strongbolt 0.3.6

data/app/controllers/strongbolt/capabilities_controller.rb

@@ -0,0 +1,77 @@
+module Strongbolt
+  
+  class CapabilitiesController < ::StrongboltController
+
+    def index
+      @capabilities = Capability.all
+    end
+
+    def show
+      @capability = Capability.find params[:id]
+    end
+
+    def create
+      begin
+        @capability = Capability.where(capability_params).first_or_create
+
+        # If we have a role id, we add the capability to the role
+        if params[:role_id].present?
+          @role = Role.find params[:role_id]
+          @role.capabilities << @capability
+
+          respond_to do |format|
+            format.html { redirect_to role_path(@role) }
+            format.json { head :ok }
+          end
+        else
+          redirect_to capabilities_path
+        end
+      rescue ActionController::ParameterMissing => e
+        flash[:danger] = "Permission could not be created: ERROR #{e}"
+        redirect_to capabilities_path
+      end
+    end
+
+    def destroy
+      begin
+
+        # If we're passed a role id
+        if params[:role_id].present?  
+          @role = Role.find params[:role_id]
+
+          if params[:id].present?
+            conditions = {id: params[:id]}
+          else
+            conditions = capability_params
+          end
+
+          @capability = @role.capabilities.find_by(conditions)
+          @role.capabilities.delete @capability
+
+          respond_to do |format|
+            format.html { redirect_to role_path(@role) }
+            format.json { head :ok }
+          end
+        else
+          @capability = Capability.find params[:id]
+          @capability.destroy
+        
+          redirect_to capabilities_path
+        end
+      rescue ActiveRecord::DeleteRestrictionError
+        flash[:danger] = "Permission has roles using it, delete relationships before deleting it"
+      
+        redirect_to capability_path(@capability)
+      end
+    end
+
+    private
+
+    def capability_params
+      params.require(:capability).permit(:model, :action,
+        :require_ownership, :require_tenant_access)
+    end
+
+  end
+
+end

data/app/controllers/strongbolt/roles_controller.rb

@@ -0,0 +1,92 @@
+module Strongbolt
+  class RolesController < ::StrongboltController
+    
+    def index
+      @roles = Role.includes(:parent)
+        .order('parent_id IS NOT NULL', 'parent_id', 'name')
+    end
+
+    def new
+      @role = Role.new
+    end
+
+    def show
+      @role = Role.find params[:id]
+
+      @capabilities = @role.capabilities.to_hash
+      @inherited_capabilities = @role.inherited_capabilities.to_hash
+      # All the models we have
+      @keys = (@capabilities.keys | @inherited_capabilities.keys)
+
+      @descendants = @role.descendants
+    end
+
+    def edit
+      @role = Role.find params[:id]
+    end
+
+    def create
+      begin
+        @role = Role.create! role_params
+
+        flash[:success] = "Role was successfully created!"
+        redirect_to role_path(@role)
+      rescue ActiveRecord::RecordInvalid => e
+        flash[:danger] = "Role could not be created, please review the errors below"
+        redirect_to new_role_path
+      rescue ActionController::ParameterMissing => e
+        flash[:danger] = "Role could not be created: ERROR #{e}"
+        redirect_to new_role_path
+      rescue ActiveRecord::ActiveRecordError => e
+        flash[:danger] = "The parent you selected leads to an impossible configuration"
+        redirect_to edit_role_path(@role)
+      end
+    end
+
+    def update
+      begin
+        @role = Role.find params[:id]
+        @role.update_attributes! role_params
+
+        flash[:success] = "Role was successfully updated!"
+        redirect_to role_path(@role)
+      rescue ActiveRecord::RecordInvalid => e
+        flash[:danger] = "Role could not be updated, please review the errors below"
+        redirect_to edit_role_path(@role)
+      rescue ActionController::ParameterMissing => e
+        flash[:danger] = "Role could not be updated: ERROR #{e}"
+        redirect_to edit_role_path(@role)
+      rescue ActiveRecord::ActiveRecordError => e
+        flash[:danger] = "The parent you selected leads to an impossible configuration"
+        redirect_to edit_role_path(@role)
+      end
+    end
+
+    def destroy
+      begin
+        @role = Role.find params[:id]
+        @role.destroy!
+
+        flash[:success] = "Role #{@role.name} successfully deleted"
+
+        redirect_to roles_path
+      rescue ActiveRecord::DeleteRestrictionError
+        flash[:danger] = "Role #{@role.name} could not be deleted because #{@role.user_groups.size} user groups rely on it"
+        redirect_to role_path(@role)
+      end
+    end
+
+    rescue_from ActiveRecord::RecordNotFound do |e|
+      flash[:danger] = "Could not find role."
+      redirect_to roles_path
+    end
+
+    private
+
+    def role_params
+      params.require(:role).permit(:name, :parent_id, :description,
+        :capability_ids => [])
+    end
+
+  end
+end

data/app/controllers/strongbolt/security_controller.rb

@@ -0,0 +1,8 @@
+module Strongbolt
+  class SecurityController < ::StrongboltController
+    self.model_for_authorization = "Role"
+
+    def index
+    end
+  end
+end

