releaf-permissions 0.2.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: caeca41a84ee2b226c802d750618fe9cc21741cd
+  data.tar.gz: dd7eab9ae5ebe9d558b5dd4fcddf665f0b4d2d52
+SHA512:
+  metadata.gz: f3fffca96b935425d42c56750b716a4bf4df54529439474c18d0b3c33061903d2282e6c7df7c6ff27add308fe5ebb7009fc5998d957922f3a9273764f2b60109
+  data.tar.gz: eead458bca60cff29a335ccfa947aa13224557366b1a9cd155e36a3873ab8972b774a83df2b22dab857feb0f18be4ea540fb5b2457c6271dd19a959c84aba018

data/LICENSE

@@ -0,0 +1,24 @@
+Copyright (c) 2012, CubeSystems <info@cubesystems.lv>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of the CubeSystems nor the names of its contributors may
+      be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL CubeSystems BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/app/assets/stylesheets/releaf/controllers/releaf/permissions/sessions.scss

@@ -0,0 +1,70 @@
+@import 'releaf/environment';
+
+.controller-releaf-permissions-sessions
+{
+    @include inverted( $background-color: $color-background-inverted-darkest );
+
+    .container
+    {
+        position: absolute;
+        top: 0;
+        bottom: 0;
+        width:  100%;
+        height: 100%;
+
+        > .box
+        {
+            width: steps(26);
+            margin: 0 auto;
+            position: relative;
+            top: 15%;
+
+            .logo
+            {
+                width:  steps(5);
+                height: steps(11);
+                background-repeat: no-repeat;
+                background-image: image-url("releaf/logo-login.png");
+            }
+
+        }
+
+    }
+
+    .field
+    {
+        margin-left: steps(1);
+        width: steps(24);
+
+        label
+        {
+            display: block;
+        }
+
+        .button
+        {
+            width: 100%;
+        }
+
+        input
+        {
+            font-weight: normal;
+            border: none;
+
+        }
+
+        .button
+        {
+            margin-top: steps(2);
+            background-color: $color-highlight-normal;
+            color: $color-text-inverted-lightest;
+
+            &:hover
+            {
+                background-color: $color-highlight-darker;
+            }
+        }
+
+    }
+
+}

data/app/builders/releaf/permissions/profile/form_builder.rb

@@ -0,0 +1,7 @@
+module Releaf::Permissions::Profile
+  class FormBuilder < Releaf::Permissions::Users::FormBuilder
+    def field_names
+      %w(name surname locale email password password_confirmation)
+    end
+  end
+end

data/app/builders/releaf/permissions/roles/form_builder.rb

@@ -0,0 +1,28 @@
+module Releaf::Permissions::Roles
+  class FormBuilder < Releaf::Builders::FormBuilder
+    def render_default_controller
+      controllers = {}
+      Releaf.application.config.available_controllers.each do |controller|
+        controllers[I18n.t(controller, scope: 'admin.controllers')] = controller
+      end
+
+      releaf_item_field(:default_controller, options: {select_options: controllers})
+    end
+
+    def render_permissions
+      options = {
+        items: permission_items,
+        field: :permission,
+      }
+      releaf_associated_set_field(:permissions, options: {association: options})
+    end
+
+    def permission_items
+      list = {}
+      Releaf.application.config.available_controllers.each do|controller|
+        list["controller.#{controller}"] = t(controller, scope: "admin.controllers")
+      end
+      list
+    end
+  end
+end

data/app/builders/releaf/permissions/roles/table_builder.rb

@@ -0,0 +1,16 @@
+module Releaf::Permissions::Roles
+  class TableBuilder < Releaf::Builders::TableBuilder
+    def column_names
+      [:name, :default_controller]
+    end
+
+    def default_controller_content(resource)
+      value = resource.default_controller
+      if value.nil?
+        '-'
+      else
+        I18n.t(value.sub('_', '/'), scope: 'admin.controllers')
+      end
+    end
+  end
+end

data/app/builders/releaf/permissions/users/form_builder.rb

@@ -0,0 +1,11 @@
+module Releaf::Permissions::Users
+  class FormBuilder < Releaf::Builders::FormBuilder
+    def field_names
+      %w(name surname locale role_id email password password_confirmation)
+    end
+
+    def render_locale
+      releaf_item_field(:locale, options: {select_options: locale_options(Releaf.application.config.available_admin_locales)})
+    end
+  end
+end

