radiant-reader_group-extension 0.9.0

data/lib/grouped_page.rb

@@ -0,0 +1,59 @@
+module GroupedPage
+
+  def self.included(base)
+    base.class_eval {
+      has_many :permissions
+      has_many :groups, :through => :permissions
+      has_one :group, :foreign_key => 'homepage_id'
+      include InstanceMethods
+      
+      # any page with a group-marker is never cached
+      # so that we can continue to return cache hits without care
+      # this check is regrettably expensive
+
+      def cache?
+        self.inherited_groups.empty?
+      end        
+    }
+  end
+  
+  module InstanceMethods
+    
+    def visible_to?(reader)
+      permitted_groups = self.inherited_groups  
+      return true if permitted_groups.empty?
+      return false if reader.nil?
+      return true if reader.is_admin?
+      return reader.in_any_of_these_groups?(permitted_groups)
+    end
+
+    # this is all very inefficient recursive stuff
+    # but to do it in one pass we'd have to build a list of pages anyway
+    # so there isn't much to gain unless we shift to a different kind of tree
+
+    def inherited_groups
+      if (self.parent.nil?)
+        self.groups
+      else
+        self.groups + self.parent.inherited_groups
+      end
+    end
+    alias permitted_groups inherited_groups
+
+    def has_group?(group)
+      return self.groups.include?(group)
+    end
+
+    def has_inherited_group?(group)
+      return self.inherited_groups.include?(group)
+    end
+    
+    def group_is_inherited?(group)
+      return self.has_inherited_group?(group) && !self.has_group?(group)
+    end
+    
+  end
+
+end
+
+

data/lib/grouped_reader.rb

@@ -0,0 +1,63 @@
+module GroupedReader
+
+  def self.included(base)
+    base.class_eval {
+      has_many :memberships
+      has_many :groups, :through => :memberships
+      include InstanceMethods
+      alias_method_chain :activate!, :group
+      alias_method_chain :send_functional_message, :group
+    }
+  end
+
+  module InstanceMethods     
+  
+    def find_homepage
+      if homegroup = groups.with_home_page.first
+        homegroup.homepage
+      end
+    end
+  
+    def can_see? (this)
+      permitted_groups = this.permitted_groups
+      permitted_groups.empty? or in_any_of_these_groups?(permitted_groups)
+    end
+      
+    def in_any_of_these_groups? (grouplist)
+      (grouplist & groups).any?
+    end
+  
+    def is_in? (group)
+      groups.include?(group)
+    end
+    
+    # has_group? is ambiguous: with no argument it means 'is this reader grouped at all?'.
+    def has_group?(group=nil)
+      group.nil? ? groups.any? : is_in?(group)
+    end
+    
+    # if group-welcome messages exist for this reader's memberships, they will be sent on activation
+    def activate_with_group!
+      send_group_welcomes if activate_without_group!
+    end
+
+    # there may be versions of the functional (eg welcome) messages specific to a group
+    # (which has to be passed through, so this currently only happens when sending out group invitations but ought to be useful elsewhere too)
+    def send_functional_message_with_group(function, group=nil)
+      reset_perishable_token!
+      message = Message.functional(function, group)   # returns the standard functional message if no group is supplied, or no group message exists
+      message.deliver_to(self) if message
+    end
+    
+    def send_group_invitation_message(group=nil)
+      send_functional_message_with_group('invitation', group)
+    end
+
+  protected
+
+    def send_group_welcomes
+      groups.each { |g| g.send_welcome_to(self) }
+    end
+  
+  end
+end

data/lib/reader_activations_controller_extensions.rb

@@ -0,0 +1,21 @@
+module ReaderActivationsControllerExtensions
+  def self.included(base)
+
+    base.class_eval { 
+      
+      def default_activated_url_with_group
+        if page = @reader.find_homepage
+          page.url
+        else
+          default_activated_url_without_group
+        end
+      end
+      alias_method_chain :default_activated_url, :group
+
+    }
+  end
+  
+end
+
+
+

