radiant-reader-extension 3.0.0.rc4 → 3.0.0

data/app/controllers/password_resets_controller.rb

@@ -42,7 +42,7 @@ class PasswordResetsController < ReaderActionController
       if @reader.save 
         self.current_reader = @reader
         flash[:notice] = t('reader_extension.password_updated_notice')
-        redirect_to dashboard_url
+        redirect_to default_welcome_url(@reader)
       else
         flash[:error] = t('reader_extension.password_mismatch')
         render :action => :edit 

data/app/controllers/reader_action_controller.rb

@@ -5,7 +5,6 @@ class ReaderActionController < ApplicationController
   helper_method :current_site, :current_site=, :logged_in?, :logged_in_user?, :logged_in_admin?
   
   no_login_required
-  before_filter :set_site_title
   
   # reader session is normally required for modifying actions
   before_filter :require_reader, :except => [:index, :show]
@@ -32,60 +31,25 @@ class ReaderActionController < ApplicationController
     render
   end
   
-  def default_welcome_url(reader)
-    if page = reader.find_homepage
-      page.url
-    else
-      reader_url(reader)  #TODO make this interesting
-    end
+  def default_welcome_url(reader=nil)
+    (reader && reader.home_url) || reader_dashboard_url
   end
 
 protected
   
-  # context-setters
-
-  def set_site_title
-    if defined? Site && current_site
-      @site_title = current_site.name
-      @short_site_title = current_site.abbreviation || @site_title
-      @site_url = current_site.base_domain
-    else
-      @site_title = Radiant::Config['site.title']
-      @short_site_title = Radiant::Config['site.abbreviation'] || @site_title
-      @site_url = request.host
-    end
-  end
-
+  # NB. ReaderError exceptions are caught in ApplicationController rescue_froms
+    
   def require_reader
-    unless set_reader     # set_reader is in ControllerExtension and sets Reader.current while checking for current_reader
+    unless set_reader     # set_reader is added to ApplicationController and sets Reader.current while checking authentication
       store_location
-      respond_to do |format|
-        format.html {
-          flash[:explanation] = t('reader_extension.reader_required')
-          flash[:notice] = t('reader_extension.please_log_in')
-          redirect_to reader_login_url 
-        }
-        format.js { 
-          @inline = true
-          render :partial => 'reader_sessions/login_form' 
-        }
-      end
+      raise ReaderError::LoginRequired, t('reader_extension.please_log_in')
       false
     end
   end
   
   def require_activated_reader
     unless current_reader && current_reader.activated?
-      respond_to do |format|
-        format.html { 
-          flash[:explanation] = t('reader_extension.activation_required')
-          redirect_to reader_activation_url 
-        }
-        format.js { 
-          @inline = true
-          render :partial => 'reader_activations/activation_required' 
-        }
-      end
+      raise ReaderError::ActivationRequired, t('reader_extension.activation_required')
       false
     end
   end
@@ -99,12 +63,4 @@ protected
     end
   end
   
-  def generate_csv(readers=[])
-    columns = %w{forename surname email phone mobile postal_address}
-    table = FasterCSV.generate do |csv|
-      csv << columns.map { |f| t("activerecord.attributes.reader.#{f}") }
-      readers.each { |r| csv << columns.map{ |f| r.send(f.to_sym) } }
-    end
-  end
-  
 end

data/app/controllers/reader_sessions_controller.rb

@@ -45,13 +45,15 @@ class ReaderSessionsController < ReaderActionController
           @reader_session.reader.clear_password = ""                          # we forget the cleartext version on the first successful login
           @reader_session.reader.save(false)
         end
-        format.html {
-          flash[:notice] = t('reader_extension.hello').titlecase + " #{@reader_session.reader.name}. " + t('reader_extension.welcome_back')
-          redirect_back_or_to default_welcome_url(@reader_session.reader)
-        }
-        format.js { 
-          redirect_back_with_format(:js)
-        }
+        respond_to do |format|
+          format.html {
+            flash[:notice] = t('reader_extension.hello').titlecase + " #{@reader_session.reader.name}. " + t('reader_extension.welcome_back')
+            redirect_back_or_to default_welcome_url(@reader_session.reader)
+          }
+          format.js { 
+            redirect_back_with_format(:js)
+          }
+        end
       else
         respond_to do |format|
           format.html { render :action => :new }
@@ -72,8 +74,4 @@ class ReaderSessionsController < ReaderActionController
     redirect_to reader_login_url
   end
 
