symphonia 4.2.0 → 5.0.3

data/app/models/symphonia/user.rb

@@ -11,7 +11,6 @@ module Symphonia
       add_attribute :last_name
       add_attribute :email, :mail, default: true
       add_attribute :status, :enum, filter: "select"
-      add_attribute :role, :reference
       add_attribute :admin, :boolean
       add_attribute :login_count
       add_attribute :last_login_ip
@@ -34,8 +33,7 @@ module Symphonia
 
     has_and_belongs_to_many :preferences, foreign_key: 'user_id'
 
-    belongs_to :edited_by, class_name: 'Symphonia::User', required: false
-    belongs_to :role, required: false
+    belongs_to :edited_by, class_name: 'Symphonia::User', optional: true
 
     accepts_nested_attributes_for :preferences
 
@@ -46,29 +44,6 @@ module Symphonia
 
     alias_attribute :mail, :email
 
-
-    before_save do |model|
-      Rails.cache.delete_matched('user_allowed_to*') if model.role_id_changed?
-    end
-
-    def allowed_to?(action)
-      return true if admin?
-
-      Rails.cache.fetch([:user_allowed_to, self, action]) do
-        role_id && role.allowed_to?(action)
-      end
-    end
-
-    def authorize?(controller, action)
-      return true if admin?
-
-      if role_id
-        role.authorize?(controller, action)
-      else
-        false
-      end
-    end
-
     # def form_path
     #   'symphonia/users/form'
     # end
@@ -97,14 +72,6 @@ module Symphonia
         'anonym@nothing'
       end
 
-      def allowed_to?(_action)
-        false
-      end
-
-      def authorize?(_controller, _action)
-        false
-      end
-
       def save
         false
       end
@@ -117,7 +84,7 @@ module Symphonia
         false
       end
 
-      alias_method :admin?, :admin
+      alias admin? admin
 
       def logged_in?
         false
@@ -130,6 +97,7 @@ module Symphonia
       def language
         nil
       end
+
     end
 
   end

data/app/models/symphonia/user_ability.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Symphonia
+  class UserAbility
+    include CanCan::Ability
+
+    def initialize(user)
+      return unless user.logged_in?
+
+      can :update, User, id: user.id
+      can :read, User, id: user.id
+      return unless user.admin?
+
+      can :archive, User, status: :active
+      can :activate, User, status: :pending
+      can :unarchive, User, status: :archived
+
+      can %i[read create update destroy], :all
+      # Define abilities for the user here. For example:
+      #
+      #   return unless user.present?
+      #   can :read, :all
+      #   return unless user.admin?
+      #   can :manage, :all
+      #
+      # The first argument to `can` is the action you are giving the user
+      # permission to do.
+      # If you pass :manage it will apply to every action. Other common actions
+      # here are :read, :create, :update and :destroy.
+      #
+      # The second argument is the resource the user can perform the action on.
+      # If you pass :all it will apply to every resource. Otherwise pass a Ruby
+      # class of the resource.
+      #
+      # The third argument is an optional hash of conditions to further filter the
+      # objects.
+      # For example, here the user can only update published articles.
+      #
+      #   can :update, Article, published: true
+      #
+      # See the wiki for details:
+      # https://github.com/CanCanCommunity/cancancan/blob/develop/docs/define_check_abilities.md
+    end
+
+  end
+end

data/app/views/common/403.html.erb

@@ -1,5 +1,6 @@
-<i class="fa fa-hand-stop-o fa-5x pull-left"></i> <%= page_header 403 %>
-<p class="clearfix">
+<%= page_header 403 %>
+<p class="alert alert-danger">
+  <i class="fa fa-hand-stop-o fa-5x"></i>
   <%= t :text_access_deny %>
 </p>
-<%= link_to icon('back', t(:button_back)), :back, class: 'btn btn-link' %>
+<%= link_to icon('back', t(:button_back)), :back, class: 'btn btn-link' %>

data/app/views/layouts/symphonia/application.html.erb

@@ -8,9 +8,9 @@
     <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': true %>
     <%= yield :stylesheet_tags %>
     <%= javascript_include_tag 'application', 'data-turbolinks-track': true %>
-    <script type="text/javascript">
-      Symphonia.routes.reorderImagesPath = '<%= symphonia.reorder_attachment_path %>';
-    </script>
+<!--    <script type="text/javascript">-->
+<!--      Symphonia.routes.reorderImagesPath = '<%#= symphonia.reorder_attachment_path %>';-->
+<!--    </script>-->
     <%= yield :javascript_tags %>
     <%= csrf_meta_tags %>
   </head>
@@ -19,7 +19,7 @@
       <nav class="navbar navbar-expand-lg navbar-light bg-light fixed-top">
         <!--<a class="navbar-brand" href="#">Navbar</a>-->
         <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
-          <%= fa_icon('bars') %>
+          <%= icon('bars') %>
         </button>
 
