rad_users 0.0.1 → 0.0.2

data/Rakefile

@@ -12,6 +12,7 @@ project(
   name: "users",
   official_name: 'rad_users',
   summary: "User Management for RadKit Framework",
+  dirs: ['app', 'config'],
   gem: true,
 
   author: "Alexey Petrushin",

data/app/controllers/identities.rb

@@ -0,0 +1,160 @@
+class Identities < UserManagement
+  # TODO3 filter password logging
+  # filter_parameter_logging :password, :password_confirmation, :old_password
+
+  rad.extension :user_identities, self
+
+  before :login_required, only: [
+    :update_password_form, :update_password,
+    :destroy
+  ]
+
+  before :login_not_required, only: [
+    :enter_email_form, :enter_email,
+    :finish_email_registration_form, :finish_email_registration,
+
+    :finish_open_id_registration_form, :finish_open_id_registration,
+
+    :reset_password_form, :reset_password,
+    :forgot_password_form, :forgot_password
+  ]
+
+  persist_params # only: [:finish_open_id_registration_form, :finish_open_id_registration]
+
+  layout '/users/layout'
+
+  #
+  # Email and Password
+  #
+  def enter_email_form
+    @token = Models::User::EmailVerificationToken.new
+  end
+  allow_get_for :enter_email_form
+
+  def enter_email
+    @token = Models::User::EmailVerificationToken.new params.token
+    @token.expires_at = 2.weeks.from_now
+    if @token.save
+      UserMailer.email_verification(@token).deliver
+      flash.sticky_info = t :email_verification_code_sent, email: @token.email
+      redirect_to :follow_email_link
+    else
+      render action: :enter_email_form
+    end
+  end
+
+  def follow_email_link
+  end
+  allow_get_for :follow_email_link
+
+  def finish_email_registration_form
+    @token = Models::User::EmailVerificationToken.by_token params.token
+    raise_user_error t(:invalid_email_verification_token) unless @token
+
+    @user = Models::User.new
+  end
+  allow_get_for :finish_email_registration_form
+
+  def finish_email_registration
+    @token = Models::User::EmailVerificationToken.by_token params.token
+
+    @user = Models::User.new
+    @user.email = @token.email
+    %w{name password password_confirmation}.each do |a|
+      @user.send "#{a}=", params.user[a] if params.user?
+    end
+
+    if @user.activate and @user.save
+      @token.destroy
+      flash.sticky_info = t :successfully_registered
+      redirect_to login_path #(_return_to: nil)
+    else
+      render action: :finish_email_registration_form
+    end
+  end
+
+  def forgot_password_form
+  end
+  allow_get_for :forgot_password_form
+
+  def forgot_password
+    @email = params.email
+    user = Models::User.first state: 'active', email: @email
+    if user
+      token = Models::User::ForgotPasswordToken.create! user: user
+      UserMailer.forgot_password(token).deliver
+      flash.sticky_info = t :sucessfully_reset_password, email: @email
+      redirect_to default_path
+    else
+      flash.sticky_error = t :failed_reset_password, email: @email
+      render action: :forgot_password_form
+    end
+  end
+
+  def reset_password_form
+    @token = Models::User::ForgotPasswordToken.by_token params.token
+    raise_user_error t(:invalid_reset_password_token) unless @token
+    @user = @token.user
+  end
+  allow_get_for :reset_password_form
+
+  def reset_password
+    @token = Models::User::ForgotPasswordToken.by_token params.token
+    raise_user_error t(:invalid_reset_password_token) unless @token
+    @user = @token.user
+
+    @user.password = params.user['password']
+    @user.password_confirmation = params.user['password_confirmation']
+
+    if @user.save
+      @token.destroy
+      flash.sticky_info = t :password_restored
+      redirect_to login_path(_return_to: nil)
+    else
+      render action: :reset_password_form
+    end
+  end
+
+  def update_password_form
+    @user = Models::User.current
+    # render action: :update_password_form
+  end
+  allow_get_for :update_password_form
+
+  def update_password
+    @user = Models::User.current
+
+    if @user.update_password(params.user['password'], params.user['password_confirmation'], params.old_password) and @user.save
+      flash.sticky_info = t :password_updated
+      redirect_to default_path
+    else
+      render action: :update_password_form
+    end
+  end
+
+
+  #
+  # Open Id
+  #
+  def finish_open_id_registration_form
+    @user = Models::User.new
+    @token = Models::SecureToken.by_token! params.token
+  end
+  allow_get_for :finish_open_id_registration_form
+
+  def finish_open_id_registration
+    @token = Models::SecureToken.by_token! params.token
+    @user = Models::User.new
+    @user.name = params.user['name']
+    @user.open_ids << @token[:open_id]
+
+    if @user.activate and @user.save
+      @token.destroy
+      flash.sticky_info = t :successfull_open_id_registration
+      set_current_user_with_updating_session @user
+      redirect_to return_to_path_for_login
+    else
+      render action: :finish_open_id_registration_form
+    end
+  end
+end