-  def default_welcome_url(reader=nil)
-    reader.home_url || dashboard_url
-  end
-
 end

data/app/helpers/reader_helper.rb

@@ -1,16 +1,17 @@
 require 'sanitize'
 require "sanitize/config/generous"
 require "fastercsv"
+require "snail_helpers"
 
 module ReaderHelper
   include SnailHelpers
   include Admin::RegionsHelper
   
   def standard_gravatar_for(reader=nil, url=nil)
-    size = Radiant::Config['forum.gravatar_size'] || 40
+    size = Radiant::Config['reader.gravatar_size'] || 40
     url ||= reader_url(reader)
     gravatar = gravatar_for(reader, {:size => size}, {:class => 'gravatar offset', :width => size, :height => size})
-    content_tag(:div, link_to(gravatar, url), :class => "speaker")
+    content_tag(:div, link_to(gravatar, url), :class => "speaker", :width => size, :height => size)
   end
 
   def gravatar_for(reader=nil, gravatar_options={}, img_options ={})
@@ -103,7 +104,7 @@ EOM
   def choose_page(object, field, select_options={})
     root = Page.respond_to?(:homepage) ? Page.homepage : Page.find_by_parent_id(nil)
     options = page_option_branch(root)
-    options.unshift ['<none>', nil]
+    options.unshift [t("reader_extension.none_option"), nil]
     select object, field, options, select_options
   end
 
@@ -142,8 +143,27 @@ EOM
     usps_country_options_for_select(selected, default_selected)
   end
   
+  def group_options_for_select
+    nested_set_options(Group) {|g| "#{'-' * g.level} #{g.name}" }.unshift([t("reader_extension.any_option"), nil])
+  end
+  
+  def parent_group_options_for_select(group=nil)
+    nested_set_options(Group, group) {|g| "#{'-' * g.level} #{g.name}" }.unshift([t("reader_extension.none_option"), nil])
+  end
+  
   def email_link(address)
     mail_to address, nil, :encode => :hex, :replace_at => ' at ', :class => 'mailto'
   end
 
+  def generate_csv(readers=[])
+    columns = %w{forename surname email phone mobile postal_address}
+    table = FasterCSV.generate do |csv|
+      csv << columns.map { |f| t("activerecord.attributes.reader.#{f}") }
+      readers.each { |r| csv << columns.map{ |f| r.send(f.to_sym) } }
+    end
+  end
+
+  def generate_vcard(readers=[])
+    readers.map(&:vcard).join("\n")
+  end
 end

data/app/models/group.rb

@@ -1,15 +1,15 @@
-class Group < ActiveRecord::Base
+require 'ancestry'
 
-  has_site if respond_to? :has_site
-  default_scope :order => 'name'
+class Group < ActiveRecord::Base
 
+  has_ancestry
+  belongs_to :leader, :class_name => 'Reader'
   belongs_to :created_by, :class_name => 'User'
   belongs_to :updated_by, :class_name => 'User'
   belongs_to :homepage, :class_name => 'Page'
 
   has_many :messages
   has_many :permissions
-  has_many :pages, :through => :permissions
   has_many :memberships
   has_many :readers, :through => :memberships, :uniq => true
   
@@ -17,11 +17,14 @@ class Group < ActiveRecord::Base
   validates_presence_of :name, :slug, :allow_blank => false
   validates_uniqueness_of :name, :slug
   
+  named_scope :any
+  named_scope :none, { :conditions => "1 = 0" }   # nasty! but doesn't break chains
   named_scope :with_home_page, { :conditions => "homepage_id IS NOT NULL", :include => :homepage }
   named_scope :subscribable, { :conditions => "public = 1" }
   named_scope :unsubscribable, { :conditions => "public = 0" }
-
-  named_scope :from_list, lambda { |ids|
+  
+  named_scope :find_these, lambda { |ids|
+    ids = ['NULL'] unless ids && ids.any?
     { :conditions => ["groups.id IN (#{ids.map{"?"}.join(',')})", *ids] }
   }
 
