RubyGems - spree_admin_roles_and_access - Versions diffs - 2.0.0 → 3.2.1.beta - Mend

spree_admin_roles_and_access 2.0.0 → 3.2.1.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

data/app/controllers/spree/admin/roles_controller.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 module Spree
   module Admin
     class RolesController < ResourceController
-      before_filter :load_permissions, :only => [:edit, :new, :create, :update]
-      before_filter :restrict_unless_editable, :only => [:edit, :update]
+      before_action :load_permission_sets, only: [:edit, :new, :create, :update]
+      before_action :restrict_unless_editable, only: [:edit, :update]
       def index
         @roles = Spree::Role.page(params[:page])
@@ -10,11 +10,11 @@ module Spree
       private
         def permitted_resource_params
-          params.require(:role).permit(:name, :permission_ids => [])
+          params.require(:role).permit(:name, :admin_accessible, :is_default, permission_set_ids: [])
         end
-        def load_permissions
-          @permissions = Spree::Permission.visible.all
+        def load_permission_sets
+          @permission_sets = Spree::PermissionSet.order(:created_at)
         end
         def restrict_unless_editable

data/app/models/spree/ability_decorator.rb CHANGED Viewed

@@ -4,11 +4,12 @@ module Spree
     def initialize(user)
       self.clear_aliased_actions
-      alias_action :edit, :to => :update
-      alias_action :new, :to => :create
-      alias_action :new_action, :to => :create
-      alias_action :show, :to => :read
-      alias_action :delete, :to => :destroy
+      alias_action :edit, to: :update
+      alias_action :new, to: :create
+      alias_action :new_action, to: :create
+      alias_action :show, to: :read
+      alias_action :index, to: :read
+      alias_action :delete, to: :destroy
       user ||= Spree.user_class.new

data/app/models/spree/permission.rb CHANGED Viewed

@@ -4,14 +4,22 @@ module Spree
     default_scope { order(:priority) }
-    has_and_belongs_to_many :roles, :join_table => 'spree_roles_permissions', :class_name => 'Spree::Role'
+    # DEPRECATED: Use permission sets instead only here for aiding migration for existing users
+    has_and_belongs_to_many :legacy_roles, join_table: 'spree_roles_permissions', class_name: 'Spree::Role'
-    validates :title, :presence => true, :uniqueness => true
+    has_many :permissions_permission_sets, dependent: :destroy
+    has_many :permission_sets, through: :permissions_permission_sets
-    scope :visible, lambda { where(:visible => true) }
+    validates :title, presence: true, uniqueness: true
+    scope :visible, lambda { where(visible: true) }
     def ability(current_ability, user)
       send(title, current_ability, user)
     end
+    def name
+      title.gsub('-', '_').humanize
+    end
   end
 end

data/app/models/spree/permission_set.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Spree
+  class PermissionSet < ActiveRecord::Base
+    has_many :permissions_permission_sets, dependent: :destroy
+    has_many :permissions, through: :permissions_permission_sets
+    has_many :roles_permission_sets, dependent: :destroy
+    has_many :roles, through: :roles_permission_sets
+    validates :name, presence: true, uniqueness: true
+    validates :permissions, length: { minimum: 1, too_short: Spree.t(:atleast_one_permission_is_required) }, on: :update
+  end
+end

data/app/models/spree/permissions_permission_set.rb ADDED Viewed

@@ -0,0 +1,6 @@
+module Spree
+  class PermissionsPermissionSet < ActiveRecord::Base
+    belongs_to :permission
+    belongs_to :permission_set
+  end
+end

data/app/models/spree/role_decorator.rb CHANGED Viewed

@@ -1,8 +1,14 @@
 Spree::Role.class_eval do
-  has_and_belongs_to_many :permissions, :join_table => 'spree_roles_permissions', :class_name => 'Spree::Permission'
+  has_many :roles_permission_sets, dependent: :destroy
+  has_many :permission_sets, through: :roles_permission_sets
+  has_many :permissions, through: :permission_sets
+  # DEPRECATED: Use permission sets instead. Only here for aiding migration for existing users
+  has_and_belongs_to_many :legacy_permissions, join_table: 'spree_roles_permissions', class_name: 'Spree::Permission'
   validates :name, uniqueness: true, allow_blank: true
+  validates :permission_sets, length: { minimum: 1, too_short: Spree.t(:atleast_one_permission_set_is_required) }, on: :update
   def ability(current_ability, user)
     permissions.each do |permission|
@@ -14,5 +20,5 @@ Spree::Role.class_eval do
     permissions.pluck(:title).include?(permission_title)
   end
-  scope :default_role, lambda { where(:is_default => true) }
+  scope :default_role, lambda { where(is_default: true) }
 end