data/lib/reader_notifier_extensions.rb

@@ -0,0 +1,14 @@
+module ReaderNotifierExtensions
+  
+  def self.included(base)
+    base.class_eval {
+
+      def message_with_group( reader, message, sender=nil )
+        message_without_group( reader, message, sender )
+        @body[:group] = message.group
+      end
+      alias_method_chain :message, :group      
+
+    }
+  end
+end

data/lib/reader_sessions_controller_extensions.rb

@@ -0,0 +1,21 @@
+module ReaderSessionsControllerExtensions
+  def self.included(base)
+
+    base.class_eval { 
+      
+      def default_loggedin_url_with_group
+        if page = @reader_session.reader.find_homepage
+          page.url
+        else
+          default_loggedin_url_without_group
+        end
+      end
+      alias_method_chain :default_loggedin_url, :group
+
+    }
+  end
+  
+end
+
+
+

data/lib/readers_controller_extensions.rb

@@ -0,0 +1,22 @@
+module ReadersControllerExtensions
+  
+  def self.included(base)
+    base.class_eval { before_filter :ensure_groups_subscribable, :only => [:update, :create] }
+    base.add_form_partial 'readers/memberships'
+  end
+
+  def ensure_groups_subscribable
+    if params[:reader] && params[:reader][:group_ids]
+      params[:reader][:group_ids].each do |g|
+        raise ActiveRecord::RecordNotFound unless Group.find(g).public?
+      end
+    end
+    true
+  rescue ActiveRecord::RecordNotFound
+    false
+  end
+
+end
+
+
+

data/lib/site_controller_extensions.rb

@@ -0,0 +1,37 @@
+module SiteControllerExtensions
+  
+  def self.included(base)
+    base.class_eval {
+      # to control access without ruining the cache we have set Page.cache? = false
+      # for any page that has a group association. This should  prevent the relatively 
+      # few private pages from being cached, and it remains safe to return any cached
+      # page we find.
+      
+      def find_page_with_group_check(url)
+        page = find_page_without_group_check(url)
+        raise ReaderGroup::PermissionDenied if page && !page.visible_to?(current_reader)
+        page
+      end
+        
+      def show_page_with_group_check
+        show_page_without_group_check
+      rescue ReaderGroup::PermissionDenied
+        if current_reader
+          flash[:error] = "Sorry: you don't have permission to see that page."
+          redirect_to reader_permission_denied_url
+        else
+          flash[:explanation] = "The page you have requested is not public. Please log in, and if your account has the necessary permission you will be taken straight there."
+          flash[:error] = "Please log in."
+          store_location
+          redirect_to reader_login_url
+        end
+      end
+        
+      alias_method_chain :find_page, :group_check
+      alias_method_chain :show_page, :group_check
+    }
+  end
+end
+
+
+

data/lib/tasks/reader_group_extension_tasks.rake

@@ -0,0 +1,28 @@
+namespace :radiant do
+  namespace :extensions do
+    namespace :reader_group do
+      
+      desc "Runs the migration of the Reader Group extension"
+      task :migrate => :environment do
+        require 'radiant/extension_migrator'
+        if ENV["VERSION"]
+          ReaderGroupExtension.migrator.migrate(ENV["VERSION"].to_i)
+        else
+          ReaderGroupExtension.migrator.migrate
+        end
+      end
+      
+      desc "Copies public assets of the Reader Group to the instance public/ directory."
+      task :update => :environment do
+        is_svn_or_dir = proc {|path| path =~ /\.svn/ || File.directory?(path) }
+        puts "Copying assets from ReaderGroupExtension"
+        Dir[ReaderGroupExtension.root + "/public/**/*"].reject(&is_svn_or_dir).each do |file|
+          path = file.sub(ReaderGroupExtension.root, '')
+          directory = File.dirname(path)
+          mkdir_p RAILS_ROOT + directory
+          cp file, RAILS_ROOT + path
+        end
+      end  
+    end
+  end
+end