@@ -45,18 +48,41 @@ class Group < ActiveRecord::Base
       :readonly => false
     }
   }
-
+  
   def self.visible_to(reader=nil)
-    return all if Radiant.config['readers.public?']
-    return scoped({:conditions => "1 = 0"}) unless reader   # nasty but chainable
-    return containing(reader) if Radiant.config['readers.confine_to_groups?']
-    return all
+    case Radiant.config['reader.directory_visibility']
+    when 'public'
+      self.all
+    when 'private'
+      reader ? self.all : self.none
+    when 'grouped'
+      (reader && reader.is_grouped?) ? reader.all_visible_groups : self.none
+    else
+      self.none
+    end
   end
   
   def visible_to?(reader=nil)
-    self.class.visible_to(reader).include? self
+    self.class.visible_to(reader).map(&:id).include? self.id
   end
 
+  def tree
+    # can't quite do this in one step, but we can return a scope
+    self.root.subtree
+  end
+  
+  def tree_ids
+    self.root.subtree_ids
+  end
+  
+  def members
+    Reader.in_groups(subtree)
+  end
+  
+  def inherited_permissions
+    Permission.to_groups(path)
+  end
+    
   def url
     homepage.url if homepage
   end
@@ -90,12 +116,15 @@ class Group < ActiveRecord::Base
   # Permission.for_pages named_scope
   # Group.page_permissions  => set of permission objects
   # Group.pages             => set of page objects
-  
+  #
   def self.define_retrieval_methods(classname)
     type_scope = "for_#{classname.downcase.pluralize}".intern
     Permission.send :named_scope, type_scope, :conditions => { :permitted_type => classname }
-    define_method("#{classname.downcase}_permissions") { self.permissions.send type_scope }
-    define_method("#{classname.downcase.pluralize}") { self.send("#{classname.to_s.downcase}_permissions".intern).map(&:permitted) }
+    define_method("#{classname.downcase}_permissions") { self.inherited_permissions.send type_scope }
+    define_method("#{classname.downcase.pluralize}") {
+      ids = self.send("#{classname.to_s.downcase}_permissions".intern).map(&:permitted_id)
+      classname.constantize.find_these(ids)
+    }
   end
   
 private
@@ -103,6 +132,6 @@ private
   def set_slug
     self.slug ||= self.name.slugify.to_s
   end
-
+  
 end
 

data/app/models/message.rb

@@ -1,11 +1,11 @@
 class Message < ActiveRecord::Base
 
+  has_groups
   has_site if respond_to? :has_site
 
   belongs_to :layout
   belongs_to :created_by, :class_name => 'User'
   belongs_to :updated_by, :class_name => 'User'
-  belongs_to :group
 
   has_many :deliveries, :class_name => 'MessageReader', :conditions => ["message_readers.sent_at IS NOT NULL and message_readers.sent_at <= ?", Time.now.to_s(:db)]
   has_many :recipients, :through => :deliveries, :source => :reader
@@ -21,26 +21,19 @@ class Message < ActiveRecord::Base
   named_scope :ordinary, { :conditions => "function_id = '' OR function_id IS NULL" }
   named_scope :published, { :conditions => "status_id >= 100" }
 
-  named_scope :belonging_to, lambda {|group|
-   { :conditions => {:group_id => group }}
-  }
-
-  named_scope :ungrouped, :conditions => {:group_id => nil}
-
   def filtered_body
     filter.filter(body)
   end
 
-  # has to return a scope for chainability
   def possible_readers
-    group ? group.readers : Reader.scoped({})
+    permitted_readers
   end
 
   def undelivered_readers
     if recipients.any?
       possible_readers.except(recipients)
     else
-      recipients
+      possible_readers
     end
   end
 
@@ -57,7 +50,7 @@ class Message < ActiveRecord::Base
   end
 
   def preview(reader=nil)
-    reader ||= possible_readers.first || Reader.for_user(created_by)
+    reader ||= possible_readers.first || Reader.for_user(Reader.current)
     ReaderNotifier.create_message(reader, self)
   end
   

data/app/models/permission.rb

@@ -6,6 +6,10 @@ class Permission < ActiveRecord::Base
   named_scope :for, lambda { |object|
     { :conditions => {:permitted_id => object.id, :permitted_type => object.class.name.to_s} }
   }
+  
+  named_scope :to_groups, lambda { |ids|
+    { :conditions => ["permissions.group_id IN (#{ids.map{"?"}.join(',')})", *ids] }
+  }
 
 end
 

data/app/models/reader.rb

@@ -18,6 +18,8 @@ class Reader < ActiveRecord::Base
   end
 
   belongs_to :user
+  before_update :update_user
+  
   belongs_to :created_by, :class_name => 'User'
   belongs_to :updated_by, :class_name => 'User'
   has_many :message_readers
@@ -26,8 +28,6 @@ class Reader < ActiveRecord::Base
   has_many :groups, :through => :memberships, :uniq => true
   accepts_nested_attributes_for :memberships
 