data/app/controllers/profiles.rb

@@ -0,0 +1,61 @@
+class Profiles < UsersApp
+  prepare_model(
+    Models::User, finder: :find_by_name,
+    only: [:show, :edit, :update, :add_role, :remove_role]
+  )
+
+  # require_permission :view, only: :show do
+  #   @user
+  # end
+
+  layout '/users/layout'
+
+  helper Helpers::Users::Authorization
+
+  allow_get_for :all, :show, :edit
+
+  def all
+    @users = Models::User.all
+  end
+
+  def show
+  end
+
+
+  require_permission(:update_profile, only: [:edit, :update]){@user}
+  def edit
+  end
+
+  def update
+    access_denied if @user.anonymous? and !Models::User.current.admin?
+
+    if @user.update_attributes params[:user]
+      flash[:info] = t :user_updated
+      # redirect_to action: :show
+    else
+      render action: :edit
+    end
+  end
+
+  def add_role
+    require_permission "add_#{params[:role]}_role"
+
+    @user.add_role params[:role]
+    @user.save!
+    @user.reload
+    flash[:info] = t :role_granted
+    render action: :update
+  end
+
+  def remove_role
+    require_permission "remove_#{params[:role]}_role"
+
+    @user.remove_role params[:role]
+    @user.save!
+    @user.reload
+    flash[:info] = t :role_removed
+    render action: :update
+  end
+
+  active_menu{:users}
+end

data/app/controllers/sessions.rb

@@ -0,0 +1,78 @@
+class Sessions < UserManagement
+  # TODO3 filter password logging
+  # filter_parameter_logging :password
+
+  persist_params
+
+  include OpenIdAuthentication
+
+  rad.extension :user_sessions, self
+
+  before :login_not_required, only: :login
+
+  layout '/users/layout'
+
+  allow_get_for :login, :logout, :status
+
+  def login
+    if using_open_id?
+      open_id_authentication
+    elsif request.post?
+      password_authentication
+    end
+  end
+
+  def logout
+    unless Models::User.current.anonymous?
+      set_current_user_with_updating_session Models::User.anonymous
+      flash.info = t :successfully_logged_out
+    end
+    redirect_to return_to_path_for_logout
+  end
+
+  def status; end
+
+  protected
+    def open_id_authentication
+      # params['return_to'] = request.url
+      # hack to save all url with :_return_to
+      # puts params['return_to']
+      # render action: 'new'
+      # return
+
+      # return_to = request.url.gsub("_ret")
+
+      authenticate_with_open_id nil, 'return_to' => request.url do |result, identity_url, registration|
+
+        if result.successful?
+          if @user = Models::User.authenticate_by_open_id(identity_url)
+            set_current_user_with_updating_session @user
+            flash.info = t :successfully_logged_in
+            redirect_to return_to_path_for_login
+          else
+            token = Models::SecureToken.new
+            token[:open_id] = identity_url
+            token.save!
+            flash.sticky_info = t :successfully_identified_by_open_id
+            redirect_to finish_open_id_registration_form_identities_path(token: token.token)
+          end
+        else
+          flash.error = result.message || t(:invalid_identity, identity: identity_url)
+        end
+
+      end
+    end
+
+    def password_authentication
+      if @user = Models::User.authenticate_by_password(params.name, params.password)
+        set_current_user_with_updating_session @user
+        flash.info = t :successfully_logged_in
+
+        redirect_to return_to_path_for_login
+      else
+        @errors = t :invalid_login
+        @name = params.name
+      end
+    end
+
+end