data/public/stylesheets/sass/admin/group.sass

@@ -0,0 +1,66 @@
+@import compass
+
+body.reversed 
+  #content 
+    form 
+      p.homepage
+        margin: 0
+        label
+          display: inline
+
+  #group_pages, #group_people
+    position: relative
+    float: left
+    overflow: hidden
+    ul
+      li.fake_checkbox
+        margin: 10px 0
+        padding-left: 30px
+        background:
+          image: none
+          repeat: no-repeat
+          position: 4px center
+        a
+          text-decoration: none
+        &.checked                                          
+          background-image: url(/images/admin/chk_on.png) 
+          a
+            color: #5da454
+            font-weight: bold
+        &.unchecked                                        
+          background-image: url(/images/admin/chk_off.png)
+          a
+            color: #999
+            font-weight: normal
+        &.waiting                                          
+          background-image: url(/images/admin/spinner.gif)
+          a
+            color: #8c8d8e
+        &.failed                                           
+          background-image: url(/images/admin/error.png)
+          a
+            color: #c00
+        &.inherited                                        
+          background-image: url(/images/admin/chk_auto.png)
+          color: #80aa79
+      input
+        position: absolute
+        left: -999px
+
+  #group_pages
+    width: 30%
+    float: left
+    margin-right: 2%
+    ul
+      ul
+        padding-left: 20px
+  
+  #group_people
+    float: right
+    width: 62%
+    ul
+      float: left
+      width: 49%
+  
+  #footnotes
+    clear: both