-  before_update :update_user
-
   validates_presence_of :name, :email
   validates_length_of :name, :maximum => 100, :allow_nil => true
   validates_length_of :password, :minimum => 6, :allow_nil => false, :unless => :existing_reader_keeping_password?
@@ -41,6 +41,7 @@ class Reader < ActiveRecord::Base
 
   default_scope :order => 'name ASC'
   named_scope :any
+  named_scope :none, { :conditions => "1 = 0" }   # nasty! but doesn't break chains
   named_scope :active, :conditions => "activated_at IS NOT NULL"
   named_scope :inactive, :conditions => "activated_at IS NULL"
   named_scope :imported, :conditions => "old_id IS NOT NULL"
@@ -83,16 +84,65 @@ class Reader < ActiveRecord::Base
   end
   
   def self.visible_to(reader=nil)
-    return self.all if Radiant.config['readers.public?']
-    return self.scoped({:conditions => "1 = 0"}) unless reader   # nasty but chainable
-    return self.in_groups(reader.groups) if Radiant.config['readers.confine_to_groups?']
-    return self.all
+    case Radiant.config['reader.directory_visibility']
+    when 'public'
+      self.all
+    when 'private'
+      reader ? self.all : self.none
+    when 'grouped'
+      reader ? self.in_groups(reader.all_visible_group_ids) : self.none
+    else
+      self.none
+    end
   end
   
   def visible_to?(reader=nil)
-    self.class.visible_to(reader).include? self
+    (reader && (reader == self)) || self.class.visible_to(reader).map(&:id).include?(self.id)
+  end
+  
+  # returns a useful list of the groups that this person is in and all their ancestor groups.
+  # for most authorisation purposes, that's the set of groups of which this reader is considered a member.
+  # 
+  # Returns a scope.
+  #
+  def all_groups
+    Group.find_these(all_group_ids)
+  end
+  
+  def all_group_ids
+    self.groups.map(&:path_ids).flatten.uniq
+  end
+  
+  # Returns a list of the groups that this person is in along with their whole tree of super and subgroups.
+  # That's the list of groups that this person can see. It is larger than the list of groups that confer permission:
+  # this reader can see subgroups of his own groups in the directory, but he can't see their pages.
+  #
+  def all_visible_groups
+    Group.find_these(all_visible_group_ids)
+  end
+
+  def all_visible_group_ids
+    self.groups.map(&:tree_ids).flatten.uniq
+  end
+  
+  def can_see? (this)
+    permitted_groups = this.permitted_groups
+    permitted_groups.empty? or in_any_of_these_groups?(permitted_groups)
+  end
+    
+  def in_any_of_these_groups? (grouplist)
+    (grouplist & all_groups).any?
   end
 
+  def has_group? (group)
+    all_groups.include?(group)
+  end
+  alias :is_in? :has_group?
+  
+  def is_grouped?
+    groups.any?
+  end
+  
   # not very i18nal, this
   def forename
     read_attribute(:forename) || name.split(/\s+/).first
@@ -102,9 +152,12 @@ class Reader < ActiveRecord::Base
     read_attribute(:surname) || name.split(/\s+/).last
   end
 
+  def postal_address?
+    !post_line1.blank? && !post_city.blank?
+  end
+  
   def postal_address
     Snail.new(
-      :name => name,
       :line_1 => post_line1,
       :line_2 => post_line2,
       :city => post_city,
@@ -207,24 +260,6 @@ class Reader < ActiveRecord::Base
       nil
     end
   end
-
-  def can_see? (this)
-    permitted_groups = this.permitted_groups
-    permitted_groups.empty? or in_any_of_these_groups?(permitted_groups)
-  end
-    
-  def in_any_of_these_groups? (grouplist)
-    (grouplist & groups).any?
-  end
-
-  def is_in? (group)
-    groups.include?(group)
-  end
-  
-  # has_group? is ambiguous: with no argument it means 'is this reader grouped at all?'.
-  def has_group?(group=nil)
-    group.nil? ? groups.any? : is_in?(group)
-  end
   
 private