qm-acts-as-generic-controller 0.1.5 → 0.1.6

data/Rakefile

@@ -9,7 +9,7 @@ begin
     gemspec.email = "marcin@saepia.net"
     gemspec.homepage = "http://q.saepia.net"
     gemspec.authors = ["Marcin Lewandowski"]
-    gemspec.version = "0.1.5"
+    gemspec.version = "0.1.6"
     gemspec.files = Rake::FileList.new [ "MIT-LICENSE", "Rakefile", "lib/*", "app/views/generic_controller/*" ]
     gemspec.add_dependency "qui-common-helpers", ">= 0.0.8"
     gemspec.add_dependency "qui-index-table", ">= 0.0.8"

data/app/views/generic_controller/_index_table.erb

@@ -1,11 +1,18 @@
 <%- records ||= instance_variable_get("@#{@controller.class.to_s.demodulize.gsub("Controller", "").tableize}") -%>
 <%- class_name ||= @controller.class.to_s.demodulize.gsub("Controller", "").singularize.constantize -%>
 
-<%- headers = class_name.generic_fields(:action => :index).collect{ |x| x[:options][:index_header] || ".#{x[:name]}".to_sym } -%>
+<%- headers = class_name.generic_fields(:action => :index).collect{ |x| x[:options][:index_header] || ".#{x[:name]}".to_sym if not current_user.respond_to? "has_privileges?" or (class_name.generic_field_associations.has_key?(x[:name]) and current_user.has_privileges?(:class_name => class_name.generic_field_associations[x[:name]][:class_name])) or (current_user.has_privileges?(:class_name => class_name, :attribute => x[:name], :mode => :read)) }.compact -%>
+
 <%- controller_name = "#{defined?(section) ? "#{section.to_s.camelize}::" : ""}#{class_name.to_s.pluralize}".tableize %>
+
 <%- has_edit = ActionController::Routing::Routes.routes.collect{|x| x if x.matches_controller_and_action?(controller_name, "edit") }.compact.size > 0 %>
 <%- has_delete = ActionController::Routing::Routes.routes.collect{|x| x if x.matches_controller_and_action?(controller_name, "destroy") }.compact.size > 0 %>
 
+<%- if current_user.respond_to? "has_privileges?" -%>
+  <%- has_edit = has_edit && current_user.has_privileges?(:class_name => class_name, :generic_action => :update_any) -%>
+  <%- has_delete = has_edit && current_user.has_privileges?(:class_name => class_name, :generic_action => :delete_any) -%>
+<%- end -%>
+
 <%- if defined?(QM::ActsAsWorkflow) and class_name.is_workflow? -%>
   <%- headers << :"workflow.common.indexTableHeader" -%>
 <%- end -%>
@@ -18,13 +25,15 @@
   
   <%- index_table records, :headers => headers, :class_name => class_name do |r| %>
     <%- class_name.generic_fields(:action => :index).each do |field| -%>
-      <td>
-        <%- if field[:options].has_key? :renderer -%>
-          <%= send(field[:options][:renderer], { :record => r, :field => field, :action => :index }) %>
-        <%- else -%>
-          <%= generic_renderer(:index, { :record => r, :field => field }) %>
-        <%- end -%>
-      </td>
+      <%- if not current_user.respond_to? "has_privileges?" or (class_name.generic_field_associations.has_key?(field[:name]) and current_user.has_privileges?(:class_name => class_name.generic_field_associations[field[:name]][:class_name])) or (current_user.has_privileges?(:class_name => class_name, :attribute => field[:name], :mode => :read)) -%>
+        <td>
+          <%- if field[:options].has_key? :renderer -%>
+            <%= send(field[:options][:renderer], { :record => r, :field => field, :action => :index }) %>
+          <%- else -%>
+            <%= generic_renderer(:index, { :record => r, :field => field }) %>
+          <%- end -%>
+        </td>
+      <%- end -%>
     <%- end -%>
 
