current parent if available
+        #
+        # @return [Hash] default context for the current resource's policy
+        def current_policy_context
+          {scope: current_parent || entity_scope_for_authorize}
+        end
+
+        # Authorizes the current action for the given record of the current resource
+        #
+        # @param record [Object] the record to authorize
+        # @param options [Hash] additional options for authorization
+        # @raise [ActionPolicy::Unauthorized] if the action is not authorized
+        def authorize_current!(record, **options)
+          options[:context] = (options[:context] || {}).deep_merge(current_policy_context)
+          authorize!(record, **options)
+          self.authorize_current_count += 1
+        end
+
+        # Returns the list of permitted attributes for the current action on the current resource
+        #
+        # @return [Array<Symbol>] the list of permitted attributes for the current action
+        def permitted_attributes
+          @permitted_attributes ||= current_policy.send_with_report(:"permitted_attributes_for_#{action_name}")
+        end
+
+        # Returns the list of permitted associations for the current resource
+        #
+        # @return [Array<Symbol>] the list of permitted associations
+        def permitted_associations
+          @permitted_associations ||= current_policy.send_with_report(:permitted_associations)
+        end
+
+        # Returns the subject for the current resource's policy
+        #
+        # @return [Object] the subject for the policy (either resource_record or resource_class)
+        def current_policy_subject
+          resource_record || resource_class
+        end
+      end
+    end
+  end
+end