         <div class="collapse navbar-collapse" id="navbarSupportedContent">

data/app/views/symphonia/accounts/_detail.html.erb

@@ -1,16 +1,17 @@
+<%= ActiveSupport::Deprecation.warn "View 'accounts/_detail' partial should not use anymore" %>
 <div class="buttons contextual">
   <% if Symphonia::User.current.admin? %>
     <% controller = account.class.name.underscore.pluralize %>
     <%= link_to(icon('edit', t(:button_edit)), edit_polymorphic_path(account), class: 'btn btn-primary') %>
     <% if use_service_buttons %>
       <% if account.active? %>
-        <%= link_to(fa_icon('lock', text: t(:button_archive)), {:controller => controller, :action => 'archive', :id => account, :back_url => polymorphic_path(account)}, :class => 'btn btn-secondary', :data => {:method => 'post', :confirm => t(:text_are_you_sure)}) %>
+        <%#= link_to(icon('lock', text: t(:button_archive)), polymorphic_path([controller_name, 'archive', account], back_url: polymorphic_path(account)), class: 'btn btn-secondary', data: { method: 'post', confirm: t(:text_are_you_sure) }) %>
       <% elsif account.status_new? %>
-        <%= link_to(fa_icon('bolt', text: t(:button_active)), {:controller => controller, :action => 'unarchive', :id => account, :back_url => polymorphic_path(account)}, :class => 'btn btn-secondary', :data => {:method => 'post', :confirm => t(:text_are_you_sure) + "\n  #{t(:text_confirm_send_unlock_mail)}"}) %>
+        <%= link_to(icon('bolt', text: t(:button_active)), { controller: controller, action: 'unarchive', id: account, back_url: polymorphic_path(account) }, class: 'btn btn-secondary', data: { method: 'post', confirm: t(:text_are_you_sure) + "\n  #{t(:text_confirm_send_unlock_mail)}" }) %>
       <% else %>
-        <%= link_to(fa_icon('unlock', text: t(:button_unarchive)), {:controller => controller, :action => 'unarchive', :id => account, :back_url => polymorphic_path(account)}, :class => 'btn btn-secondary', :data => {:method => 'post', :confirm => t(:text_are_you_sure) + "\n  #{t(:text_confirm_send_unlock_mail)}"}) %>
+        <%= link_to(icon('unlock', text: t(:button_unarchive)), { controller: controller, action: 'unarchive', id: account, back_url: polymorphic_path(account) }, class: 'btn btn-secondary', data: { method: 'post', confirm: t(:text_are_you_sure) + "\n  #{t(:text_confirm_send_unlock_mail)}" }) %>
       <% end %>
-      <%= link_to(fa_icon('delete', text: t(:button_delete)), account, :class => 'btn btn-danger', :method => 'delete', :data => {:confirm => t(:text_are_you_sure)}) %>
+      <%= link_to(icon('delete', text: t(:button_delete)), account, class: 'btn btn-danger', method: 'delete', data: { :confirm => t(:text_are_you_sure) }) %>
     <% end -%>
   <% else %>
     <%= link_to(icon('edit', t(:button_edit)), edit_polymorphic_path(controller_name.singularize, id: account.id), :class => 'btn btn-primary', :remote => true) %>
@@ -24,29 +25,31 @@
   <div class="col-md-4">
     <div class="row">
       <div class="col-md-6"><b><%= account.class.human_attribute_name(:login) %></b></div>
-      <div class="col-md-6"><span ><%= account.login %></span></div>
+      <div class="col-md-6"><span><%= account.login %></span></div>
     </div>
   </div>
   <div class="col-md-4">
     <div class="row">
       <div class="col-md-6"><b><%= account.class.human_attribute_name(:email) %></b></div>
-      <div class="col-md-6"><span ><%= account.format_value(:email, self) %></span></div>
+      <div class="col-md-6"><span><%= account.format_value(:email, self) %></span></div>
     </div>
   </div>
 </div>
 