data/app/models/spree/roles_permission.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Spree
+  class RolesPermission < ActiveRecord::Base
+  end
+end

data/app/models/spree/roles_permission_set.rb ADDED Viewed

@@ -0,0 +1,6 @@
+module Spree
+  class RolesPermissionSet < ActiveRecord::Base
+    belongs_to :role
+    belongs_to :permission_set
+  end
+end

data/app/models/spree/user_decorator.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 module Spree
   Spree.user_class.class_eval do
-    has_and_belongs_to_many :roles, join_table: 'spree_roles_users', class_name: 'Spree::Role'
+    has_many :spree_role_users, class_name: 'Spree::RoleUser'
+    has_many :roles, through: :spree_role_users, class_name: 'Spree::Role'
   end
 end

data/app/overrides/spree/admin/roles/_form/add_permission_sets_to_role_form.html.erb.deface ADDED Viewed

@@ -0,0 +1,28 @@
+<!-- insert_bottom "[data-hook='additional_role_fields']" -->
+<%= f.field_container :is_default, class: ['form-group'] do %>
+  <%= f.label :is_default, Spree.t(:is_default) %>
+  <%= f.check_box :is_default %>
+  <p class="help-block"><%= Spree.t(:role_is_default_help) %></p>
+  <%= f.error_message_on :is_default, class: 'error-message' %>
+<% end %>
+<%= f.field_container :admin_accessible, class: ['form-group'] do %>
+  <%= f.label :admin_accessible, Spree.t(:admin_accessible) %>
+  <%= f.check_box :admin_accessible %>
+  <p class="help-block"><%= Spree.t(:role_admin_accessible_help) %></p>
+  <%= f.error_message_on :admin_accessible, class: 'error-message' %>
+<% end %>
+<%= f.field_container :permission_sets, class: ['form-group input-group col-xs-12'] do %>
+  <%= hidden_field_tag 'role[permission_set_ids][]', [] %>
+  <div data-hook="admin_role_form_permission_sets" class="form-group">
+    <%- @role.permission_sets.to_a %>
+    <div class="searchable-scrollable-list">
+      <% @permission_sets.group_by { |permission_set| permission_set.display_permission? ? 'Display Permission' : 'Management Permission' }.each do |title, permission_sets| %>
+        <%= render 'spree/admin/shared/checkbox_list_pane', { items: permission_sets, title: title, is_checked: lambda { |x| @role.permission_sets.include? x}, field: 'role[permission_set_ids][]' } %>
+      <% end %>
+    </div>
+  </div>
+  <%= f.error_message_on :permission_sets %>
+<% end %>

data/app/overrides/spree/admin/shared/sub_menu/_configuration/add_permission_sets_To_configuration_sub_menu.html.erb.deface ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ <!-- insert_bottom "[data-hook='admin_configurations_sidebar_menu']" -->
2	+ <%= configurations_sidebar_menu_item(Spree.t(:permission_sets), spree.admin_permission_sets_path) if can? :manage, Spree::PermissionSet %>

data/app/views/spree/admin/default_admin_dashboards/show.html.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <h2>Logged in as admin</h2>

data/app/views/spree/admin/permission_sets/_form.html.erb ADDED Viewed

@@ -0,0 +1,49 @@
+<div class="alert alert-info"><%= Spree.t(:permission_set_admin_permission_required) %></div>
+<div data-hook="admin_permission_set_form_fields">
+  <div class="inline-input-row col-xs-12">
+    <%= f.field_container :name, class: ['form-group input-group input-group-md'] do %>
+      <%= f.label :name, Spree.t(:permission_set_name), class: 'sr-only' %><span class="required"></span>
+      <%= f.text_field :name, class: 'form-control full-width-input', placeholder: 'Name of the permission set' %>
+      <%= f.error_message_on :name, class: 'help-block' %>
+    <% end %>
+    <%= f.field_container :description, class: ['form-group input-group input-group-md'] do %>
+      <%= f.label :description, Spree.t(:permission_set_description), class: 'sr-only' %>
+      <%= f.text_field :description, class: 'form-control full-width-input', placeholder: 'This permission set allows the role to...' %>
+      <%= f.error_message_on :description, class: 'help-block' %>
+    <% end %>
+  </div>
+  <%= f.field_container :display_permission, class: ['form-group'] do %>
+    <%= f.label :display_permission, Spree.t(:permission_set_display_permission) %>
+    <%= f.check_box :display_permission %>
+    <p class="help-block"><%= Spree.t(:permission_set_display_permission_help) %></p>
+    <%= f.error_message_on :display_permission %>
+  <% end %>
+  <%= f.field_container :permissions, class: ['form-group input-group col-xs-12'] do %>
+    <%= hidden_field_tag 'permission_set[permission_ids][]', [] %>
+    <%- @permission_set.permissions.to_a %>
+    <div class="searchable-scrollable-list">
+      <%- p_groups = @permissions.group_by { |permission|
+          if permission.title.include?('can-read')
+          'Read Permissions'
+          elsif permission.title.include?('can-manage')
+          'Manage Permissions'
+          else
+          'Other Permissions'
+          end
+      } %>
+      <% ['Read Permissions', 'Manage Permissions', 'Other Permissions'].each do |title| %>
+        <%= render 'spree/admin/shared/checkbox_list_pane', {
+            items: p_groups[title],
+            title: title,
+            is_checked: lambda { |x| @permission_set.permissions.include? x },
+            field: 'permission_set[permission_ids][]'
+        } %>
+      <% end %>
+    </div>
+    <%= f.error_message_on :permissions %>
+  <% end %>
+  <div data-hook="additional_permission_fields"></div>
+</div>

data/app/views/spree/admin/permission_sets/_permission_pane.html.erb ADDED Viewed

@@ -0,0 +1,19 @@
+<%- selected_count = items.select { |item| is_checked.call(item) }.count %>
+<%- available_count = items.count %>
+<div class="panel-group scrollable-list-group-item">
+  <div class="panel panel-default">
+    <div class="panel-heading">
+      <h3 class="panel-title"><%= title %><span class="badge pull-right count"><%= selected_count %>/<%= available_count %></span></h3>
+    </div>
+    <ul class="list-group">
+      <% items.each do |item| %>
+        <li class="<%= is_checked.call(item) ? 'list-group-item-success list-group-item' : 'list-group-item' %>">
+          <%= label_tag do %>
+            <%= check_box_tag field, item.id, is_checked.call(item), class: 'hide' %>
+            <%= render item_partial, { item: item } %>
+          <% end %>
+        </li>
+      <% end %>
+    </ul>
+  </div>
+</div>

data/app/views/spree/admin/permission_sets/edit.html.erb ADDED Viewed

@@ -0,0 +1,12 @@
+<% content_for :page_title do %>
+  <%= Spree.t(:editing_resource, resource: Spree::PermissionSet.model_name.human) %>
+<% end %>
+<%= form_for [:admin, @permission_set], { html: { class: 'form-inline centered-floating-buttons' } } do |f| %>
+  <div class="form-fields-group">
+    <%= render partial: 'form', locals: { f: f } %>
+  </div>
+  <div class="fixed-bottom-button-group text-center">
+    <%= render partial: 'spree/admin/shared/edit_resource_links' %>
+  </div>
+<% end %>

data/app/views/spree/admin/permission_sets/index.html.erb ADDED Viewed

@@ -0,0 +1,33 @@
+<% content_for :page_title do %>
+  <%= Spree.t(:permission_sets) %>
+<% end %>
+<% if can? :create, Spree::PermissionSet %>
+  <% content_for :page_actions do %>
+    <%= button_link_to Spree.t(:new_permission_set), new_object_url, class: 'btn btn-success', icon: 'add', id: 'admi_new_permission_set_link' %>
+  <% end %>
+<% end %>
+<% if @permission_sets.present? %>
+  <table class="table">
+    <thead>
+      <tr data-hook="admin_permission_sets_index_headers">
+        <th><%= sort_link @search, :name, Spree.t(:permission_set_name) %></th>
+        <th><%= sort_link @search, :updated_at, Spree.t(:permission_set_last_updated)%></th>
+        <th class="actions"></th>
+      </tr>
+    </thead>
+    <tbody>
+      <% @permission_sets.each do |permission_set| %>
+        <tr id="<%= spree_dom_id permission_set %>" data-hook="admin_permissions_index_rows">
+          <td><%= permission_set.name %></td>
+          <td title="<%= permission_set.updated_at %>"><%= time_ago_in_words(permission_set.updated_at) %> ago</td>
+          <td class="actions text-right">
+            <%= link_to_edit(permission_set, no_text: true) if can? :edit, permission_set %>
+            <%= link_to_delete(permission_set, no_text: true) if can? :destroy, permission_set %>
+          </td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+<% end %>

data/app/views/spree/admin/permission_sets/new.html.erb ADDED Viewed

@@ -0,0 +1,12 @@
+<% content_for :page_title do %>
+  <%= Spree.t(:new_permission_set) %>
+<% end %>
+<%= form_for [:admin, @permission_set], html: { class: 'form-inline centered-floating-buttons' } do |f| %>
+  <div class="form-fields-group">
+    <%= render partial: 'form', locals: { f: f } %>
+  </div>
+  <div class="fixed-bottom-button-group text-center">
+    <%= render partial: 'spree/admin/shared/new_resource_links' %>
+  </div>
+<% end %>

data/app/views/spree/admin/permissions/_form.html.erb CHANGED Viewed

@@ -1,20 +1,51 @@
+<div class="panel-group" id="permission-writing-guide">
+  <div class="panel panel-info">
+    <div class="panel-heading" role="button" data-toggle="collapse" data-target="#permission-list-guide">
+      <h3 class="panel-title">Pattern of the permissions <i class="icon icon-circle-arrow-right"></i></h3>
+    </div>
+    <ul class="list-group collapse" id="permission-list-guide">
+      <li class="list-group-item">Can/cannot - specifies whether the user with that permission can do or cannot do that task.</li>
+      <li class="list-group-item">Action - specifies the action which can be done by that model or subject like update, index, create etc. There is a special action called manage which matches every action.</li>
+      <li class="list-group-item">Subject - specified the model like products, users etc. of which the permission is given. There is an special subject called all which matches every subject.</li>
+      <li class="list-group-item">Attributes - specifies the attributes for which the permission is specified. Read-only actions shouldn't require this like index, read etc. But it is more secure if we specify them in other actions like create or update.</li>
+    </ul>
+  </div>
+  <div class="panel panel-info">
+    <div class="panel-heading" role="button" data-toggle="collapse" data-target="#permission-example">
+      <h3 class="panel-title">Some examples of permissions <i class="icon icon-circle-arrow-right"></i></h3>
+    </div>
+    <ul class="list-group collapse" id="permission-example">
+      <li class="list-group-item">can-manage-spree/product - can perform every action on Spree::Product but not on any other model or subject.</li>
+      <li class="list-group-item">can-update-all - can update all models or subjects.</li>
+      <li class="list-group-item">can-update-spree/product - can update only products, and not users, orders and other things.</li>
+      <li class="list-group-item">can-update-spree/product-price - can update only price of products.</li>
+      <li class="list-group-item">can-manage-all - can perform every action on all models.</li>
+    </ul>
+  </div>
+</div>
 <div data-hook="admin_permission_form_fields">
   <div data-hook="permission_title" class="form-group">
     <%= f.label :title, Spree.t(:permission_title) %> <span class="required">*</span>
     <%= f.text_field :title, class: 'form-control' %>
+    <a href="#permission-writing-guide" class="help-block">help</a>
+  </div>
+  <div data-hook="permission_description" class="form-group">
+    <%= f.label :description, Spree.t(:permission_description) %>
+    <%= f.text_field :description, class: 'form-control', placeholder: 'This allows the permitted user to..' %>
   </div>
   <div data-hook="permission_priority" class="form-group">
     <%= f.label :priority, Spree.t(:permission_priority) %> <span class="required">*</span>
     <%= f.number_field :priority, in: 0..9, step: 1, class: 'form-control' %>
+    <p class="help-block"><%= Spree.t(:permission_priority_help) %></p>
   </div>
   <div data-hook="permission_visible" class="checkbox">
     <label>
-    <%= f.check_box :visible, value: true %><%= Spree.t(:permission_visible) %>
-    </label>
-  </div>
-  <div data-hook="permission_boolean" class="checkbox">
-    <label>
-    <%= f.check_box :boolean, value: true %> <%= Spree.t(:permission_boolean) %>
+      <%= f.check_box :visible, value: true %><%= Spree.t(:permission_visible) %>
+      <p class="help-block"><%= Spree.t(:permission_visible_help) %></p>
     </label>
   </div>

data/app/views/spree/admin/permissions/index.html.erb CHANGED Viewed

@@ -13,7 +13,6 @@
         <th><%= Spree.t(:permission_title) %></th>
         <th><%= Spree.t(:permission_priority) %></th>
         <th><%= Spree.t(:permission_visible) %></th>
-        <th><%= Spree.t(:permission_boolean) %></th>
         <th class="actions"></th>
       </tr>
     </thead>
@@ -23,7 +22,6 @@
           <td><%= permission.title %></td>
           <td><%= permission.priority %></td>
           <td><%= permission.visible %></td>
-          <td><%= permission.boolean %></td>
           <td class="actions text-right">
             <%= link_to_edit(permission, no_text: true) if can? :edit, permission %>
             <%= link_to_delete(permission, no_text: true) if can? :destroy, permission %>

data/app/views/spree/admin/shared/_checkbox_list_pane.html.erb ADDED Viewed

@@ -0,0 +1,20 @@
+<%- selected_count = items.select { |item| is_checked.call(item) }.count %>
+<%- available_count = items.count %>
+<div class="panel-group scrollable-list-group-item">
+  <div class="panel panel-default">
+    <div class="panel-heading">
+      <h3 class="panel-title"><%= title %><span class="badge pull-right count"><%= selected_count %>/<%= available_count %></span></h3>
+    </div>
+    <ul class="list-group">
+      <% items.each do |item| %>
+        <li class="<%= is_checked.call(item) ? 'list-group-item-success list-group-item checkbox-list-pane' : 'list-group-item checkbox-list-pane' %>">
+          <%= label_tag do %>
+            <%= check_box_tag field, item.id, is_checked.call(item), class: 'hide' %>
+            <p><strong><%= item.name %></strong></p>
+            <p><%= item.description %></p>
+          <% end %>
+        </li>
+      <% end %>
+    </ul>
+  </div>
+</div>

data/config/initializers/auth.rb ADDED Viewed

@@ -0,0 +1,13 @@
+module Spree::Core::ControllerHelpers::Auth
+  alias_method :original_redirect_unauthorized_access, :redirect_unauthorized_access
+  def redirect_unauthorized_access
+    if try_spree_current_user && try_spree_current_user.roles.any?(&:admin_accessible?)
+      request_path = request.fullpath
+      flash[:notice] = Spree.t(:unable_to_access_requested_resource, request_path: request_path)
+      redirect_to admin_default_admin_dashboard_path
+    else
+      original_redirect_unauthorized_access
+    end
+  end
+end

data/config/initializers/cancan_ability.rb CHANGED Viewed

@@ -28,4 +28,4 @@ CanCan::Ability.module_eval do
   def cannot(*args, &block)
     rules << CanCan::Rule.new(false, *args, &block)
   end
-end
+end

data/config/initializers/cancan_controller_additions.rb CHANGED Viewed

@@ -1,11 +1,11 @@
 CanCan::ControllerAdditions.class_eval do
-  # specs of #authorize_with_attributes! is written in authorize_admin in roles_controller_spec
+  # specs of #authorize_with_attributes! is written in authorize_admin in roles_controller_spec
   def authorize_with_attributes!(action, subject, attributes = [])
-    attributes = attributes.keys if attributes.is_a?(Hash)
+    attributes = attributes.keys if attributes.respond_to?(:keys)
     if attributes.is_a? Array
       attributes.each { |attribute| authorize!(action, subject, attribute) }
     else
       authorize!(action, subject)
     end
   end
-end
+end