data/app/builders/releaf/permissions/users/table_builder.rb

@@ -0,0 +1,11 @@
+module Releaf::Permissions::Users
+  class TableBuilder < Releaf::Builders::TableBuilder
+    def column_names
+      [:name, :surname, :role, :email, :locale]
+    end
+
+    def locale_content(resource)
+      translate_locale(resource.locale)
+    end
+  end
+end

data/app/controllers/releaf/permissions/home_controller.rb

@@ -0,0 +1,32 @@
+module Releaf::Permissions
+  class HomeController < Releaf::BaseController
+    def home
+      respond_to do |format|
+        format.html { redirect_to default_or_available_controller_path }
+      end
+    end
+    protected
+
+    def default_or_available_controller_path
+      controllers_to_try.each do |controller_string|
+        begin
+          return url_for(action: 'index', controller: "/#{controller_string}")
+        rescue ActionController::UrlGenerationError
+          next
+        end
+      end
+
+      root_path
+    end
+
+    def controllers_to_try
+      [access_control.user.role.default_controller, allowed_controllers].flatten.uniq
+    end
+
+    def allowed_controllers
+      # Note: This basically sorts allowed controllers in order specified by
+      # Releaf.application.config.available_controllers
+      Releaf.application.config.available_controllers & access_control.user.role.allowed_controllers
+    end
+  end
+end

data/app/controllers/releaf/permissions/profile_controller.rb

@@ -0,0 +1,56 @@
+module Releaf::Permissions
+  class ProfileController < Releaf::BaseController
+    # Store settings for menu collapsing and others
+    def settings
+      if params[:settings].is_a? Hash
+        params[:settings].each_pair do|key, value|
+          value = false if value == "false"
+          value = true if value == "true"
+          # Sometimes concurrency happens, so lets try until
+          # record get updated
+          begin
+            @resource.settings[key] = value
+          rescue ActiveRecord::RecordNotUnique
+            retry
+          end
+        end
+        render nothing: true, status: 200
+      else
+        render nothing: true, status: 422
+      end
+    end
+
+    def success_url
+      url_for(action: :edit)
+    end
+
+    def update
+      old_password = @resource.password
+      super
+
+      # reload resource as password has been changed
+      if @resource.password != old_password
+        sign_in(access_control.user, bypass: true)
+      end
+    end
+
+    def self.resource_class
+      Releaf.application.config.devise_for.classify.constantize
+    end
+
+    def controller_breadcrumb; end
+
+    def setup
+      @features = {
+        edit: true,
+      }
+
+      # use already loaded admin user instance
+      @resource = access_control.user.becomes(resource_class)
+    end
+
+    def permitted_params
+      %w[name surname email password password_confirmation locale]
+    end
+  end
+end

data/app/controllers/releaf/permissions/roles_controller.rb

@@ -0,0 +1,7 @@
+module Releaf::Permissions
+  class RolesController < Releaf::BaseController
+    def self.resource_class
+      Releaf::Permissions::Role
+    end
+  end
+end

data/app/controllers/releaf/permissions/sessions_controller.rb

@@ -0,0 +1,34 @@
+module Releaf::Permissions
+  class SessionsController < Devise::SessionsController
+    layout "releaf/admin"
+    helper_method :page_title
+
+    def page_title
+      Rails.application.class.parent_name
+    end
+
+    def access_control
+      @access_control ||= Releaf::Permissions::AccessControl.new(controller: self)
+    end
+
+    def layout_settings(key)
+      access_control.user.try(:settings).try(:[], 'releaf.side.compact')
+    end
+
+    protected
+
+    def after_sign_in_path_for resource
+      if custom_redirect_path
+        custom_redirect_path
+      else
+        stored_location_for(resource) || releaf_root_path
+      end
+    end
+
+    def custom_redirect_path
+      return nil if params[:redirect_to].blank?
+      return nil if params[:redirect_to][0] != '/'
+      return params[:redirect_to]
+    end
+  end
+end

