releaf-permissions 0.2.1 → 1.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: caeca41a84ee2b226c802d750618fe9cc21741cd
-  data.tar.gz: dd7eab9ae5ebe9d558b5dd4fcddf665f0b4d2d52
+  metadata.gz: 59d05d5ed96c693754a1d9dd5e14c7056b6eb514
+  data.tar.gz: 2d8df98553d48e63cd4d4d78c8d8d5d8c7c97a00
 SHA512:
-  metadata.gz: f3fffca96b935425d42c56750b716a4bf4df54529439474c18d0b3c33061903d2282e6c7df7c6ff27add308fe5ebb7009fc5998d957922f3a9273764f2b60109
-  data.tar.gz: eead458bca60cff29a335ccfa947aa13224557366b1a9cd155e36a3873ab8972b774a83df2b22dab857feb0f18be4ea540fb5b2457c6271dd19a959c84aba018
+  metadata.gz: fde202e4369a2ab61a7548bf4c65a858cbdf7e8203cd0819c246c6ce3db344d15a41902e33c67ecfd59c3a044bb9cfd6a6b8269ae394b1996b7dc3c041e072f1
+  data.tar.gz: 5f84fde108fd09066cebd95fcc1280452c8f8e900f9f99a20d2f29b655a2dcf1b28c035d77aed36706fd5efaa583ed0d3170f1d01234980710efea97e087e675

data/LICENSE

@@ -1,24 +1,22 @@
 Copyright (c) 2012, CubeSystems <info@cubesystems.lv>
-All rights reserved.
 
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in the
-      documentation and/or other materials provided with the distribution.
-    * Neither the name of the CubeSystems nor the names of its contributors may
-      be used to endorse or promote products derived from this software without
-      specific prior written permission.
+MIT License
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL CubeSystems BE LIABLE FOR ANY
-DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/app/builders/releaf/permissions/page/header_builder.rb

@@ -0,0 +1,35 @@
+class Releaf::Permissions::Page::HeaderBuilder < Releaf::Builders::Page::HeaderBuilder
+  def items
+    super + [profile_block, sign_out_form]
+  end
+
+  def profile_path
+    url_for(action: 'edit', controller: "releaf/permissions/profile", only_path: true)
+  end
+
+  def profile_block
+    tag(:a, class: "button profile", href: profile_path) do
+      [tag(:span, profile_user_name, class: "name")]
+    end
+  end
+
+  def user
+    controller.user
+  end
+
+  def profile_user_name
+    resource_title(user)
+  end
+
+  def sign_out_path
+    url_for(action: 'destroy', controller: "/releaf/permissions/sessions", only_path: true)
+  end
+
+  def sign_out_form
+    form_tag(sign_out_path, method: :delete, class: "sign-out") do
+      tag(:button, class: "button only-icon", type: "submit", title: t('Sign out', scope: "admin.sessions")) do
+        icon("power-off icon-header")
+      end
+    end
+  end
+end

data/app/builders/releaf/permissions/page/layout_builder.rb

@@ -0,0 +1,17 @@
+class Releaf::Permissions::Page::LayoutBuilder < Releaf::Builders::Page::LayoutBuilder
+  def header_builder
+    Releaf::Permissions::Page::HeaderBuilder
+  end
+
+  def menu_builder
+    Releaf::Permissions::Page::MenuBuilder
+  end
+
+  def body_content(&block)
+    if controller.respond_to?(:authorized?) && controller.authorized?
+      super
+    else
+      yield
+    end
+  end
+end

data/app/builders/releaf/permissions/page/menu_builder.rb

@@ -0,0 +1,18 @@
+class Releaf::Permissions::Page::MenuBuilder < Releaf::Builders::Page::MenuBuilder
+
+  def menu_item(item)
+    super if menu_item_permitted?(item)
+  end
+
+  def menu_item_permitted?(item)
+    if controller_group?(item)
+      item.controllers.find{|subitem| controller_permitted?(subitem.controller_name) }.present?
+    else
+      controller_permitted?(item.controller_name)
+    end
+  end
+
+  def controller_permitted?(controller_name)
+    Releaf.application.config.permissions.access_control.new(user: controller.user).controller_permitted?(controller_name)
+  end
+end

data/app/builders/releaf/permissions/roles/form_builder.rb

@@ -2,13 +2,18 @@ module Releaf::Permissions::Roles
   class FormBuilder < Releaf::Builders::FormBuilder
     def render_default_controller
       controllers = {}
-      Releaf.application.config.available_controllers.each do |controller|
-        controllers[I18n.t(controller, scope: 'admin.controllers')] = controller
+      Releaf.application.config.available_controllers.each do |controller_name|
+        definition = controller_definition(controller_name)
+        controllers[definition.localized_name] = definition.controller_name
       end
 
       releaf_item_field(:default_controller, options: {select_options: controllers})
     end
 
+    def controller_definition(controller_name)
+      Releaf::ControllerDefinition.for(controller_name)
+    end
+
     def render_permissions
       options = {
         items: permission_items,
@@ -18,11 +23,10 @@ module Releaf::Permissions::Roles
     end
 
     def permission_items
-      list = {}
-      Releaf.application.config.available_controllers.each do|controller|
-        list["controller.#{controller}"] = t(controller, scope: "admin.controllers")
+      Releaf.application.config.available_controllers.inject({}) do |h, controller_name|
+        definition = controller_definition(controller_name)
+        h.update("controller.#{definition.controller_name}" => definition.localized_name)
       end
-      list
     end
   end
 end

data/app/builders/releaf/permissions/roles/table_builder.rb

@@ -5,12 +5,8 @@ module Releaf::Permissions::Roles
     end
 
     def default_controller_content(resource)
-      value = resource.default_controller
-      if value.nil?
-        '-'
-      else
-        I18n.t(value.sub('_', '/'), scope: 'admin.controllers')
-      end
+      definition = resource.default_controller ? Releaf::ControllerDefinition.for(resource.default_controller) : nil
+      definition ? definition.localized_name : "-"
     end
   end
 end

data/app/controllers/releaf/permissions/profile_controller.rb

@@ -1,56 +1,35 @@
-module Releaf::Permissions
-  class ProfileController < Releaf::BaseController
-    # Store settings for menu collapsing and others
-    def settings
-      if params[:settings].is_a? Hash
-        params[:settings].each_pair do|key, value|
-          value = false if value == "false"
-          value = true if value == "true"
-          # Sometimes concurrency happens, so lets try until
-          # record get updated
-          begin
-            @resource.settings[key] = value
-          rescue ActiveRecord::RecordNotUnique
-            retry
-          end
-        end
-        render nothing: true, status: 200
-      else
-        render nothing: true, status: 422
-      end
-    end
-
-    def success_url
-      url_for(action: :edit)
-    end
+class Releaf::Permissions::ProfileController < Releaf::ActionController
+  def load_resource
+    # assign current user
+    @resource = user.becomes(resource_class)
+  end
 
-    def update
-      old_password = @resource.password
-      super
+  def success_path
+    url_for(action: :edit)
+  end
 
-      # reload resource as password has been changed
-      if @resource.password != old_password
-        sign_in(access_control.user, bypass: true)
-      end
-    end
+  def update
+    load_resource
+    old_password = @resource.password
+    super
 
-    def self.resource_class
-      Releaf.application.config.devise_for.classify.constantize
+    # reload resource as password has been changed
+    if @resource.password != old_password
+      bypass_sign_in(user)
     end
+  end
 
-    def controller_breadcrumb; end
+  def self.resource_class
+    Releaf.application.config.permissions.devise_model_class
+  end
 
-    def setup
-      @features = {
-        edit: true,
-      }
+  def controller_breadcrumb; end
 
-      # use already loaded admin user instance
-      @resource = access_control.user.becomes(resource_class)
-    end
+  def features
+    [:edit]
+  end
 
-    def permitted_params
-      %w[name surname email password password_confirmation locale]
-    end
+  def permitted_params
+    %w[name surname email password password_confirmation locale]
   end
 end

data/app/controllers/releaf/permissions/roles_controller.rb

@@ -1,7 +1,5 @@
-module Releaf::Permissions
-  class RolesController < Releaf::BaseController
-    def self.resource_class
-      Releaf::Permissions::Role
-    end
+class Releaf::Permissions::RolesController < Releaf::ActionController
+  def self.resource_class
+    Releaf::Permissions::Role
   end
 end

data/app/controllers/releaf/permissions/sessions_controller.rb

@@ -1,34 +1,24 @@
-module Releaf::Permissions
-  class SessionsController < Devise::SessionsController
-    layout "releaf/admin"
-    helper_method :page_title
+class Releaf::Permissions::SessionsController < Devise::SessionsController
+  layout "releaf/admin"
+  helper_method :page_title
 
-    def page_title
-      Rails.application.class.parent_name
-    end
-
-    def access_control
-      @access_control ||= Releaf::Permissions::AccessControl.new(controller: self)
-    end
-
-    def layout_settings(key)
-      access_control.user.try(:settings).try(:[], 'releaf.side.compact')
-    end
+  def page_title
+    Rails.application.class.parent_name
+  end
 
-    protected
+  protected
 
-    def after_sign_in_path_for resource
-      if custom_redirect_path
-        custom_redirect_path
-      else
-        stored_location_for(resource) || releaf_root_path
-      end
+  def after_sign_in_path_for(resource)
+    if custom_redirect_path
+      custom_redirect_path
+    else
+      stored_location_for(resource) || releaf_root_path
     end
+  end
 
-    def custom_redirect_path
-      return nil if params[:redirect_to].blank?
-      return nil if params[:redirect_to][0] != '/'
-      return params[:redirect_to]
-    end
+  def custom_redirect_path
+    return nil if params[:redirect_to].blank?
+    return nil if params[:redirect_to][0] != '/'
+    return params[:redirect_to]
   end
 end

data/app/controllers/releaf/permissions/users_controller.rb

@@ -1,19 +1,16 @@
-module Releaf::Permissions
-  class UsersController < Releaf::BaseController
-
-    def self.resource_class
-      Releaf::Permissions::User
-    end
+class Releaf::Permissions::UsersController < Releaf::ActionController
+  def self.resource_class
+    Releaf::Permissions::User
+  end
 
-    protected
+  protected
 
-    def prepare_new
-      super
-      @resource.role = Releaf::Permissions::Role.first
-    end
+  def prepare_new
+    super
+    @resource.role = Releaf::Permissions::Role.first
+  end
 
-    def permitted_params
-      %w[name surname role_id email password password_confirmation locale]
-    end
+  def permitted_params
+    %w[name surname role_id email password password_confirmation locale]
   end
 end

data/app/models/releaf/permissions/role.rb

@@ -9,30 +9,5 @@ module Releaf::Permissions
     has_many :users, dependent: :restrict_with_exception
     has_many :permissions, as: :owner, class_name: "Releaf::Permissions::Permission", dependent: :destroy
     accepts_nested_attributes_for :permissions, allow_destroy: true
-
-    alias_attribute :to_text, :name
-
-    # Check whether given controller name is within roles allowed controller list
-    #
-    # @param controller_name [String] controller name to check permissions against (ex. products)
-    # @return [true, false] whether controller is permitted for role
-    def controller_permitted?(controller_name)
-      allowed_controllers.include?(controller_name)
-    end
-
-    # Load all permissions and build list with allowed controler.
-    # In this way permissions are cached resulting only single db hit per multiple permissions checks.
-    #
-    # @return [Array] array of allowed controller names
-    def allowed_controllers
-      permissions.map{|permission| self.class.controller_name_from_permission(permission) }.compact
-    end
-
-    private
-
-    def self.controller_name_from_permission(permission)
-      match = permission.permission.match(/^controller\.(.+)/)
-      match[1] if match
-    end
   end
 end

data/app/models/releaf/permissions/user.rb

@@ -11,21 +11,15 @@ module Releaf::Permissions
     # :registerable
     devise :database_authenticatable, :rememberable, :trackable, :validatable
     validates_presence_of :name, :surname, :role, :locale
-
     belongs_to :role
 
-    # Concatenate name and surname for object displaying
-    def display_name
-      [self.name, self.surname].join(' ')
+    def releaf_title
+      [name, surname].join(' ')
     end
-    alias :to_text :display_name
-
-    protected
 
     # Require password if we have new record or instance have empty password
     def password_required?
-      self.new_record? || self.encrypted_password.blank?
+      new_record? || encrypted_password.blank?
     end
-
   end
 end

data/lib/releaf-permissions.rb

@@ -1,32 +1,28 @@
-require 'releaf/permissions/engine'
+require 'devise'
 
 module Releaf::Permissions
-  extend ActiveSupport::Concern
+  require 'releaf/permissions/engine'
+  require 'releaf/permissions/default_controller_resolver'
+  require 'releaf/permissions/settings_manager'
+  require 'releaf/permissions/configuration'
+  require 'releaf/permissions/layout'
+  require 'releaf/permissions/access_control'
+  require 'releaf/permissions/controller_support'
+  require 'releaf/permissions/profile'
+  require 'releaf/permissions/roles'
+  require 'releaf/permissions/users'
 
-  included do
-    before_filter :authenticate!, :verify_controller_access!, :set_locale
-  end
-
-  # set locale for interface translating from current admin user
-  def set_locale
-    I18n.locale = access_control.user.locale
-  end
-
-  def layout_settings(key)
-    access_control.user.try(:settings).try(:[], key)
-  end
-
-  def authenticate!
-    access_control.authenticate!
-  end
-
-  def verify_controller_access!
-    unless access_control.controller_permitted?(access_control.current_controller_name)
-      raise Releaf::Core::AccessDenied.new(access_control.current_controller_name)
-    end
-  end
-
-  def access_control
-    @access_control ||= Releaf::Permissions::AccessControl.new(controller: self)
+  def self.components
+    [
+      Releaf::Permissions::DefaultControllerResolver,
+      Releaf::Permissions::SettingsManager,
+      Releaf::Permissions::Configuration,
+      Releaf::Permissions::Layout,
+      Releaf::Permissions::AccessControl,
+      Releaf::Permissions::Roles,
+      Releaf::Permissions::Users,
+      Releaf::Permissions::Profile
+    ]
   end
 end
+