RubyGems - typus - Versions diffs - 1.0.0.pre8 → 1.0.0.pre9 - Mend

typus 1.0.0.pre8 → 1.0.0.pre9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (247) hide show

data/lib/tasks/typus.rake CHANGED Viewed

@@ -8,12 +8,4 @@ namespace :typus do
     end
   end
-  desc "Install acts_as_list, acts_as_tree and paperclip."
-  task :misc do
-    plugins = [ "git://github.com/thoughtbot/paperclip.git",
-                "git://github.com/rails/acts_as_list.git",
-                "git://github.com/rails/acts_as_tree.git" ]
-    system "rails plugin install #{plugins.join(" ")} --force"
-  end
 end

data/lib/typus.rb CHANGED Viewed

@@ -5,67 +5,83 @@ require "support/array"
 require "support/hash"
 require "support/object"
 require "support/string"
 require "typus/engine"
-require "typus/configuration"
-require "typus/resources"
 require "typus/orm/active_record"
 require "typus/user"
-require "vendor/paginator"
+autoload :FakeUser, "support/fake_user"
 module Typus
-  # Define the application name.
+  autoload :Configuration, "typus/configuration"
+  autoload :Resources, "typus/resources"
+  module Authentication
+    autoload :Base, "typus/authentication/base"
+    autoload :None, "typus/authentication/none"
+    autoload :HttpBasic, "typus/authentication/http_basic"
+    autoload :Session, "typus/authentication/session"
+  end
   mattr_accessor :admin_title
   @@admin_title = "Typus"
-  # Define a subtitle
   mattr_accessor :admin_sub_title
   @@admin_sub_title = <<-CODE
 <a href="http://core.typuscms.com/">typus</a> by <a href="http://intraducibles.com">intraducibles.com</a>
   CODE
-  # Authentication mechanism: none, basic, advanced
+  ##
+  # Available Authentication Mechanisms are:
+  #
+  # - none
+  # - basic: Uses http authentication
+  # - session
+  #
   mattr_accessor :authentication
   @@authentication = :none
-  # Define the configuration folder.
   mattr_accessor :config_folder
   @@config_folder = "config/typus"
-  # Define the username
   mattr_accessor :username
   @@username = "admin"
-  # Define the password: Used as a default password and for the http
-  # authentication.
+  ##
+  # Define a password.
+  #
+  # Used as default password for http and advances authentication.
+  #
   mattr_accessor :password
   @@password = "columbia"
+  ##
   # Configure the e-mail address which will be shown in Admin::Mailer.
+  #
+  # When `nil`, the `forgot_password` will be disabled.
+  #
   mattr_accessor :mailer_sender
   @@mailer_sender = nil
-  # Define the file preview.
   mattr_accessor :file_preview
   @@file_preview = :medium
-  # Define the file thumbnail.
   mattr_accessor :file_thumbnail
   @@file_thumbnail = :thumb
+  ##
   # Defines the default relationship table.
+  #
   mattr_accessor :relationship
   @@relationship = "typus_users"
-  # Defines the default master role.
   mattr_accessor :master_role
   @@master_role = "admin"
-  # Defines the default user_class_name.
   mattr_accessor :user_class_name
   @@user_class_name = "TypusUser"
-  # Defines the default user_fk.
   mattr_accessor :user_fk
   @@user_fk = "typus_user_id"
@@ -74,8 +90,8 @@ module Typus
   class << self
-    # Default way to setup typus. Run rails generate typus to create
-    # a fresh initializer with all configuration values.
+    # Default way to setup typus. Run `rails generate typus` to create a fresh
+    # initializer with all configuration values.
     def setup
       yield self
     end
@@ -115,7 +131,7 @@ module Typus
     def locales
       human = available_locales.map { |i| locales_mapping[i.to_s] }
-      available_locales.map { |i| i.to_s }.to_hash_with(human)
+      available_locales.map { |i| i.to_s }.to_hash_with(human).invert
     end
     def locales_mapping

data/lib/typus/authentication/base.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module Typus
+  module Authentication
+    module Base
+      def current_user
+        @current_user
+      end
+      def authenticate; end
+      def check_if_user_can_perform_action_on_user; end
+      def check_if_user_can_perform_action_on_resources; end
+      def check_if_user_can_perform_action_on_resource; end
+      def check_resource_ownership; end
+      def check_resource_ownerships; end
+      def check_ownership_of_referal_item; end
+      def set_attributes_on_create; end
+      def set_attributes_on_update; end
+      def reload_locales; end
+    end
+  end
+end

data/lib/typus/authentication/http_basic.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module Typus
+  module Authentication
+    module HttpBasic
+      protected
+      include Base
+      def authenticate
+        @current_user = FakeUser.new
+        authenticate_or_request_with_http_basic(Typus.admin_title) do |user_name, password|
+          user_name == Typus.username && password == Typus.password
+        end
+      end
+    end
+  end
+end

data/lib/typus/authentication/none.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Typus
+  module Authentication
+    module None
+      protected
+      include Base
+      def authenticate
+        @current_user = FakeUser.new
+      end
+    end
+  end
+end