data/app/controllers/releaf/permissions/users_controller.rb

@@ -0,0 +1,19 @@
+module Releaf::Permissions
+  class UsersController < Releaf::BaseController
+
+    def self.resource_class
+      Releaf::Permissions::User
+    end
+
+    protected
+
+    def prepare_new
+      super
+      @resource.role = Releaf::Permissions::Role.first
+    end
+
+    def permitted_params
+      %w[name surname role_id email password password_confirmation locale]
+    end
+  end
+end

data/app/lib/releaf/permissions/access_control.rb

@@ -0,0 +1,36 @@
+module Releaf::Permissions
+  class AccessControl
+    include ActiveModel::Model
+    attr_accessor :controller
+
+    def controller_permitted?(controller_name)
+      permitted_controllers.include?(controller_name) || user.role.controller_permitted?(controller_name)
+    end
+
+    def current_controller_name
+      controller.class.name.gsub("Controller", "").underscore
+    end
+
+    def user
+      controller.send("current_#{devise_model_name}")
+    end
+
+    def permitted_controllers
+      ['releaf/permissions/home', 'releaf/core/errors']
+    end
+
+    def authorized?
+      method_name = "#{devise_model_name}_signed_in?"
+      controller.send(method_name)
+    end
+
+    def authenticate!
+      method_name = "authenticate_#{devise_model_name}!"
+      controller.send(method_name)
+    end
+
+    def devise_model_name
+      Releaf.application.config.devise_for.underscore.tr('/', '_')
+    end
+  end
+end

data/app/models/releaf/permissions/permission.rb

@@ -0,0 +1,6 @@
+module Releaf::Permissions
+  class Permission < ActiveRecord::Base
+    self.table_name = 'releaf_permissions'
+    belongs_to :owner, polymorphic: true, autosave: false
+  end
+end

data/app/models/releaf/permissions/role.rb

@@ -0,0 +1,38 @@
+module Releaf::Permissions
+  class Role < ActiveRecord::Base
+    self.table_name = 'releaf_roles'
+
+    validates_presence_of :name
+    validates_presence_of :default_controller
+    validates_uniqueness_of :name, case_sensitive: false
+
+    has_many :users, dependent: :restrict_with_exception
+    has_many :permissions, as: :owner, class_name: "Releaf::Permissions::Permission", dependent: :destroy
+    accepts_nested_attributes_for :permissions, allow_destroy: true
+
+    alias_attribute :to_text, :name
+
+    # Check whether given controller name is within roles allowed controller list
+    #
+    # @param controller_name [String] controller name to check permissions against (ex. products)
+    # @return [true, false] whether controller is permitted for role
+    def controller_permitted?(controller_name)
+      allowed_controllers.include?(controller_name)
+    end
+
+    # Load all permissions and build list with allowed controler.
+    # In this way permissions are cached resulting only single db hit per multiple permissions checks.
+    #
+    # @return [Array] array of allowed controller names
+    def allowed_controllers
+      permissions.map{|permission| self.class.controller_name_from_permission(permission) }.compact
+    end
+
+    private
+
+    def self.controller_name_from_permission(permission)
+      match = permission.permission.match(/^controller\.(.+)/)
+      match[1] if match
+    end
+  end
+end

data/app/models/releaf/permissions/user.rb

@@ -0,0 +1,31 @@
+module Releaf::Permissions
+  class User < ActiveRecord::Base
+    self.table_name = 'releaf_users'
+
+    # store UI settings with RailsSettings
+    include RailsSettings::Extend
+
+    # Include default devise modules. Others available are:
+    # :token_authenticatable, :confirmable,
+    # :lockable, :timeoutable and :omniauthable
+    # :registerable
+    devise :database_authenticatable, :rememberable, :trackable, :validatable
+    validates_presence_of :name, :surname, :role, :locale
+
+    belongs_to :role
+
+    # Concatenate name and surname for object displaying
+    def display_name
+      [self.name, self.surname].join(' ')
+    end
+    alias :to_text :display_name
+
+    protected
+
+    # Require password if we have new record or instance have empty password
+    def password_required?
+      self.new_record? || self.encrypted_password.blank?
+    end
+
+  end
+end