 <div id="customer_detail" style="display: none">
   <div class="clearfix">
-    <%= content_tag(:strong, account.class.human_attribute_name(:current_login_at), :class => 'col-xs-6') %>
-    <%= content_tag(:div, account.current_login_at ? time_tag(account.current_login_at) : '-', :class => 'col-xs-6') %>
-    <%= content_tag(:strong, account.class.human_attribute_name(:current_login_ip), :class => 'col-xs-6') %>
-    <%= content_tag(:div, account.current_login_ip || '-', :class => 'col-xs-6') %>
-    <%= content_tag(:strong, account.class.human_attribute_name(:last_login_at), :class => 'col-xs-6') %>
-    <%= content_tag(:div, account.last_login_at ? time_tag(account.last_login_at.localtime) : '-', :class => 'col-xs-6') %>
-    <%= content_tag(:strong, account.class.human_attribute_name(:last_login_ip), :class => 'col-xs-6') %>
-    <%= content_tag(:div, account.last_login_ip || '-', :class => 'col-xs-6') %>
-    <%= content_tag(:strong, account.class.human_attribute_name(:single_access_token), :class => 'col-xs-6') %>
-    <%= content_tag(:div, text_field_tag(:token, account.single_access_token, :style => 'border:none'), :class => 'col-xs-6') %>
+    <b class="col-xs-6"><%= account.class.human_attribute_name(:current_login_at) %></b>
+    <div class="col-xs-6"><%= account.current_login_at ? time_tag(account.current_login_at) : '-' %></div>
+    <b class="col-xs-6"><%= account.class.human_attribute_name(:current_login_ip) %></b>
+    <div class="col-xs-6"><%= account.current_login_ip || '-' %></div>
+    <b class="col-xs-6"><%= account.class.human_attribute_name(:last_login_at) %></b>
+    <div class="col-xs-6"><%= account.last_login_at ? time_tag(account.last_login_at.localtime) : '-' %></div>
+    <b class="col-xs-6"><%= account.class.human_attribute_name(:last_login_ip) %></b>
+    <div class="col-xs-6"><%= account.last_login_ip || '-' %></div>
+    <b class="col-xs-6"><%= account.class.human_attribute_name(:single_access_token) %></b>
+    <div class="col-xs-6">
+      <%= text_field_tag(:token, account.single_access_token, style: 'border:none') %>
+    </div>
   </div>
 </div>
 
@@ -54,7 +57,7 @@
   SymphoniaUserDetail = {
     popup: {
       dialog: null,
-      show: function() {
+      show: function () {
         if (!this.dialog) {
           this.dialog = new SymphoniaDialog("customer_detail");
         }
@@ -62,4 +65,4 @@
       }
     }
   };
-</script>
+</script>