data/app/controllers/user_mailer.rb

@@ -0,0 +1,30 @@
+class UserMailer
+  inherit Rad::Mailer::MailerController
+
+  def email_verification token
+    @to = token.email
+    @from = rad.users.email
+    @subject = t :email_verification_title, host: rad.users.host
+    # sent_on Time.now
+
+    @body = t(
+      :email_verification_text,
+      host: rad.users.host,
+      url: finish_email_registration_form_identities_path(host: rad.users.host, token: token.token)
+    )
+  end
+
+  def forgot_password token
+    @to = token.user.email
+    @from = rad.users.email
+    @subject = t :forgot_password_title, name: token.user.name, host: rad.users.host
+    # sent_on Time.now
+
+    @body = t(
+      :forgot_password_text,
+      name: token.user.name,
+      host: rad.users.host,
+      url: reset_password_form_identities_path(host: rad.users.host, token: token.token)
+    )
+  end
+end

data/app/controllers/user_management.rb

@@ -0,0 +1,9 @@
+class UserManagement < Controllers::BaseApp
+  helper Helpers::Users::General
+
+  inherit Users::ControllerHelper
+
+  protect_from_forgery
+
+  rad.extension :user_management, self
+end

data/app/controllers/users_app.rb

@@ -0,0 +1,9 @@
+class UsersApp < Controllers::App
+  helper Helpers::Users::General
+
+  inherit Users::ControllerHelper
+
+  protect_from_forgery
+
+  rad.extension :users_app, self
+end

data/app/helpers/users/authorization.rb

@@ -0,0 +1,65 @@
+module Authorization
+  def roles_control_links_for user
+    links = []
+
+    # Ordered Roles
+    %w{member manager}.each do |role|
+      unless user.roles.include? role
+          if can? "add_#{role}_role"
+            links << add_role_link(t("add_#{role}_role"), user, role)
+          end
+        else
+        text = t(role)
+        if can? "remove_#{role}_role"
+          link = remove_role_link(t("remove_#{role}_role"), user, role)
+          links << "#{text} (#{link})"
+        else
+          links << text
+        end
+      end
+    end
+
+    # Custom Roles
+    rad.config.custom_roles.each do |role|
+      unless user.roles.include? role
+          if can? "add_custom_role"
+            links << add_role_link(t(:add_custom_role, role: role), user, role)
+          end
+        else
+        text = t(:custom_role, role: role)
+        if can? "remove_custom_role"
+          link = remove_role_link(t(:remove_custom_role, role: role), user, role)
+          links << "#{text} (#{link})"
+        else
+          links << text
+        end
+      end
+    end
+
+    # Admin Roles
+    unless user.roles.include? 'admin'
+        if can? "add_admin_role"
+          links << add_role_link(t(:add_admin_role), user, 'admin')
+        end
+      else
+      text = t(:admin)
+      if can? "remove_admin_role"
+        link = remove_role_link(t(:remove_admin_role), user, 'admin')
+        links << "#{text} (#{link})"
+      else
+        links << text
+      end
+    end
+
+    links
+  end
+
+  protected
+    def add_role_link text, user, role
+      link_to text, add_role_profile_path(user, role: role, format: :js), method: :post
+    end
+
+    def remove_role_link text, user, role
+      link_to text, remove_role_profile_path(user, role: role, format: :js), method: :post
+    end
+end

data/app/helpers/users/general.rb

@@ -0,0 +1,22 @@
+# TODO3 'unite this with SaaS '
+module General
+  def main_menu
+    @@menu ||= [
+      # [:home, all_pages_path],
+      # [:accounts, all_accounts_path, :global_administration],
+      [:users, all_profiles_path],
+    ]
+
+    unless @active_menu.blank?
+      (@@menu.collect do |key, link, permission|
+        unless permission and !can?(permission)
+          [t(key), link, key == @active_menu]
+        else
+          nil
+        end
+      end).compact
+    else
+      []
+    end
+  end
+end