data/radiant-reader_group-extension.gemspec

@@ -0,0 +1,134 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{radiant-reader_group-extension}
+  s.version = "0.9.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["spanner"]
+  s.date = %q{2010-10-04}
+  s.description = %q{Adds group-based page access control to radiant.}
+  s.email = %q{will@spanner.org}
+  s.extra_rdoc_files = [
+    "README.markdown"
+  ]
+  s.files = [
+    ".gitignore",
+     "README.markdown",
+     "Rakefile",
+     "VERSION",
+     "app/controllers/admin/group_invitations_controller.rb",
+     "app/controllers/admin/groups_controller.rb",
+     "app/controllers/admin/memberships_controller.rb",
+     "app/controllers/admin/permissions_controller.rb",
+     "app/helpers/admin/groups_helper.rb",
+     "app/models/group.rb",
+     "app/models/membership.rb",
+     "app/models/permission.rb",
+     "app/views/admin/group_invitations/new.html.haml",
+     "app/views/admin/group_invitations/preview.html.haml",
+     "app/views/admin/groups/_add_readers.html.haml",
+     "app/views/admin/groups/_form.html.haml",
+     "app/views/admin/groups/_list_head.html.haml",
+     "app/views/admin/groups/_listed.html.haml",
+     "app/views/admin/groups/edit.html.haml",
+     "app/views/admin/groups/index.html.haml",
+     "app/views/admin/groups/new.html.haml",
+     "app/views/admin/groups/remove.html.haml",
+     "app/views/admin/groups/show.html.haml",
+     "app/views/admin/memberships/_reader.html.haml",
+     "app/views/admin/messages/_list_notes.html.haml",
+     "app/views/admin/messages/_message_description.html.haml",
+     "app/views/admin/messages/_message_group.html.haml",
+     "app/views/admin/pages/_listed.html.haml",
+     "app/views/admin/pages/_page_groups.html.haml",
+     "app/views/admin/permissions/_page.html.haml",
+     "app/views/admin/reader_settings/_group_welcomes.html.haml",
+     "app/views/admin/readers/_reader_groups.html.haml",
+     "app/views/messages/show.html.haml",
+     "app/views/reader_activations/_on_activation.html.haml",
+     "app/views/readers/_memberships.html.haml",
+     "app/views/site/not_allowed.html.haml",
+     "config/routes.rb",
+     "db/migrate/001_create_groups.rb",
+     "db/migrate/20090921125654_group_messages.rb",
+     "db/migrate/20091120083119_groups_public.rb",
+     "lib/admin_messages_controller_extensions.rb",
+     "lib/group_message_tags.rb",
+     "lib/group_ui.rb",
+     "lib/grouped_message.rb",
+     "lib/grouped_model.rb",
+     "lib/grouped_page.rb",
+     "lib/grouped_reader.rb",
+     "lib/reader_activations_controller_extensions.rb",
+     "lib/reader_notifier_extensions.rb",
+     "lib/reader_sessions_controller_extensions.rb",
+     "lib/readers_controller_extensions.rb",
+     "lib/site_controller_extensions.rb",
+     "lib/tasks/reader_group_extension_tasks.rake",
+     "pkg/radiant-reader_group-extension-0.9.0.gem",
+     "public/images/admin/chk_auto.png",
+     "public/images/admin/chk_off.png",
+     "public/images/admin/chk_on.png",
+     "public/images/admin/edit.png",
+     "public/images/admin/error.png",
+     "public/images/admin/message.png",
+     "public/images/admin/new-group.png",
+     "public/images/admin/populate.png",
+     "public/images/admin/rdo_off.png",
+     "public/images/admin/rdo_on.png",
+     "public/stylesheets/sass/admin/group.sass",
+     "radiant-reader_group-extension.gemspec",
+     "reader_group_extension.rb",
+     "spec/controllers/readers_controller_spec.rb",
+     "spec/controllers/site_controller_spec.rb",
+     "spec/datasets/group_messages_dataset.rb",
+     "spec/datasets/group_readers_dataset.rb",
+     "spec/datasets/group_sites_dataset.rb",
+     "spec/datasets/groups_dataset.rb",
+     "spec/models/group_spec.rb",
+     "spec/models/message_spec.rb",
+     "spec/models/page_spec.rb",
+     "spec/models/reader_spec.rb",
+     "spec/spec.opts",
+     "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/spanner/radiant-reader_group-extension}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Group-based access control for the radiant CMS}
+  s.test_files = [
+    "spec/controllers/readers_controller_spec.rb",
+     "spec/controllers/site_controller_spec.rb",
+     "spec/datasets/group_messages_dataset.rb",
+     "spec/datasets/group_readers_dataset.rb",
+     "spec/datasets/group_sites_dataset.rb",
+     "spec/datasets/groups_dataset.rb",
+     "spec/models/group_spec.rb",
+     "spec/models/message_spec.rb",
+     "spec/models/page_spec.rb",
+     "spec/models/reader_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<radiant>, [">= 0.9.0"])
+      s.add_runtime_dependency(%q<radiant-reader-extension>, [">= 0"])
+    else
+      s.add_dependency(%q<radiant>, [">= 0.9.0"])
+      s.add_dependency(%q<radiant-reader-extension>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<radiant>, [">= 0.9.0"])
+    s.add_dependency(%q<radiant-reader-extension>, [">= 0"])
+  end
+end
+

data/reader_group_extension.rb

@@ -0,0 +1,53 @@
+require_dependency 'application_controller'
+
+module ReaderGroup
+  class Exception < StandardError
+    def initialize(message = "Sorry: group problem"); super end
+  end
+  class PermissionDenied < Exception
+    def initialize(message = "Sorry: you don't have access to that"); super end
+  end
+end
+
+class ReaderGroupExtension < Radiant::Extension
+  version "0.9.0"
+  description "Page (and other) access control for site readers and groups"
+  url "http://spanner.org/radiant/reader_group"
+
+  def activate
+    Group
+    ActiveRecord::Base.send :include, GroupedModel                                    # is_grouped mechanism for any model that can belong_to a group
+    
+    Reader.send :include, GroupedReader                                               # defines group associations
+    Page.send :include, GroupedPage                                                   # group associations and visibility decisions
+    Message.send :include, GroupedMessage                                             # group association
+
+    ReaderNotifier.send :include, ReaderNotifierExtensions                            # a couple of new message types
+    SiteController.send :include, SiteControllerExtensions                            # access control based on group membership
+    ReadersController.send :include, ReadersControllerExtensions                      # offer subscription to public groups
+    Admin::MessagesController.send :include, AdminMessagesControllerExtensions        # supports specification of group on newing of message
+    ReaderSessionsController.send :include, ReaderSessionsControllerExtensions        # sends newly logged-in readers to a group home page if one can be found
+    ReaderActivationsController.send :include, ReaderActivationsControllerExtensions  # sends newly activated readers to a group home page if one can be found
+    UserActionObserver.instance.send :add_observer!, Group                            # the usual date-stamping and ownership
+    Page.send :include, GroupMessageTags                                              # extra tags for talking about groups in mailouts
+
+
+    unless defined? admin.group                                                       # to avoid duplicate partials
+      Radiant::AdminUI.send :include, GroupUI
+      admin.group = Radiant::AdminUI.load_default_group_regions
+      admin.page.edit.add :parts_bottom, "page_groups", :before => "edit_timestamp"
+      admin.reader.edit.add :form, "reader_groups", :before => "edit_password"
+      admin.message.edit.add :form, "message_group", :before => "edit_subject"
+      admin.reader_setting.index.add :messages, "group_welcomes", :after => "administration"
+    end
+    
+    tab("Readers") do
+      add_item 'Groups', '/admin/readers/groups', :before => 'Settings'
+    end
+  end
+  
+  def deactivate
+  end
+  
+end
+