data/app/controllers/strongbolt/user_groups_controller.rb

@@ -0,0 +1,76 @@
+module Strongbolt
+  class UserGroupsController < ::StrongboltController
+  	def index
+  		@user_groups = UserGroup.all
+  	end
+
+  	def show
+      @user_group = UserGroup.find params[:id]
+      # We select the users not yet in the user group
+      @users = Strongbolt.user_class_constant
+        .joins("LEFT JOIN strongbolt_user_groups_users sugu ON sugu.user_id = #{Strongbolt.user_class_constant.table_name}.id")
+        .joins("LEFT JOIN strongbolt_user_groups sug ON sug.id = sugu.user_group_id")
+        .where("sug.id IS NULL OR sug.id != ?", @user_group.id)
+  	end
+
+  	def create
+      begin
+        @user_group = UserGroup.create! user_group_params
+
+        flash[:success] = "Use group was successfully created!"
+        redirect_to user_group_path(@user_group)
+      rescue ActiveRecord::RecordInvalid => e
+        flash[:danger] = "User Group could not be created, please review the errors below"
+        redirect_to new_user_group_path
+      rescue ActionController::ParameterMissing => e
+        flash[:danger] = "User Group could not be created: ERROR #{e}"
+        redirect_to new_user_group_path
+      end
+  	end
+
+  	def update
+      begin
+        @user_group = UserGroup.find params[:id]
+        @user_group.update_attributes! user_group_params
+        
+        flash[:success] = "User group was successfully updated!"
+        redirect_to user_group_path params[:id]
+      rescue ActiveRecord::RecordInvalid => e
+        flash[:danger] = "User Group could not be modified, please review the errors below"
+        redirect_to edit_user_group_path(params[:id])
+      rescue ActionController::ParameterMissing => e
+        flash[:danger] = "User Group could not be updated: ERROR #{e}"
+        redirect_to edit_user_group_path(params[:id])
+      end
+  	end
+
+  	def destroy
+      begin
+        @user_group = UserGroup.find params[:id]
+        @user_group.destroy!
+
+        flash[:success] = "User group #{@user_group.name} successfully deleted"
+        
+        redirect_to user_groups_path
+      rescue ActiveRecord::DeleteRestrictionError
+        flash[:danger] = "User group #{@user_group.name} cannot be deleted because #{@user_group.users.size} users belong to it"
+
+        redirect_to user_group_path(@user_group)
+      end
+  	end
+
+  	def edit
+      @user_group = UserGroup.find params[:id]
+  	end
+
+  	def new
+      @user_group = UserGroup.new
+  	end
+
+    private
+
+    def user_group_params
+      params.require(:user_group).permit(:name, :role_ids => [])
+    end
+  end
+end

data/app/controllers/strongbolt/user_groups_users_controller.rb

@@ -0,0 +1,35 @@
+module Strongbolt
+  class UserGroupsUsersController < ::StrongboltController
+
+    self.model_for_authorization = "UserGroup"
+
+    def create
+      @user_group = UserGroup.find(params[:user_group_id])
+      @user = Strongbolt.user_class_constant.find(params[:id])
+      
+      @user_group.users << @user unless @user_group.users.include?(@user)
+
+      redirect_to request.referrer || user_group_path(@user_group)
+    end
+
+    def destroy
+      @user_group = UserGroup.find(params[:user_group_id])
+      @user = Strongbolt.user_class_constant.find(params[:id])
+      
+      @user_group.users.delete @user
+
+      redirect_to request.referrer || user_group_path(@user_group)
+    end
+
+    rescue_from ActiveRecord::RecordNotFound do |e|
+      if @user_group.nil?
+        flash[:danger] = "User Group ##{params[:user_group_id]} does not exist"
+        redirect_to user_groups_path
+      else
+        flash[:danger] = "User ##{params[:id]} does not exist"
+        redirect_to user_group_path(@user_group)
+      end
+    end
+
+  end
+end

data/app/controllers/strongbolt_controller.rb

@@ -0,0 +1,2 @@
+class StrongboltController < Strongbolt.parent_controller.constantize
+end

data/app/views/strongbolt/_menu.html.erb

@@ -0,0 +1,13 @@
+<ul class="nav nav-pills nav-justified">
+  <li class="<%= current == 'user_groups' ? 'active' : '' %>">
+    <%= link_to user_groups_path do %>
+      <i class="fa fa-users"></i> User Groups
+    <% end %>
+  </li>
+  <li class="<%= current == 'roles' ? 'active' : '' %>">
+    <%= link_to roles_path do %>
+      <i class="fa fa-certificate"></i> Roles
+    <% end %>
+  </li>
+</ul>
+<div class="spacer"></div>