     <%- if defined?(QM::ActsAsWorkflow) and class_name.is_workflow? -%>

data/app/views/generic_controller/form.erb

@@ -32,7 +32,7 @@
     <%- end -%>
 
     
-    <%- if is_accessible -%>
+    <%- if is_accessible and (not current_user.respond_to? "has_privileges?" or (current_user.respond_to? "has_privileges?" and current_user.has_privileges?(:class_name => klass, :attribute => field[:name]))) -%>
       <li>
         <%= f.label field[:name] %>
         

data/app/views/generic_controller/show.erb

@@ -1,6 +1,8 @@
 <%- toolbar do |t| -%>
   <%= t.index %>
   <%= t.separator %>
+  <%= t.create %>
+  <%= t.separator %>
   <%= t.edit %>
   <%= t.delete %>
 <%- end -%>
@@ -14,24 +16,34 @@
 <%- description = capture do -%>
   <dl>
     <%- klass.generic_fields(:action => :show).each do |field| -%>
-      <dt><%= h klass.human_attribute_name field[:name] %></dt>
+      <%- if not current_user.respond_to? "has_privileges?" or (current_user.respond_to? "has_privileges?" and current_user.has_privileges?(:class_name => klass, :attribute => field[:name])) -%>
+        <dt><%= h klass.human_attribute_name field[:name] %></dt>
 
-      <dd>
-        <%- if field[:options].has_key? :renderer -%>
-          <%= send(field[:options][:renderer], { :record => record, :field => field, :action => :show }) %>
-        <%- else -%>
-          <%= generic_renderer(:show, { :record => record, :field => field }) %>
-        <%- end -%>      
-      </dd>
+        <dd>
+          <%- if field[:options].has_key? :renderer -%>
+            <%= send(field[:options][:renderer], { :record => record, :field => field, :action => :show }) %>
+          <%- else -%>
+            <%= generic_renderer(:show, { :record => record, :field => field }) %>
+          <%- end -%>      
+        </dd>
+      <%- end -%>
     <%- end -%>
   </dl>
 <%- end -%>
 
 <%- tab_contents = {} -%>
 <%- record.class.generic_field_associations.each do |k,v| -%>
-  <%- if (v[:kind] == :has_many or v[:kind] == :has_and_belongs_to_many) and (v[:generic_create] or not v[:through]) -%>
+  <%- if current_user.respond_to? "has_privileges?" -%>
+    <%- has_privileges = current_user.has_privileges?(:class_name => v[:class_name], :generic_action => :index_any) -%>
+    <%- has_privileges_to_generic_create = current_user.has_privileges?(:class_name => v[:class_name], :generic_action => :create) -%>
+  <%- else -%>
+    <%- has_privileges = true -%>
+    <%- has_privileges_to_generic_create = true -%>
+  <%- end -%>
+  
+  <%- if has_privileges and (v[:kind] == :has_many or v[:kind] == :has_and_belongs_to_many) and (v[:generic_create] or not v[:through]) -%>
     <%- tab_contents[k] = capture do -%>
-      <%- if v[:generic_create] -%>
+      <%- if v[:generic_create] and has_privileges_to_generic_create -%>
         <%= link_to t(:"toolbar.create"), url_for([ "new", section, v[:class_name].table_name.singularize ]) + "?#{v[:class_name].table_name.singularize}[#{table_name}_id]=#{record.id}" %>
       <%- end -%>
     