data/app/views/symphonia/common/_filters.html.erb

@@ -1,23 +1,23 @@
 <% if @query %>
   <%#= bootstrap_form_tag(url: {set_filter: 1}, method: :get, class: 'form-horizontal', id: 'symphonia_filters_form') do |f| %>
-    <div class="row hidden-print">
-      <% if @query.search? %>
-        <div class="col-sm-12">
-          <div class="input-group input-group-sm">
-            <%= search_field_tag(:q, params[:q], class: 'form-control input-sm', id: 'symphonia_query_q', placeholder: t(:label_search), autofocus: params[:q].present? || nil, data: {remote: local_assigns[:remote]}, onchange: 'submitSymphoniaQueryQ(this)') %>
-            <div class="input-group-append">
-              <div class="input-group-text">
-                <%= link_to(fa_icon('search'), 'javascript:void(0)', {onclick: 'Symphonia.filters.search(document.getElementById("symphonia_query_q"))', title: t(:button_search)}) %>
-                <%= link_to(fa_icon('filter'), symphonia.filters_options_path(@query.model.name, @query.to_params.merge(path: j(request.url))), remote: true, title: t(:title_advanced_filters)) unless local_assigns.key?(:hide_advanced_filter) %>
-                <%= link_to(fa_icon('false'), 'javascript:void(0)', onclick: 'Symphonia.filters.resetSearch(document.getElementById("symphonia_query_q"))') if params[:q] %>
-              </div>
-
+  <div class="row hidden-print">
+    <% if @query.search? %>
+      <div class="col-sm-12">
+        <div class="input-group input-group-sm">
+          <%= search_field_tag(:q, params[:q], class: 'form-control input-sm', id: 'symphonia_query_q', placeholder: t(:label_search), autofocus: params[:q].present? || nil, data: { remote: local_assigns[:remote] }, onchange: 'submitSymphoniaQueryQ(this)') %>
+          <div class="input-group-append">
+            <div class="input-group-text">
+              <%= link_to(icon('search'), 'javascript:void(0)', { onclick: 'Symphonia.filters.search(document.getElementById("symphonia_query_q"))', title: t(:button_search) }) %>
+              <%= link_to(icon('filter'), symphonia.filters_options_path(@query.model.name, @query.to_params.merge(path: j(request.url))), remote: true, title: t(:title_advanced_filters)) unless local_assigns.key?(:hide_advanced_filter) %>
+              <%= link_to(icon('false'), 'javascript:void(0)', onclick: 'Symphonia.filters.resetSearch(document.getElementById("symphonia_query_q"))') if params[:q] %>
             </div>
+
           </div>
         </div>
-      <% end %>
-    </div>
+      </div>
+    <% end %>
+  </div>
   <%# end %>
 <% else %>
-  <%= content_tag(:p, t(:text_error_query_not_init), class: 'no-data') %>
+  <%= render_no_data t(:text_error_query_not_init) %>
 <% end -%>

data/app/views/symphonia/common/_share_links.html.erb

@@ -1,5 +1,4 @@
 <span class="share-buttons">
-  <%= link_to(fa_icon("facebook-square #{icon_css}"), "http://www.facebook.com/share.php?u=#{url}&title=#{name}", :title => t(:facebook, :scope => [:share_on, :title]),  :target => '_blank') %>
-  <%= link_to(fa_icon("twitter-square #{icon_css}"), "http://twitter.com/home?status=#{name}+#{url}", :title => t(:twitter, :scope => [:share_on, :title]), :target => '_blank') %>
-  <%= link_to(fa_icon("google-plus-square #{icon_css}"), "https://plus.google.com/share?url=#{url}", :title => t(:google_plus, :scope => [:share_on, :title]), :target => '_blank') %>
+  <%= link_to(icon("facebook-square #{icon_css}"), "http://www.facebook.com/share.php?u=#{url}&title=#{name}", title: t("share_on.title.facebook"), target: '_blank') %>
+  <%= link_to(icon("twitter-square #{icon_css}"), "http://twitter.com/home?status=#{name}+#{url}", title: t("share_on.title.twitter"), target: '_blank') %>
 </span>

data/app/views/symphonia/users/_form.html.erb

@@ -2,12 +2,7 @@
 <% if Symphonia::User.current.admin? %>
   <div class="row justify-content-center">
     <div class="col-8">
-      <%= f.check_box :admin, id: 'user_admin', layout: :inline %>
+      <%= f.check_box :admin, id: 'user_admin' %>
     </div>
-    <% if @roles.any? %>
-      <div class="col-9">
-        <%= f.select(:role_id, options_from_collection_for_select(@roles, :id, :name, selected: @user.role_id), include_blank: true, layout: :horizontal) %>
-      </div>
-    <% end -%>
   </div>
 <% end %>

data/app/views/symphonia/users/show.html.erb

@@ -5,17 +5,12 @@
     <h4 class="card-title"><%= html_title(@user.name).join %></h4>
     <div class="card-text row">
       <div class="col-sm-8">
-        <% %i(login email admin).each do |attribute| %>
+        <% %i[login email admin].each do |attribute| %>
           <% next if @user.send(attribute).to_s.blank? %>
           <dt><%= @user.class.human_attribute_name attribute %></dt>
           <dd><%= @user.format_value(attribute, self) %></dd>
         <% end %>
 