data/spec/controllers/readers_controller_spec.rb

@@ -0,0 +1,44 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe ReadersController do
+  dataset :groups
+  dataset :pages
+  
+  before do
+    controller.stub!(:request).and_return(request)
+    Page.current_site = sites(:test) if defined? Site
+    request.env["HTTP_REFERER"] = 'http://test.host/referer!'
+  end
+  
+  # all we're really testing here is the chaining of Reader.homepage
+  # but from a reader pov it's the login behaviour that matters
+  
+  describe "a logged-in reader requesting a login form" do
+    before do
+    end
+    
+    describe "who has a homed group" do
+      before do
+        login_as_reader(:normal)
+        get :login
+      end
+      
+      it "should be redirected to the group's home page" do
+        response.should be_redirect
+        response.should redirect_to(groups(:homed).homepage.url)
+      end
+    end
+
+    describe "who doesn't have a homed group" do
+      before do
+        login_as_reader(:another)
+        get :login
+      end
+      it "should be redirected to that reader's page" do
+        response.should be_redirect
+        response.should redirect_to(reader_url(readers(:another)))
+      end
+    end
+  end
+  
+end

data/spec/controllers/site_controller_spec.rb

@@ -0,0 +1,64 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe SiteController do
+  dataset :groups
+  dataset :pages
+  
+  before do
+    controller.stub!(:request).and_return(request)
+    Page.current_site = sites(:test) if defined? Site
+    request.env["HTTP_REFERER"] = 'http://test.host/referer!'
+  end
+    
+  describe "with no reader" do
+    before do
+      logout_reader
+    end
+    
+    describe "getting an ungrouped page" do
+      it "should render the page" do
+        get :show_page, :url => ''
+        response.should be_success
+        response.body.should == 'Hello world!'
+      end
+    end
+    
+    describe "getting a grouped page" do
+      it "should redirect to login" do
+        get :show_page, :url => 'parent/'
+        response.should be_redirect
+        response.should redirect_to(reader_login_url)
+      end
+    end
+  end
+  
+  describe "with a reader" do
+    before do
+      login_as_reader(:normal)
+    end
+
+    describe "getting an ungrouped page" do
+      it "should render the page" do
+        get :show_page, :url => ''
+        response.should be_success
+        response.body.should == 'Hello world!'
+      end
+    end
+    
+    describe "getting a grouped page to which she has access" do
+      it "should render the page" do
+        get :show_page, :url => 'parent/'
+        response.should be_success
+        response.body.should == 'Parent body.'
+      end
+    end
+    
+    describe "getting a grouped page to which she doesn't have access" do
+      it "should redirect to the permission-denied page" do
+        get :show_page, :url => 'news/'
+        response.should be_redirect
+        response.should redirect_to(reader_permission_denied_url)
+      end
+    end
+  end
+end