refinerycms-authentication-devise 1.0.0

data/config/locales/vi.yml

@@ -0,0 +1,73 @@
+vi:
+  refinery:
+    plugins:
+      refinery_authentication_devise:
+        title: Users
+        description: Quản lý người dùng
+    authentication:
+      devise:
+        admin:
+          users:
+            delete: Xoá vĩnh viễn người dùng này
+            edit: Chỉnh sửa người dùng này
+            update:
+              lockout_prevented: Bạn không thể xoá 'Users' plugin bằng tài khoản bạn đang đăng nhập.
+            form:
+              blank_password_keeps_current: Bỏ trống mật khẩu để giữ nguyên mật khẩu đang sử dụng
+              plugin_access: Truy cập plugin
+              role_access: Truy cập phân quyền
+              enable_all: kích hoạt tất cả
+            actions:
+              create_new_user: Thêm người dùng mới
+            user:
+              email_user: Gửi thư điện tử tới người dùng này
+              preview: '(%{who}) được thêm tại %{created_at}'
+        sessions:
+          new:
+            hello_please_sign_in: Xin vui lòng đăng nhập.
+            sign_in: Đăng nhập
+            forgot_password: Quên mật khẩu
+        users:
+          new:
+            fill_form: Điền thông tin chi tiết cuả bạn để có thể bắt đầu.
+            sign_up: Đăng ký
+          create:
+            welcome: 'Chào mừng tới hệ quản trị nội dung, %{who}'
+          forgot:
+            email_address: Địa chỉ thư điện tử
+            enter_email_address: Xin vui lòng nhận địa chỉ thư điện tử cho tài khoản cuả bạn.
+            reset_password: Khởi tạo lại mật khẩu
+            blank_email: Bạn chưa nhập địa chỉ thư điện tử.
+            email_not_associated_with_account_html: "Xin lỗi, '%{email}' không có trong hệ thống.<br />Bạn có chắc là đã nhập đúng địa chỉ thư điện tử?"
+            email_reset_sent: Thử điện tử chứa đường dẫn để khởi tạo lại mật khẩu vừa được gửi tới bạn.
+            password_encryption: Bạn cần khởi tạo lại mật khẩu vì có thay đổi trong cách chúng tôi mã khoá mật khẩu.
+          reset:
+            successful: "Khởi tạo lại mật khẩu thành công cho '%{email}'"
+            pick_new_password_for: "Chọn mật khẩu mới cho %{email}"
+            reset_password: Khởi tạo lại mật khẩu
+        user_mailer:
+          reset_notification:
+            subject: Đường dẫn để khởi tạo lại mật khẩu
+            reset_request_received_for: "Yêu cầu khởii tạo lại mật khẩu cho %{username}"
+            visit_this_url: Mở URL này để chọn mật khẩu mới
+            remain_same_if_no_action: Mật khẩu của bạn sẽ không đổi nếu không thực tiện thao tác nào
+        roles:
+          superuser: Superuser
+          refinery: Refinery
+  devise:
+    failure:
+      unauthenticated: Bạn cần đăng nhập trước khi tiếp tục.
+      invalid: "Xin lỗi, mật khẩu của bạn không đúng."
+    sessions:
+      signed_in: Đăng nhập thành công.
+  activerecord:
+    models:
+      refinery/authentication/devise/user: người dùng
+    attributes:
+      refinery/authentication/devise/user:
+        login: Đăng nhập
+        username: Tên người dùng
+        password: Mật khẩu
+        password_confirmation: Kiểm định mật khẩu
+        email: Thư điện tử
+        remember_me: Nhớ đăng nhập cho lần sau

data/config/locales/zh-CN.yml

@@ -0,0 +1,73 @@
+zh-CN:
+  refinery:
+    plugins:
+      refinery_authentication_devise:
+        title: 用户
+        description: 用户管理
+    authentication:
+      devise:
+        admin:
+          users:
+            delete: 永久删除此用户
+            edit: 编辑此用户
+            update:
+              lockout_prevented: 您当前登录所使用的帐号无法移除‘用户’插件.
+            form:
+              blank_password_keeps_current: 保留密码框为空以保持原有密码
+              plugin_access: 插件
+              role_access: 角色
+              enable_all: 选中所有
+            actions:
+              create_new_user: 添加新用户
+            user:
+              email_user: 发邮件到此用户
+              preview: '(%{who}) 添加于 %{created_at}'
+        sessions:
+          new:
+            hello_please_sign_in: 您好! 请登录.
+            sign_in: 登录
+            forgot_password: 找回密码
+        users:
+          new:
+            fill_form: 在下面填写您的详细信息以做好开始的准备.
+            sign_up: 注册
+          create:
+            welcome: '欢迎使用 Refinery, %{who}'
+          forgot:
+            email_address: 邮件地址
+            enter_email_address: 请为您的帐号输入邮件地址.
+            reset_password: 重置密码
+            blank_email: 您没有输入邮件地址.
+            email_not_associated_with_account_html: "对不起, '%{email}' 并没有关联到任何的帐号.<br />您确认输入了正确的邮件地址?"
+            email_reset_sent: 一封包含有重置密码链接的邮件已经发送到您的邮箱.
+            password_encryption: '请重置您的密码. （为了更好的安全性，Refinery 改进了加密算法, 您需要重置密码使之生效）'
+          reset:
+            successful: "'%{email}' 密码重置成功"
+            pick_new_password_for: "为 %{email} 获得一个新密码"
+            reset_password: 重置密码
+        user_mailer:
+          reset_notification:
+            subject: 密码重置的链接
+            reset_request_received_for: "请求收%{username}到重置密码"
+            visit_this_url: 浏览此URL去选择一个新密码
+            remain_same_if_no_action: '如果你不进行操作, 你的密码将维持不变'
+        roles:
+          superuser: 超级用户
+          refinery: Refinery
+  devise:
+    failure:
+      unauthenticated: 您尚未登录.
+      invalid: "对不起, 您的用户名或密码不正确."
+    sessions:
+      signed_in: 登录成功.
+  activerecord:
+    models:
+      refinery/authentication/devise/user: 用户
+    attributes:
+      refinery/authentication/devise/user:
+        login: 登录
+        username: 用户名
+        password: 密码
+        password_confirmation: 确认密码
+        email: Email
+        remember_me: 记住我

data/config/locales/zh-TW.yml

@@ -0,0 +1,74 @@
+zh-TW:
+  refinery:
+    plugins:
+      refinery_authentication_devise:
+        title: 使用者
+        description: 管理使用者
+    authentication:
+      devise:
+        admin:
+          users:
+            delete: 永遠移除這位使用者
+            edit: 編輯這位使用者
+            update:
+              lockout_prevented: 您無法從目前登入的帳號移除 '使用者' 插件.
+            form:
+              blank_password_keeps_current: 密碼處空白可維持現在的密碼
+              plugin_access: 插件存取權限
+              role_access: 角色存取權限
+              enable_all: 全部開啟
+            actions:
+              create_new_user: 新增使用者
+            user:
+              email_user: 發送電子郵件給這個使用者
+              preview: '(%{who}) 加入 %{created_at}'
+        sessions:
+          new:
+            hello_please_sign_in: 您好! 請登入
+            sign_in: 登入
+            forgot_password: 我忘記了密碼
+        users:
+          new:
+            fill_form: 在底下填入您的資料好繼續之後的流程.
+            sign_up: 登入
+          create:
+            welcome: '歡迎使用 Refinery, %{who}'
+          forgot:
+            email_address: 電子郵件地址
+            enter_email_address: 請為您的帳號輸入電子郵件地址
+            reset_password: 重設密碼
+            blank_email: 您沒有輸入電子郵件地址.
+            email_not_associated_with_account_html: "抱歉, '%{email}' 不是任何帳號的電子郵件地址.<br />您確定輸入了正確的電子郵件地址嗎?"
+            email_reset_sent: 一封附上可重設您密碼的連結的電子郵件已經寄給您
+            password_encryption: "因為 Refinery 有些密碼加密演算法的改變, 所以您必須重設您的密碼, 如此您的密碼會比以往更安全地儲存著."
+          reset:
+            code_invalid: "很抱歉, 但這個重設碼過期或是失效了. 如果您遇到問題, 試著複製貼上您電子郵件上的網址到您的瀏覽器或是重新啟動重設密碼的流程."
+            successful: "成功地重設 '%{email}' 的密碼"
+            pick_new_password_for: "為 %{email} 挑選新的密碼"
+            reset_password: 重設密碼
+        user_mailer:
+          reset_notification:
+            subject: 重設您的密碼的連結
+            reset_request_received_for: '請求重設 %{username} 的密碼'
+            visit_this_url: 到這個網址來設定新的密碼
+            remain_same_if_no_action: '如果您不做任何動作, 您的密碼將會維持不變'
+        roles:
+          superuser: 管理者
+          refinery: Refinery
+  devise:
+    failure:
+      unauthenticated: 您必須登入之後才能繼續.
+      invalid: '抱歉, 您輸入的帳號或是密碼不正確.'
+    sessions:
+      signed_in: 登入成功.
+  activerecord:
+    models:
+      refinery/authentication/devise/user: 使用者
+    attributes:
+      refinery/authentication/devise/user:
+        login: 登入
+        username: 使用者名稱
+        password: 密碼
+        password_confirmation: 再次確認密碼
+        email: 電子郵件
+        remember_me: 記住我的設定

data/config/routes.rb

@@ -0,0 +1,49 @@
+Refinery::Core::Engine.routes.draw do
+  begin
+    require 'devise'
+
+    # Override Devise's other routes for convenience methods.
+    devise_scope :authentication_devise_user do
+      get "/#{Refinery::Core.backend_route}/login",
+          to: "authentication/devise/sessions#new", as: :login
+      get "/#{Refinery::Core.backend_route}/logout",
+          to: "authentication/devise/sessions#destroy", as: :logout
+      get "/#{Refinery::Core.backend_route}/users/register",
+          to: 'authentication/devise/users#new', as: :new_signup
+      post "/#{Refinery::Core.backend_route}/users/register",
+          to: 'authentication/devise/users#create', as: :signup
+    end
+
+    devise_for :authentication_devise_user,
+               class_name: 'Refinery::Authentication::Devise::User',
+               path: "#{Refinery::Core.backend_route}/users",
+               controllers: {
+                 passwords: 'refinery/authentication/devise/passwords',
+                 sessions: 'refinery/authentication/devise/sessions',
+                 registrations: 'refinery/authentication/devise/users'
+               },
+               skip: [:registrations],
+               path_names: { sign_out: 'logout',
+                                sign_in: 'login',
+                                sign_up: 'register' }
+  rescue RuntimeError => exc
+    if exc.message =~ /ORM/
+      # We don't want to complain on a fresh installation.
+      if (ARGV || []).exclude?('--fresh-installation')
+        puts "---\nYou can safely ignore the following warning if you're currently installing Refinery as Devise support files have not yet been copied to your application:\n\n"
+        puts exc.message
+        puts '---'
+      end
+    else
+      raise exc
+    end
+  end
+
+  namespace :authentication, path: '' do
+    namespace :devise, path: '' do
+      namespace :admin, path: Refinery::Core.backend_route do
+        resources :users, except: :show
+      end
+    end
+  end
+end

data/db/migrate/20100913234705_create_refinerycms_authentication_schema.rb

@@ -0,0 +1,43 @@
+class CreateRefinerycmsAuthenticationSchema < ActiveRecord::Migration
+  def change
+    # Postgres apparently requires the roles_users table to exist before creating the roles table.
+    create_table :refinery_roles_users, :id => false do |t|
+      t.integer :user_id
+      t.integer :role_id
+    end
+
+    add_index :refinery_roles_users, [:role_id, :user_id]
+    add_index :refinery_roles_users, [:user_id, :role_id]
+
+    create_table :refinery_roles do |t|
+      t.string :title
+    end
+
+    create_table :refinery_user_plugins do |t|
+      t.integer :user_id
+      t.string  :name
+      t.integer :position
+    end
+
+    add_index :refinery_user_plugins, :name
+    add_index :refinery_user_plugins, [:user_id, :name], :unique => true
+
+    create_table :refinery_users do |t|
+      t.string    :username,            :null => false
+      t.string    :email,               :null => false
+      t.string    :encrypted_password,  :null => false
+      t.datetime  :current_sign_in_at
+      t.datetime  :last_sign_in_at
+      t.string    :current_sign_in_ip
+      t.string    :last_sign_in_ip
+      t.integer   :sign_in_count
+      t.datetime  :remember_created_at
+      t.string    :reset_password_token
+      t.datetime  :reset_password_sent_at
+
+      t.timestamps
+    end
+
+    add_index :refinery_users, :id
+  end
+end

data/db/migrate/20120301234455_add_slug_to_refinery_users.rb

@@ -0,0 +1,7 @@
+class AddSlugToRefineryUsers < ActiveRecord::Migration
+  def change
+    add_column :refinery_users, :slug, :string
+    add_index :refinery_users, :slug
+
+  end
+end

data/db/migrate/20130805143059_add_full_name_to_refinery_users.rb

@@ -0,0 +1,5 @@
+class AddFullNameToRefineryUsers < ActiveRecord::Migration
+  def change
+    add_column :refinery_users, :full_name, :string
+  end
+end

data/db/migrate/20150503125200_rename_tables_to_new_namespace.rb

@@ -0,0 +1,17 @@
+class RenameTablesToNewNamespace < ActiveRecord::Migration
+  def change
+    remove_index :refinery_user_plugins, [:user_id, :name]
+    add_index :refinery_user_plugins, [:user_id, :name], unique: true,
+              name: :refinery_user_plugins_user_id_name
+
+    remove_index :refinery_roles_users, [:role_id, :user_id]
+    remove_index :refinery_roles_users, [:user_id, :role_id]
+    add_index :refinery_roles_users, [:role_id, :user_id], name: :refinery_roles_users_role_id_user_id
+    add_index :refinery_roles_users, [:user_id, :role_id], name: :refinery_roles_users_user_id_role_id
+
+    rename_table :refinery_users, :refinery_authentication_devise_users
+    rename_table :refinery_roles, :refinery_authentication_devise_roles
+    rename_table :refinery_user_plugins, :refinery_authentication_devise_user_plugins
+    rename_table :refinery_roles_users, :refinery_authentication_devise_roles_users
+  end
+end

data/lib/generators/refinery/authentication/devise/generator.rb

@@ -0,0 +1,18 @@
+module Refinery
+  module Authentication
+    module Devise
+      class Generator < Rails::Generators::Base
+        source_root File.expand_path("../templates", __FILE__)
+
+        def rake_db
+          rake "refinery_authentication:install:migrations"
+        end
+
+        def generate_authentication_devise_initializer
+          template "config/initializers/refinery/authentication/devise.rb.erb",
+                   File.join(destination_root, "config", "initializers", "refinery", "authentication.rb")
+        end
+      end
+    end
+  end
+end

data/lib/generators/refinery/authentication/devise/templates/config/initializers/refinery/authentication/devise.rb.erb

@@ -0,0 +1,8 @@
+# encoding: utf-8
+Refinery::Authentication::Devise.configure do |config|
+  # Configure whether to allow superuser to assign roles
+  # config.superuser_can_assign_roles = <%= Refinery::Authentication::Devise.superuser_can_assign_roles.inspect %>
+
+  # Configure notification email from name
+  # config.email_from_name = <%= Refinery::Authentication::Devise.email_from_name.inspect %>
+end

data/lib/refinery/authentication/devise/authorisation_adapter.rb

@@ -0,0 +1,36 @@
+require "refinery/core/authorisation_adapter"
+
+module Refinery
+  module Authentication
+    module Devise
+      class AuthorisationAdapter < Refinery::Core::AuthorisationAdapter
+
+        # If no user exists, we use a NilUser (non-admin).
+        def current_user
+          @current_user ||= Refinery::Authentication::Devise::NilUser.new
+        end
+
+        # This method has been added, it does not exist in the superclass.
+        def current_user=(set_to_this_user)
+          @current_user = set_to_this_user
+        end
+
+        def allow?(operation, resource)
+          case
+          when resource == :site_bar
+            current_user.has_role?(:refinery)
+          when operation == :plugin
+            current_user.active_plugins.names.include?(resource)
+          when operation == :controller
+            current_user.active_plugins.any? do |plugin|
+              Regexp.new(plugin.menu_match) === resource
+            end
+          else
+            false
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/refinery/authentication/devise/authorisation_manager.rb

@@ -0,0 +1,30 @@
+require "refinery/core/authorisation_manager"
+require "refinery/authentication/devise/authorisation_adapter"
+
+module Refinery
+  module Authentication
+    module Devise
+      class AuthorisationManager < Refinery::Core::AuthorisationManager
+
+        # The user needs the 'refinery' role to access the admin.
+        def authenticate!
+          unless adapter.current_user.has_role?(:refinery)
+            raise Zilch::Authorisation::NotAuthorisedException
+          end
+
+          adapter.current_user
+        end
+
+        # Override the default adapter specified in the superclass.
+        def default_adapter
+          @default_adapter ||= Refinery::Authentication::Devise::AuthorisationAdapter.new
+        end
+
+        # This allows a user to be supplied, bypassing the usual detection.
+        def set_user!(user)
+          adapter.current_user = user
+        end
+      end
+    end
+  end
+end

data/lib/refinery/authentication/devise/configuration.rb

@@ -0,0 +1,22 @@
+module Refinery
+  module Authentication
+    module Devise
+      include ActiveSupport::Configurable
+
+      config_accessor :superuser_can_assign_roles, :email_from_name
+
+      self.superuser_can_assign_roles = false
+      self.email_from_name = "no-reply"
+
+      class << self
+        def email_from_name
+          ::I18n.t(
+            'email_from_name',
+            scope: 'refinery.authentication.config',
+            default: config.email_from_name
+          )
+        end
+      end
+    end
+  end
+end

data/lib/refinery/authentication/devise/engine.rb

@@ -0,0 +1,43 @@
+module Refinery
+  module Authentication
+    module Devise
+      class Engine < ::Rails::Engine
+        include Refinery::Engine
+
+        isolate_namespace Refinery::Authentication::Devise
+        engine_name :refinery_authentication
+
+        config.autoload_paths += %W( #{config.root}/lib )
+
+        before_inclusion do
+          Refinery::Plugin.register do |plugin|
+            plugin.pathname = root
+            plugin.name = 'refinery_authentication_devise'
+            plugin.menu_match = %r{refinery/(authentication/devise/)?users$}
+            plugin.url = proc {
+              Refinery::Core::Engine.routes.url_helpers.authentication_devise_admin_users_path
+            }
+          end
+        end
+
+        before_inclusion do
+          [Refinery::AdminController, ::ApplicationController].each do |c|
+            Refinery.include_once(c, Refinery::Authentication::Devise::System)
+          end
+        end
+
+        config.before_configuration do
+          require 'refinery/authentication/devise/initialiser'
+        end
+
+        config.after_initialize do
+          Refinery.register_extension(Refinery::Authentication::Devise)
+
+          Rails.application.reload_routes!
+          Refinery::Core.refinery_logout_path =
+            Refinery::Core::Engine.routes.url_helpers.logout_path
+        end
+      end
+    end
+  end
+end