-        <% if @user.role %>
-          <dt><%= @user.class.human_attribute_name :role %></dt>
-          <dd><%= @user.format_value(:role, Symphonia::User.current.admin? && self || nil) %></dd>
-        <% end %>
-
         <% if @user.preferences.any? %>
           <dt><%= t(:label_user_notifications) %></dt>
           <% @user.preferences.each do |p| %>
@@ -25,20 +20,20 @@
       </div>
       <div class="col-sm-4">
 
-        <% if Symphonia::User.current.admin? %>
+        <% if can? :edit, @user %>
           <%= link_to(icon('edit', t(:button_edit)), edit_user_path(@user), class: 'btn btn-primary btn-block') %>
-          <% if true %>
-            <% if @user.active? %>
-              <%= link_to(icon('lock', t(:button_archive)), archive_user_path(@user, back_url: polymorphic_path(@user)), data: { method: 'post', confirm: t(:text_are_you_sure) }, class: 'btn btn-secondary btn-block') %>
-            <% elsif @user.status_new? %>
-              <%= link_to(icon('bolt', t(:button_active)), unarchive_user_path(@user, back_url: polymorphic_path(@user)), class: 'btn btn-secondary', data: { method: 'post', confirm: t(:text_are_you_sure) + "\n  #{t(:text_confirm_send_unlock_mail)}" }) %>
-            <% else %>
-              <%= link_to(icon('unlock', t(:button_unarchive)), unarchive_user_path(@user, back_url: polymorphic_path(@user)), class: 'btn btn-secondary btn-block', data: { method: 'post', confirm: t(:text_are_you_sure) + "\n  #{t(:text_confirm_send_unlock_mail)}" }) %>
-            <% end %>
-            <%= link_to(icon('delete', t(:button_delete)), @user, class: 'btn btn-danger btn-block', method: 'delete', data: { confirm: t(:text_are_you_sure) }) %>
-          <% end -%>
-        <% else %>
-          <%= link_to(icon('edit', t(:button_edit)), edit_user_path(@user), class: 'btn btn-primary btn-block', remote: true) %>
+        <% end %>
+        <% if can? :archive, @user %>
+          <%= link_to(icon('lock', t(:button_archive)), archive_user_path(@user, back_url: polymorphic_path(@user)), data: { method: 'post', confirm: t(:text_are_you_sure) }, class: 'btn btn-secondary btn-block') %>
+        <% end %>
+        <% if can? :activate, @user %>
+          <%= link_to(icon('bolt', t(:button_active)), unarchive_user_path(@user, back_url: polymorphic_path(@user)), class: 'btn btn-secondary btn-block', data: { method: 'post', confirm: t(:text_are_you_sure) + "\n  #{t(:text_confirm_send_unlock_mail)}" }) %>
+        <% end %>
+        <% if can? :unarchive, @user %>
+          <%= link_to(icon('unlock', t(:button_unarchive)), unarchive_user_path(@user, back_url: polymorphic_path(@user)), class: 'btn btn-secondary btn-block', data: { method: 'post', confirm: t(:text_are_you_sure) + "\n  #{t(:text_confirm_send_unlock_mail)}" }) %>
+        <% end %>
+        <% if can? :destroy, @user %>
+          <%= link_to(icon('delete', t(:button_delete)), @user, class: 'btn btn-danger btn-block', method: 'delete', data: { confirm: t(:text_are_you_sure) }) %>
         <% end %>
         <%= link_to(icon('key', t(:detail)), 'javascript:void(0)', onclick: %q{Symphonia.dialog.show('customer_detail')}, class: 'btn btn-info btn-block') %>
       </div>
@@ -60,4 +55,4 @@
     <%= content_tag(:strong, @user.class.human_attribute_name(:single_access_token), :class => 'col-xs-6') %>
     <%= content_tag(:div, text_field_tag(:token, @user.single_access_token, :style => 'border:none'), :class => 'col-xs-6') %>
   </div>
-</div>
+</div>

data/config/locales/cs.yml

@@ -25,8 +25,9 @@ cs:
     present: Současnot
     future: Budoucnost
     formats:
-      default: "%d. %B %Y %H:%M"
+#      default: "%d. %B %Y %H:%M"
       short: "%-d. %-m. %Y %H:%M"
+      long: "%-d. %-m. %Y %H:%M"
   attributes:
     updated_at: Aktualizováno
     created_at: Vytvořeno
@@ -50,7 +51,7 @@ cs:
         attachment: Příloha
       errors:
         template:
-          body: "Formulář obsahuje chybně vyplněná pole:"
+          body: "Formulář obsahuje chyby:"
       attributes:
         attachment:
           attachment_file_name: Název souboru

data/db/migrate/20130714140500_create_users.rb

@@ -37,8 +37,6 @@ class CreateUsers < ActiveRecord::Migration[5.1]
       t.references :edited_by
       t.datetime :edited_at
 
-      t.references :role
-
       t.timestamps
     end
   end

data/db/seeds.rb

@@ -3,11 +3,11 @@ u.attributes = {
   login: 'admin',
   first_name: 'Lukáš',
   last_name: 'Pokorný',
-  email: 'luk4s.pokorny@gmail.com',
+  email: 'admin@luk4s.cz',
   password: 'admin',
   # password_confirmation: 'admin',
   admin: true,
-  avatar_url: "https://secure.gravatar.com/avatar/3657d5f0e9747c1c21eb2b689a8dba0b?s=64"
+  avatar_url: "https://secure.gravatar.com/avatar/3657d5f0e9747c1c21eb2b689a8dba0b?s=64",
 }
 u.single_access_token = SecureRandom.hex(20)
-u.save!(validate: false)
+u.save!(validate: false) if Symphonia::User.where(login: "admin").none?

data/lib/generators/symphonia/entity_controller/entity_controller_generator.rb

@@ -19,7 +19,7 @@ module Generators
     argument :attributes, type: :array, default: [], banner: "field:type field:type"
 
     def create_controller_files
-      template_file = options.api? ? "api_controller.rb" : "controller.rb"
+      template_file = options.api? ? "api_controller.rb.tt" : "controller.rb.tt"
       template template_file, File.join("app/controllers", controller_class_path, "#{controller_file_name}_controller.rb")
     end
 
@@ -45,4 +45,4 @@ module Generators
 
   end
 end
-end
+end

data/lib/symphonia/admin_constraint.rb

@@ -4,7 +4,7 @@ module Symphonia
     def matches?(request)
       return false if (credentials = request.session["symphonia/user_credentials"]).blank?
 
-      user = User.find_by_persistence_token(credentials.split(':')[0])
+      user = User.find_by(persistence_token: credentials.split(':')[0])
       user&.admin?
     end
 

data/lib/symphonia/base_controller.rb

@@ -13,16 +13,14 @@ module Symphonia
   #   %i[]
   # end
   #
-  # def swagger_path
-  #  false # => for disable swagger
-  #   "/my-custom-path" # => for custom route
-  # end
+
   module BaseController
+
     extend ActiveSupport::Concern
 
     included do
       # before_action :authorize
-      before_action :find_entity, only: [:show, :edit, :update, :destroy]
+      before_action :find_entity, only: %i[show edit update destroy]
 
       include Rails::Pagination
       helper Symphonia::BootstrapModalHelper
@@ -30,11 +28,9 @@ module Symphonia
 
       # @param [Class] model
       class_attribute :model
-
     end
 
     class_methods do
-
       # def model=(klass)
       #   @model = klass
       # end
@@ -76,11 +72,11 @@ module Symphonia
     end
 
     def new
-      @entity ||= instance_variable_set(:"@#{model_name}", model.new(params.fetch(model_name, {}).permit(safe_attributes)))
+      @entity ||= instance_variable_set(:"@#{model_name}",
+                                        model.new(params.fetch(model_name, {}).permit(safe_attributes)))
     end
 
-    def edit
-    end
+    def edit; end
 
     def create
       @entity ||= instance_variable_set(:"@#{model_name}", model.new(entity_params))
@@ -119,7 +115,7 @@ module Symphonia
     end
 
     def model_name
-      model.name.demodulize.underscore.to_sym
+      model.name.demodulize.underscore
     end
 
     private
@@ -138,13 +134,9 @@ module Symphonia
       params.require(model_name).permit(safe_attributes)
     end
 
-    def after_create
-
-    end
+    def after_create; end
 
-    def after_update
-
-    end
+    def after_update; end
 
   end
 end

data/lib/symphonia/controller_extensions.rb

@@ -17,7 +17,7 @@ module Symphonia
       add_flash_types :error
 
       rescue_from ::ActiveRecord::RecordNotFound, with: :render_404
-      rescue_from Unauthorized, with: :render_403
+      rescue_from Unauthorized, CanCan::AccessDenied, with: :render_403
 
       helper_method :current_user, :back_url
     end
@@ -117,7 +117,7 @@ module Symphonia
 