@@ -40,6 +52,6 @@
   <%- end -%>
 <%- end -%>
 
-<%= tabs :tabs => [ { :header => { :text => :"#{section_prefix}tabs.common.description" }, :body => { :text => description } } ] + record.class.generic_field_associations.collect{|k,v| { :header => { :text => t(:"#{section_prefix}tabs.#{table_name}.#{k}") + " (#{record.send(k).count})" }, :body => { :text => tab_contents[k] } } if (v[:kind] == :has_many or v[:kind] == :has_and_belongs_to_many) and v[:through] == false and (record.send(k).count > 0 or v[:generic_create]) }.compact -%>
+<%= tabs :tabs => [ { :header => { :text => :"#{section_prefix}tabs.common.description" }, :body => { :text => description } } ] + record.class.generic_field_associations.collect{|k,v| { :header => { :text => t(:"#{section_prefix}tabs.#{table_name}.#{k}") + " (#{record.send(k).count})" }, :body => { :text => tab_contents[k] } } if tab_contents.has_key?(k) and (v[:kind] == :has_many or v[:kind] == :has_and_belongs_to_many) and v[:through] == false and (record.send(k).count > 0 or v[:generic_create]) }.compact -%>
                     
 

data/lib/qm-acts-as-generic-controller-controller.rb

@@ -25,6 +25,9 @@ module QM
               raise exception
             end
           end
+          
+          before_filter :check_generic_privileges
+          before_filter :check_limit_for_user, :only => [ :show, :edit, :update, :destroy ]
           END
 
         end
@@ -33,33 +36,59 @@ module QM
       module InstanceMethods
         def index
           unless instance_variable_defined?(plural_variable)
-            
             if params[:scopes] and params[:scopes].is_a?(Array)
               valid_scopes = params[:scopes].uniq.each{ |scope| scope if model.generic_named_scopes.has_key? scope.to_sym }.compact
               if valid_scopes.size > 0
-                data = eval "model.#{valid_scopes.join(".")}"
+                if defined?(current_user) and model.respond_to? :limit_for_user
+                  data = eval "model.#{valid_scopes.join(".")}.limit_for_user(#{current_user})"
+                else
+                  data = eval "model.#{valid_scopes.join(".")}"
+                end
               else
-                data = model.all
+                if defined?(current_user) and model.respond_to? :limit_for_user
+                  data = model.limit_for_user(current_user)
+                else
+                  data = model.all
+                end
               end
             else
-              data = model.all
+              if defined?(current_user) and model.respond_to? :limit_for_user
+                data = model.limit_for_user(current_user)
+              else
+                data = model.all
+              end
             end
+
             
             instance_variable_set(plural_variable, data) 
           end
           
           respond_to do |format|
             format.html
-            format.xml { render :xml => instance_variable_get(plural_variable) }
+            format.xml { 
+              if defined?(current_user) and current_user.respond_to? :privileged_attributes
+                render :xml => instance_variable_get(plural_variable).to_xml(:only => current_user.privileged_attributes(model, :read))
+              else
+                render :xml => instance_variable_get(plural_variable) 
+              end
+            }
           end
         end
 
         def show
+          
           instance_variable_set(singular_variable, model.find(params[:id])) unless instance_variable_defined?(singular_variable)
 
           respond_to do |format|
             format.html
-            format.xml { render :xml => instance_variable_get(singular_variable) }
+
+            format.xml { 
+              if defined?(current_user) and current_user.respond_to? :privileged_attributes
+                render :xml => instance_variable_get(singular_variable).to_xml(:only => current_user.privileged_attributes(model, :read))
+              else
+                render :xml => instance_variable_get(singular_variable)
+              end
+            }
           end
         end
 
@@ -72,7 +101,14 @@ module QM
 
           respond_to do |format|
             format.html
-            format.xml { render :xml => instance_variable_get(singular_variable) }
+            format.xml { 
+              if defined?(current_user) and current_user.respond_to? :privileged_attributes
+                render :xml => instance_variable_get(singular_variable).to_xml(:only => current_user.privileged_attributes(model, :read))
+              else
+                render :xml => instance_variable_get(singular_variable)
+              end
+            }
+
           end
         end
 