data/app/views/strongbolt/capabilities/index.html.erb

@@ -0,0 +1,53 @@
+<ul class='breadcrumb'>
+  <h2 style='text-align:left'>Security: Permissions</h2>
+  <li class="active">
+    Permissions
+  </li>
+</ul>
+
+<%= simple_form_for(Capability.new, url: capabilities_path, as: :capability) do |f| %>
+  <table class="table table-condensed table-striped">
+
+    <thead>
+      <tr>
+        <th>#</th>
+        <th>Model</th>
+        <th>Action</th>
+        <th>Require Ownership?</th>
+        <th>Require Tenant Access?</th>
+        <th>Roles</th>
+        <th></th>
+      </tr>
+    </thead>
+
+    <tbody>
+      <% @capabilities.ordered.each do |capability| %>
+        <tr>
+          <td><%= capability.id %></td>
+          <td><%= capability.model %></td>
+          <td><%= capability.action %></td>
+          <td><%= capability.require_ownership ? "Yes" : "No" %></td>
+          <td><%= capability.require_tenant_access ? "Yes" : "No" %></td>
+          <td><%= link_to "#{capability.roles.size} roles", capability_path(capability) %></td>
+          <td align="right">
+            <%= link_to capability_path(capability), method: :delete, data: {confirm: "Are you sure?"}, class: 'text-danger' do %>
+              <i class="fa fa-trash-o"></i>
+            <% end %>
+          </td>
+        </tr>
+      <% end %>
+    </tbody>
+
+    <tfoot>
+      <tr>
+        <td></td>
+        <td><%= f.input_field :model, collection: Capability.models, include_blank: false %></td>
+        <td><%= f.input_field :action, collection: Capability::Actions, include_blank: false %></td>
+        <td><%= f.input_field :require_ownership, as: :select, include_blank: false %></td>
+        <td><%= f.input_field :require_tenant_access, as: :select, include_blank: false %></td>
+        <td><%= f.button :submit, "Create Permission", class: "btn btn-primary btn-block" %></td>
+      </tr>
+    </tfoot>
+  </table>
+
+<% end %>

data/app/views/strongbolt/capabilities/show.html.erb

@@ -0,0 +1,53 @@
+<ul class='breadcrumb'>
+  <h2 style='text-align:left'>Security: Permission <em>#<%= @capability.id %></em></h2>
+  <li>
+    <%= link_to "Permissions", capabilities_path %>
+  </li>
+  <li class='active'>
+    #<%= @capability.id %>
+  </li>
+</ul>
+
+<table class="table table-summary">
+  <tr>
+    <td>Model</td>
+    <td><%= @capability.model %></td>
+  </tr>
+  <tr>
+    <td>Action</td>
+    <td><%= @capability.action %></td>
+  </tr>
+  <tr>
+    <td>Require Ownership?</td>
+    <td><%= @capability.require_ownership ? "Yes" : "No" %></td>
+  </tr>
+  <tr>
+    <td>Require Tenant Access</td>
+    <td><%= @capability.require_tenant_access ? "Yes" : "No" %></td>
+  </tr>
+  <tr>
+    <td>Roles</td>
+    <td>
+      <% if @capability.roles.present? %>
+        <% @capability.roles.each do |role| %>
+          <div><%= link_to role.name, role_path(role) %></div>
+        <% end %>
+      <% else %>
+        No role linked
+      <% end %>
+    </td>
+  </tr>
+</table>
+
+
+<div class="pull-right">
+  <p>
+    <% if @capability.roles.empty? %>
+      <%= link_to "Delete", capability_path(@capability), method: :delete, class: "btn btn-danger", data: {confirm: "Are you sure?"} %>
+    <% else %>
+      <span class="text-danger">
+        You cannot delete the capability while roles are still linked to it
+      </span>
+    <% end %>
+  </p>
+</div>

data/app/views/strongbolt/roles/_capabilities.html.erb

@@ -0,0 +1,47 @@
+<%= simple_form_for(Capability.new, url: role_capabilities_path(@role), as: :capability) do |f| %>
+  <table class="table table-striped table-condensed" id="role-capabilities" data-url="<%= role_capabilities_path(@role) %>">
+
+    <thead>
+      <tr>
+        <th>Model</th>
+        <th>Require Ownership?</th>
+        <th>Require Tenant Access?</th>
+        <th>Actions</th>
+      </tr>
+    </thead>
+
+    <tbody>
+      <% @keys.each do |key| %>
+          
+        <tr>
+          <td><%= key[:model] %></td>
+          <td>
+            <%= key[:require_ownership] ? "Yes" : "No" %>
+          </td>
+          <td>
+            <%= key[:require_tenant_access] ? "Yes" : "No" %>
+          </td>
+          <td>
+            <%= render 'capability', key: key, capability: @capabilities[key] || {}, inherited_capability: @inherited_capabilities[key] || {}, path: role_capabilities_path(@role) %>
+          </td>
+        </tr>
+
+      <% end %>
+
+    </tbody>
+
+      <tfoot>
+        <tr>
+          <td><%= f.input_field :model, collection: Capability.models, include_blank: false %></td>
+          <td><%= f.input_field :require_ownership, as: :select, include_blank: false %></td>
+          <td><%= f.input_field :require_tenant_access, as: :select, include_blank: false %></td>
+          <td colspan="4">
+            <%= f.hidden_field :action, value: "find" %>
+            <%= f.button :submit, "Add Permission", class: "btn btn-primary btn-block" %>
+          </td>
+        </tr>
+      </tfoot>
+
+  </table>
+
+<% end %>