     # Renders a 200 response for successful updates or deletions via the API
     def render_api_ok
-      head :ok
+      render_api_head :ok
     end
 
     # Renders a head API response
@@ -143,20 +143,10 @@ module Symphonia
     end
 
     def authorize
-      if Symphonia::User.current.authorize?(controller_name, action_name)
-        return true
-      elsif Symphonia::User.current.logged_in?
-        raise Unauthorized
-      else
-        respond_to do |format|
-          format.html do
-            return redirect_to(symphonia.login_path(back_url: request.path), error: t(:text_error_login_required))
-          end
-          format.any { return head 401 }
-        end
-      end
+      return true if Symphonia::User.current.admin?
+      raise Unauthorized if Symphonia::User.current.logged_in?
 
-      raise Unauthorized
+      login_require
     end
 
     def handle_unverified_request

data/lib/symphonia/engine.rb

@@ -1,51 +1,37 @@
 require 'symphonia/object'
-require 'symphonia/menu_manager'
-require 'symphonia/permissions'
-require 'symphonia/user_management'
 
-require 'rails-i18n'
-require 'turbolinks'
 require 'authlogic'
+require 'cancancan'
 require 'scrypt'
-require 'bootstrap'
 
 require 'will_paginate'
 require 'api-pagination'
-require 'font-awesome-rails'
-require 'jquery-rails'
-require 'jquery-ui-rails'
+
+require 'rails_i18n'
 require 'rdiscount'
 require 'sortable-table'
 require 'bootstrap_form'
-require 'bootstrap-datepicker-rails'
-# require 'wicked_pdf'
-# require 'swagger/blocks'
 
 module Symphonia
 
   class Engine < ::Rails::Engine
     isolate_namespace Symphonia
 
+    config.autoload_paths << File.expand_path("..", __dir__)
+
     config.generators do |g|
       g.test_framework :rspec, fixture: false
       g.fixture_replacement :factory_bot, dir: 'spec/factories'
     end
 
-    # Rails 5
-    # ActionController::Base.class_eval do
-    #   include Symphonia::ApplicationController
-    # end
-
-
     initializer :symphonia_extensions do
+      ActiveSupport.on_load(:action_controller_base) do
+        # prepend Symphonia::ApplicationController
+        helper Symphonia::ApplicationHelper
+        helper Symphonia::BootstrapModalHelper
+      end
     end
 
-    # ActiveSupport::Reloader.to_prepare do
-    #   ::ApplicationController.send :helper, Symphonia::ApplicationHelper
-    #   ::ApplicationMailer.send :helper, Symphonia::ApplicationHelper
-    #   BootstrapForm::FormBuilder.prepend(Symphonia::FormBuilder)
-    # end
-
     initializer :symphonia_setup do |_app|
       Mime::Type.register 'application/pdf', :pdf
       config.i18n.available_locales ||= %i[cs en]
@@ -69,31 +55,13 @@ module Symphonia
       end
     end
 
-    # include helpers
     initializer :load_helper, before: :load_config_initializers do |app|
-      # config.active_record.raise_in_transactional_callbacks = false
       if Rails.env.development?
         config.action_mailer.default_url_options ||= { host: 'symphonia.app' }
         config.action_mailer.preview_path = "{#{app.root.join('spec/mailers/previews')},#{root.join('spec/mailers/previews')}}"
       end
     end
 
-    initializer :assets do |_app|
-      config.assets.precompile << 'symphonia/application.css'
-      #if defined?(::Ckeditor)
-      #  config.assets.precompile << 'ckeditor/**/*'
-      #  config.assets.precompile << 'symphonia/symphonia_ckeditor.js'
-      #end
-    end
-
-    initializer :symphonia_general_permissions do |_app|
-      Symphonia::Permissions.map do |m|
-        m.register(:view_users).add(:users, %i[index show])
-        m.register(:manage_users).add(:users, %i[create update destroy new edit])
-      end
-
-    end
-
     # initializer :wicked_pdf do |_app|
     #   WickedPdf.config = {
     #     layout: 'application.pdf',