@@ -87,7 +123,13 @@ module QM
                 format.xml  { render :xml => instance_variable_get(singular_variable), :status => :created, :location => [ section, instance_variable_get(singular_variable) ] }
               else
                 format.html { redirect_to instance_variable_get(singular_variable) }
-                format.xml  { render :xml => instance_variable_get(singular_variable), :status => :created, :location => instance_variable_get(singular_variable) }
+                format.xml { 
+                  if defined?(current_user) and current_user.respond_to? :privileged_attributes
+                    render :xml => instance_variable_get(singular_variable).to_xml(:only => current_user.privileged_attributes(model, :read)), :status => :created, :location => instance_variable_get(singular_variable)
+                  else
+                    render :xml => instance_variable_get(singular_variable), :status => :created, :location => instance_variable_get(singular_variable)
+                  end
+                }
               end
             else
               format.html { 
@@ -98,13 +140,25 @@ module QM
                   render :template => "generic_controller/form" 
                 end
               } 
-              format.xml  { render :xml => instance_variable_get(singular_variable), :status => :unprocessable_entity }
+              format.xml { 
+                if defined?(current_user) and current_user.respond_to? :privileged_attributes
+                  render :xml => instance_variable_get(singular_variable).to_xml(:only => current_user.privileged_attributes(model, :read)), :status => :unprocessable_entity
+                else
+                  render :xml => instance_variable_get(singular_variable), :status => :unprocessable_entity
+                end
+              }
             end
           end
         end
         
         def update
           instance_variable_set(singular_variable, model.find(params[:id])) unless instance_variable_defined?(singular_variable)
+
+          if defined?(current_user) and current_user.respond_to? :privileged_attributes
+            params[singular_variable(true)].keys.each do |key|
+              params[singular_variable(true)].delete key unless current_user.privileged_attributes(model, :write).include? key
+            end
+          end
           instance_variable_get(singular_variable).update_attributes params[singular_variable(true)]
 
           respond_to do |format|
@@ -126,7 +180,13 @@ module QM
                   render :template => "generic_controller/form" 
                 end
               } 
-              format.xml  { render :xml => instance_variable_get(singular_variable), :status => :unprocessable_entity }
+              format.xml { 
+                if defined?(current_user) and current_user.respond_to? :privileged_attributes
+                  render :xml => instance_variable_get(singular_variable).to_xml(:only => current_user.privileged_attributes(model, :read)), :status => :unprocessable_entity
+                else
+                  render :xml => instance_variable_get(singular_variable), :status => :unprocessable_entity
+                end
+              }
             end
           end
         end
@@ -155,7 +215,38 @@ module QM
           def singular_variable(local = false)
             :"#{(local ? "" : "@")}#{self.class.to_s.demodulize.gsub("Controller", "").tableize.singularize}"
           end
+          
+          
+          def check_generic_privileges
+            return true unless defined?(current_user)
+            return true unless current_user.respond_to? "has_privileges?"
 
+            action = params[:action].to_sym
+            action = case action
+              when :index
+                :index_any
+              when :show
+                :show_any
+              when :update
+                :update_any
+              when :create
+                :create
+              when :destroy
+                :delete_any
+            end
+            
+            render_generic_forbidden unless current_user.has_privileges? :class_name => model, :action => action
+          end
+          
+          def check_limit_for_user
+            render_generic_forbidden unless model.limit_for_user(current_user).include? model.find(params[:id]) if model.respond_to? :limit_for_user if defined?(current_user)
+          end
+
+          
+          def render_generic_forbidden
+            # FIXME TODO render something more nice to user
+            render :status => 403, :text => "Access denied." 
+          end
       end
     end
   end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: qm-acts-as-generic-controller
 version: !ruby/object:Gem::Version 
-  hash: 17
+  hash: 23
   prerelease: false
   segments: 
   - 0
   - 1
-  - 5
-  version: 0.1.5
+  - 6
+  version: 0.1.6
 platform: ruby
 authors: 
 - Marcin Lewandowski
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-28 00:00:00 +02:00
+date: 2010-11-09 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency