refinerycms-authentication 2.0.10 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 240da4d27a713a4b948f356018480a9da60606e7
-  data.tar.gz: 43891d48f2ab2b1e45aeb98dbed2394f794a186c
+  metadata.gz: e10d50b46b093530d9a2411b4ed0ad58fef167e9
+  data.tar.gz: 75c0cb210cc8b10a3d610440b0e230592a738203
 SHA512:
-  metadata.gz: 57643506ed99f7b5e933b47ec4bc9a36aacf2acf4145b1b85c0a121c88cb38214b4574f327f030ff8e2fb88408efcff8bf2dba280b88a9d36469ca7b86a2b6fe
-  data.tar.gz: 9e07f93f3dc9c1017c37609852bf7fc7beb490da7dace0c219ef46cbf8c6de377c78423d07042882254c5e76f1fd5ee240911d60c8335db723b69a1bf8fabfae
+  metadata.gz: 5df94292c59ba79fc7fb1b1d2434c3d3c46d739d7e7e9ee50d0de7080a187b1c5743918f7bd47eefbc0c209f0b1dd6b4238f7749974f5bb0668e0b983420ffa6
+  data.tar.gz: 3b2665aa68871310a69e79e2d047317e486a2880df406342acc1ff051395eb16eb90d6d98e299f54bc572c29e995565296d0def2746121c9b90287d58d47d87b

data/app/controllers/refinery/admin/users_controller.rb

@@ -7,7 +7,10 @@ module Refinery
               :title_attribute => 'username',
               :xhr_paging => true
 
-      before_filter :load_available_plugins_and_roles, :only => [:new, :create, :edit, :update]
+      before_filter :find_available_plugins, :find_available_roles,
+                    :only => [:new, :create, :edit, :update]
+      before_filter :redirect_unless_user_editable!, :only => [:edit, :update]
+      before_filter :exclude_password_assignment_when_blank!, :only => :update
 
       def new
         @user = Refinery::User.new
@@ -15,92 +18,117 @@ module Refinery
       end
 
       def create
-        @user = Refinery::User.new(params[:user].except(:roles))
+        @user = Refinery::User.new params[:user].except(:roles)
         @selected_plugin_names = params[:user][:plugins] || []
         @selected_role_names = params[:user][:roles] || []
 
         if @user.save
-          @user.plugins = @selected_plugin_names
-          # if the user is a superuser and can assign roles according to this site's
-          # settings then the roles are set with the POST data.
-          unless current_refinery_user.has_role?(:superuser) and Refinery::Authentication.superuser_can_assign_roles
-            @user.add_role(:refinery)
-          else
-            @user.roles = @selected_role_names.collect { |r| Refinery::Role[r.downcase.to_sym] }
-          end
-
-          redirect_to refinery.admin_users_path,
-                      :notice => t('created', :what => @user.username, :scope => 'refinery.crudify')
+          create_successful
         else
-          render :action => 'new'
+          create_failed
         end
       end
 
       def edit
-        redirect_unless_user_editable!
-
-        @selected_plugin_names = @user.plugins.collect(&:name)
+        @selected_plugin_names = find_user.plugins.map(&:name)
       end
 
       def update
-        redirect_unless_user_editable!
-
         # Store what the user selected.
         @selected_role_names = params[:user].delete(:roles) || []
-        unless current_refinery_user.has_role?(:superuser) and Refinery::Authentication.superuser_can_assign_roles
-          @selected_role_names = @user.roles.collect(&:title)
-        end
+        @selected_role_names = @user.roles.select(:title).map(&:title) unless user_can_assign_roles?
         @selected_plugin_names = params[:user][:plugins]
 
-        # Prevent the current user from locking themselves out of the User manager
-        if current_refinery_user.id == @user.id and (params[:user][:plugins].exclude?("refinery_users") || @selected_role_names.map(&:downcase).exclude?("refinery"))
-          flash.now[:error] = t('cannot_remove_user_plugin_from_current_user', :scope => 'refinery.admin.users.update')
-          render :edit
+        if user_is_locking_themselves_out?
+          flash.now[:error] = t('lockout_prevented', :scope => 'refinery.admin.users.update')
+          render :edit and return
+        end
+
+        store_user_memento
+
+        @user.roles = @selected_role_names.map { |r| Refinery::Role[r.downcase] }
+        if @user.update_attributes params[:user]
+          update_successful
         else
-          # Store the current plugins and roles for this user.
-          @previously_selected_plugin_names = @user.plugins.collect(&:name)
-          @previously_selected_roles = @user.roles
-          @user.roles = @selected_role_names.collect { |r| Refinery::Role[r.downcase.to_sym] }
-          if params[:user][:password].blank? and params[:user][:password_confirmation].blank?
-            params[:user].except!(:password, :password_confirmation)
-          end
-
-          if @user.update_attributes(params[:user])
-            redirect_to refinery.admin_users_path,
-                        :notice => t('updated', :what => @user.username, :scope => 'refinery.crudify')
-          else
-            @user.plugins = @previously_selected_plugin_names
-            @user.roles = @previously_selected_roles
-            @user.save
-            render :edit
-          end
+          update_failed
         end
       end
 
-    protected
+      protected
+      def create_successful
+        @user.plugins = @selected_plugin_names
 
-      def find_user_with_slug
-        begin
-          find_user_without_slug
-        rescue ActiveRecord::RecordNotFound
-          @user = Refinery::User.all.detect{|u| u.to_param == params[:id]}
+        # if the user is a superuser and can assign roles according to this site's
+        # settings then the roles are set with the POST data.
+        if user_can_assign_roles?
+          @user.roles = @selected_role_names.map { |r| Refinery::Role[r.downcase] }
+        else
+          @user.add_role :refinery
         end
+
+        redirect_to refinery.admin_users_path,
+                    :notice => t('created', :what => @user.username, :scope => 'refinery.crudify')
+      end
+
+      def create_failed
+        render :action => 'new'
       end
-      alias_method_chain :find_user, :slug
 
-      def load_available_plugins_and_roles
-        @available_plugins = Refinery::Plugins.registered.in_menu.collect { |a|
+      def update_successful
+        redirect_to refinery.admin_users_path,
+                    :notice => t('updated', :what => @user.username, :scope => 'refinery.crudify')
+      end
+
+      def update_failed
+        user_memento_rollback!
+
+        render :edit
+      end
+
+      def find_available_plugins
+        @available_plugins = Refinery::Plugins.registered.in_menu.map { |a|
           { :name => a.name, :title => a.title }
         }.sort_by { |a| a[:title] }
+      end
 
+      def find_available_roles
         @available_roles = Refinery::Role.all
       end
 
       def redirect_unless_user_editable!
-        unless current_refinery_user.can_edit?(@user)
-          redirect_to(main_app.refinery_admin_users_path) and return
+        redirect_to refinery.admin_users_path unless current_refinery_user.can_edit? find_user
+      end
+
+      private
+      def exclude_password_assignment_when_blank!
+        if params[:user][:password].blank? && params[:user][:password_confirmation].blank?
+          params[:user].except!(:password, :password_confirmation)
         end
       end
+
+      def user_can_assign_roles?
+        Refinery::Authentication.superuser_can_assign_roles &&
+          current_refinery_user.has_role?(:superuser)
+      end
+
+      def user_is_locking_themselves_out?
+        return false if current_refinery_user.id != @user.id || @selected_plugin_names.blank?
+
+        @selected_plugin_names.exclude?('refinery_users') || # removing user plugin access
+          @selected_role_names.map(&:downcase).exclude?('refinery') # Or we're removing the refinery role
+      end
+
+      def store_user_memento
+        # Store the current plugins and roles for this user.
+        @previously_selected_plugin_names = @user.plugins.map(&:name)
+        @previously_selected_roles = @user.roles
+      end
+
+      def user_memento_rollback!
+        @user.plugins = @previously_selected_plugin_names
+        @user.roles = @previously_selected_roles
+        @user.save
+      end
     end
   end
 end

data/app/controllers/refinery/passwords_controller.rb

@@ -36,7 +36,7 @@ module Refinery
         # Call devise reset function.
         user.send(:generate_reset_password_token!)
         UserMailer.reset_notification(user, request).deliver
-        redirect_to refinery.new_refinery_user_session_path,
+        redirect_to refinery.login_path,
                     :notice => t('email_reset_sent', :scope => 'refinery.users.forgot')
       else
         flash.now[:error] = if (email = params[:refinery_user][:email]).blank?

data/app/controllers/refinery/users_controller.rb

@@ -31,7 +31,7 @@ module Refinery
       if refinery_user?
         redirect_to refinery.admin_users_path
       elsif refinery_users_exist?
-        redirect_to refinery.new_refinery_user_session_path
+        redirect_to refinery.login_path
       end
     end
 

data/app/models/refinery/user.rb

@@ -8,7 +8,7 @@ module Refinery
     has_and_belongs_to_many :roles, :join_table => :refinery_roles_users
 
     has_many :plugins, :class_name => "UserPlugin", :order => "position ASC", :dependent => :destroy
-    friendly_id :username
+    friendly_id :username, :use => [:slugged]
 
     # Include default devise modules. Others available are:
     # :token_authenticatable, :confirmable, :lockable and :timeoutable
@@ -24,7 +24,7 @@ module Refinery
     attr_accessible :email, :password, :password_confirmation, :remember_me, :username, :plugins, :login
 
     validates :username, :presence => true, :uniqueness => true
-    before_validation :downcase_username
+    before_validation :downcase_username, :strip_username
 
     class << self
       # Find user by email or username.
@@ -36,11 +36,28 @@ module Refinery
     end
 
     def plugins=(plugin_names)
-      if persisted? # don't add plugins when the user_id is nil.
-        UserPlugin.delete_all(:user_id => id)
+      return unless persisted?
 
+      plugin_names = plugin_names.dup
+      plugin_names.reject! { |plugin_name| !plugin_name.is_a?(String) }
+
+      if plugins.empty?
         plugin_names.each_with_index do |plugin_name, index|
-          plugins.create(:name => plugin_name, :position => index) if plugin_name.is_a?(String)
+          plugins.create(:name => plugin_name, :position => index)
+        end
+      else
+        assigned_plugins = plugins.all
+        assigned_plugins.each do |assigned_plugin|
+          if plugin_names.include?(assigned_plugin.name)
+            plugin_names.delete(assigned_plugin.name)
+          else
+            assigned_plugin.destroy
+          end
+        end
+
+        plugin_names.each do |plugin_name|
+          plugins.create(:name => plugin_name,
+                         :position => plugins.select(:position).map{|p| p.position.to_i}.max + 1)
         end
       end
     end
@@ -90,10 +107,6 @@ module Refinery
       username.to_s
     end
 
-    def to_param
-      to_s.parameterize
-    end
-
     private
     # To ensure uniqueness without case sensitivity we first downcase the username.
     # We do this here and not in SQL is that it will otherwise bypass indexes using LOWER:
@@ -102,5 +115,11 @@ module Refinery
       self.username = self.username.downcase if self.username?
     end
 
+    # To ensure that we aren't creating "admin" and "admin " as the same thing.
+    # Also ensures that "admin user" and "admin    user" are the same thing.
+    def strip_username
+      self.username = self.username.strip.gsub(/\ {2,}/, ' ') if self.username?
+    end
+
   end
 end

data/app/views/refinery/admin/users/_actions.html.erb

@@ -1,4 +1,7 @@
 <ul>
+  <li>
+    <%= render '/refinery/admin/search', :url => refinery.admin_users_path %>
+  </li>
   <li>
     <%= link_to t('.create_new_user'),
                 refinery.new_admin_user_path, :class => "add_icon" %>

data/app/views/refinery/admin/users/_form.html.erb

@@ -1,6 +1,8 @@
 <%= form_for [refinery, :admin, @user] do |f| %>
 
-  <%= render '/refinery/admin/error_messages', :object => @user, :include_object_name => true %>
+  <%= render '/refinery/admin/error_messages',
+             :object => @user,
+             :include_object_name => true %>
 
   <div class='field'>
     <%= f.label :username %>
@@ -14,7 +16,7 @@
     <%= f.label :password %>
     <%= f.password_field :password, :autocomplete => 'off' %>
     <% if @user.persisted? %>
-      <%= content_tag(:br) %>
+      <br>
       <%= content_tag(:span, t('.blank_password_keeps_current')) %>
     <% end %>
   </div>
@@ -30,7 +32,7 @@
     <ul id='plugins' class='checkboxes'>
       <% @available_plugins.each do |plugin| -%>
         <% if Refinery::Plugins.always_allowed.names.include?(plugin[:name]) or
-              (plugin[:name] == 'refinery_users' and @user.id == current_refinery_user.id) %>
+              (plugin[:name] == 'refinery_users' && @user.id == current_refinery_user.id) %>
           <%= hidden_field_tag 'user[plugins][]', plugin[:name],
                                :id => "plugins_#{plugin[:name]}" %>
         <% else %>
@@ -48,7 +50,7 @@
     </ul>
   </div>
 
-  <% if current_refinery_user.has_role?(:superuser) and Refinery::Authentication.superuser_can_assign_roles %>
+  <% if current_refinery_user.has_role?(:superuser) && Refinery::Authentication.superuser_can_assign_roles %>
     <div class='field role_access'>
       <span class='label_with_help'>
         <%= f.label :role_access, t('.role_access'), :class => "title_label" %>

data/app/views/refinery/admin/users/_records.html.erb

@@ -1,3 +1,10 @@
+<%= render 'refinery/admin/search_header', :url => refinery.admin_users_path %>
+<% if @users.any? %>
 <div class='pagination_container'>
   <%= render 'users' %>
 </div>
+<% else %>
+  <p>
+    <%= t('no_results', :scope => 'refinery.admin.search') %>
+  </p>
+<% end %>

data/app/views/refinery/passwords/edit.html.erb

@@ -20,7 +20,7 @@
   <%= render '/refinery/admin/form_actions', :f => f,
              :continue_editing => false,
              :submit_button_text => t('reset_password', :scope => 'refinery.users.reset'),
-             :cancel_url => refinery.new_refinery_user_session_path,
+             :cancel_url => refinery.login_path,
              :cancel_title => nil,
              :hide_delete => true -%>
 <% end -%>

data/app/views/refinery/users/new.html.erb

@@ -1,6 +1,6 @@
 <% content_for :header, t('there_are_no_users', :scope => 'refinery.welcome') %>
 
-<%= form_for :user, :url => refinery.refinery_user_registration_path do |f| -%>
+<%= form_for :user, :url => refinery.signup_path do |f| -%>
 
   <%= render '/refinery/admin/error_messages', :object => @user, :include_object_name => true %>
 

data/config/locales/bg.yml

@@ -9,7 +9,7 @@ bg:
         delete: Изтриване на този потребител завинаги
         edit: Редактиране на този потребител
         update:
-          cannot_remove_user_plugin_from_current_user: Не можете да премахнете добавката "Потребители" чрез потребителя, с който сте влезли в момента в системата.
+          lockout_prevented: Не можете да премахнете добавката "Потребители" чрез потребителя, с който сте влезли в момента в системата.
         form:
           blank_password_keeps_current: При празно поле текущата парола ще бъде запазена
           plugin_access: Достъп до добавки

data/config/locales/cs.yml

@@ -9,7 +9,7 @@ cs:
         delete: Smazat tohoto uživatele
         edit: Editovat tohoto uživatele
         update:
-          cannot_remove_user_plugin_from_current_user: Nemůžete odstranit 'Users' plugin z aktuálně přihlášeného konta.
+          lockout_prevented: Nemůžete odstranit 'Users' plugin z aktuálně přihlášeného konta.
         form:
           blank_password_keeps_current: Pokud necháte toto pole prázné bude zachováno stávající heslo
           plugin_access: Přístup k pluginům
@@ -23,7 +23,7 @@ cs:
     sessions:
       new:
         hello_please_sign_in: Prosím přihlašte se
-        sign_in: Přihlášení
+        sign_in: Přihlásit se
         forgot_password: Zapomenuté heslo
     users:
       new:
@@ -67,7 +67,7 @@ cs:
       refinery/user: uživatel
     attributes:
       refinery/user:
-        login: Přihlásit
+        login: Uživatelské jméno nebo email
         email: Email
         username: Uživatelské jméno
         password: Heslo

data/config/locales/da.yml

@@ -9,7 +9,7 @@ da:
         delete: Slet bruger
         edit: Redigér bruger
         update:
-          cannot_remove_user_plugin_from_current_user: "Du kan ikke deaktivere 'Brugere' for en bruger, der er logget på."
+          lockout_prevented: "Du kan ikke deaktivere 'Brugere' for en bruger, der er logget på."
         form:
           blank_password_keeps_current: 'Hvis du ikke indtaster noget, beholdes den nuværende adgangskode'
           plugin_access: Plugin adgang

data/config/locales/de.yml

@@ -9,7 +9,7 @@ de:
         delete: Diesen Benutzer für immer löschen
         edit: Diesen Benutzer bearbeiten
         update:
-          cannot_remove_user_plugin_from_current_user: Sie können die Erweiterung 'Benutzer' nicht vom aktuellen Konto entfernen.
+          lockout_prevented: Sie können die Erweiterung 'Benutzer' nicht vom aktuellen Konto entfernen.
         form:
           blank_password_keeps_current: 'Wird das Passwort leer gelassen, wird das aktuelle Passwort beibehalten'
           plugin_access: Zugriff auf Erweiterungen

data/config/locales/el.yml

@@ -9,7 +9,7 @@ el:
         delete: Διαγραφή χρήστη
         edit: Επεξεργασία χρήστη
         update:
-          cannot_remove_user_plugin_from_current_user: Δεν μπορείτε να διαγράψετε το 'Users' plugin για αυτόν τον λογαριασμό.
+          lockout_prevented: Δεν μπορείτε να διαγράψετε το 'Users' plugin για αυτόν τον λογαριασμό.
         form:
           blank_password_keeps_current: Αφήνοντας κενό τον κωδικό δε θα άλλαξει
           plugin_access: Πρόσβαση Plugin

data/config/locales/en.yml

@@ -9,7 +9,7 @@ en:
         delete: Remove this user forever
         edit: Edit this user
         update:
-          cannot_remove_user_plugin_from_current_user: You cannot remove the 'Users' plugin from the currently logged in account.
+          lockout_prevented: You cannot remove the 'Users' plugin from the currently logged in account.
         form:
           blank_password_keeps_current: Leaving password blank keeps the current password
           plugin_access: Plugin access
@@ -57,6 +57,7 @@ en:
     failure:
       unauthenticated: You need to sign in before continuing.
       invalid: "Sorry, your login or password was incorrect."
+      not_found_in_database: "Sorry, your login or password was incorrect."
     sessions:
       signed_in: Signed in successfully.
   activerecord:
@@ -64,7 +65,7 @@ en:
       refinery/user: user
     attributes:
       refinery/user:
-        login: Login
+        login: Username or email
         username: Username
         password: Password
         password_confirmation: Password confirmation