data/lib/typus/authentication/session.rb ADDED Viewed

@@ -0,0 +1,190 @@
+module Typus
+  module Authentication
+    module Session
+      protected
+      include Base
+      def authenticate
+        if session[:typus_user_id]
+          current_user
+        else
+          back_to = request.env['PATH_INFO'] unless [admin_dashboard_path, admin_path].include?(request.env['PATH_INFO'])
+          redirect_to new_admin_session_path(:back_to => back_to)
+        end
+      end
+      #--
+      # Return the current user. If role does not longer exist on the
+      # system current_user will be signed out from Typus.
+      #++
+      def current_user
+        user = Typus.user_class.find(session[:typus_user_id])
+        unless Typus::Configuration.roles.has_key?(user.role)
+          raise _t("Role does no longer exists.")
+        end
+        unless user.status
+          back_to = (request.env['REQUEST_URI'] == admin_dashboard_path) ? nil : request.env['REQUEST_URI']
+          raise _t("Typus user has been disabled.")
+        end
+        I18n.locale = user.preferences[:locale]
+        return user
+      rescue Exception => error
+        session[:typus_user_id] = nil
+        redirect_to new_admin_session_path(:back_to => back_to), :notice => error.message
+      end
+      #--
+      # Action is available on: edit, update, toggle and destroy
+      #++
+      def check_if_user_can_perform_action_on_user
+        return unless @item.kind_of?(Typus.user_class)
+        message = case params[:action]
+                  when 'edit'
+                    # Only admin and owner of Typus User can edit.
+                    if current_user.is_not_root? && (current_user != @item)
+                      _t("As you're not the admin or the owner of this record you cannot edit it.")
+                    end
+                  when 'update'
+                    # current_user cannot change her role.
+                    if current_user && !(@item.role == params[@object_name][:role])
+                      _t("You can't change your role.")
+                    end
+                  when 'toggle'
+                    # Only admin can toggle typus user status, but not herself.
+                    if current_user.is_root? && (current_user == @item)
+                      _t("You can't toggle your status.")
+                    elsif current_user.is_not_root?
+                      _t("You're not allowed to toggle status.")
+                    end
+                  when 'destroy'
+                    # Admin can remove anything except herself.
+                    if current_user.is_root? && (current_user == @item)
+                      _t("You can't remove yourself.")
+                    elsif current_user.is_not_root?
+                      _t("You're not allowed to remove Typus Users.")
+                    end
+                  end
+        redirect_to set_path, :notice => message if message
+      end
+      #--
+      # This method checks if the user can perform the requested action.
+      # It works on models, so its available on the `resources_controller`.
+      #++
+      def check_if_user_can_perform_action_on_resources
+        message = case params[:action]
+                  when 'index', 'show'
+                    "%{current_user_role} can't display items."
+                  when 'destroy'
+                    "%{current_user_role} can't delete this item."
+                  else
+                    "%{current_user_role} can't perform action. (%{action})"
+                  end
+        message = _t(message,
+                    :current_user_role => current_user.role.capitalize,
+                    :action => params[:action])
+        unless current_user.can?(params[:action], @resource)
+          redirect_to set_path, :notice => message
+        end
+      end
+      #--
+      # This method checks if the user can perform the requested action.
+      # It works on a resource: git, memcached, syslog ...
+      #++
+      def check_if_user_can_perform_action_on_resource
+        controller = params[:controller].remove_prefix
+        action = params[:action]
+        unless current_user.can?(action, controller.camelize, { :special => true })
+          render :text => "Not allowed!", :status => :unprocessable_entity
+        end
+      end
+      #--
+      # If item is owned by another user, we only can perform a
+      # show action on the item. Updated item is also blocked.
+      #
+      #   before_filter :check_resource_ownership, :only => [ :edit, :update, :destroy,
+      #                                                       :toggle, :position,
+      #                                                       :relate, :unrelate ]
+      #++
+      def check_resource_ownership
+        # By-pass if current_user is root.
+        return if current_user.is_root?
+        condition_typus_users = @item.respond_to?(Typus.relationship) && !@item.send(Typus.relationship).include?(current_user)
+        condition_typus_user_id = @item.respond_to?(Typus.user_fk) && !@item.owned_by?(current_user)
+        if condition_typus_users || condition_typus_user_id
+           alert = _t("You don't have permission to access this item.")
+           redirect_to set_path, :alert => alert
+        end
+      end
+      def check_resource_ownerships
+        # By-pass if current_user is root.
+        return if current_user.is_root?
+        # Show only related items it @resource has a foreign_key (Typus.user_fk)
+        # related to the logged user.
+        if @resource.typus_user_id?
+          condition = { Typus.user_fk => current_user }
+          @conditions = @resource.merge_conditions(@conditions, condition)
+        end
+      end
+      def check_ownership_of_referal_item
+        return unless params[:resource] && params[:resource_id]
+        klass = params[:resource].classify.constantize
+        return if !klass.typus_user_id?
+        item = klass.find(params[:resource_id])
+        raise "You're not owner of this record." unless item.owned_by?(current_user) || current_user.is_root?
+      end
+      def set_attributes_on_create
+        if @resource.typus_user_id?
+          @item.attributes = { Typus.user_fk => current_user.id }
+        end
+      end
+      def set_attributes_on_update
+        if @resource.typus_user_id? && current_user.is_not_root?
+          @item.update_attributes(Typus.user_fk => current_user.id)
+        end
+      end
+      #--
+      # Reload current_user when updating to see flash message in the
+      # correct locale.
+      #++
+      def reload_locales
+        if @resource.eql?(Typus.user_class)
+          I18n.locale = current_user.reload.preferences[:locale]
+        end
+      end
+    end
+  end
+end

data/lib/typus/format.rb CHANGED Viewed

@@ -1,3 +1,8 @@
+if RUBY_VERSION >= '1.9'
+  require 'csv'
+  FasterCSV = CSV
+end
 module Typus
   module Format
@@ -5,7 +10,6 @@ module Typus
     protected
     def generate_html
       items_count = @resource.count(:joins => @joins, :conditions => @conditions)
       items_per_page = @resource.typus_options_for(:per_page)
@@ -14,7 +18,6 @@ module Typus
       end
       @items = @pager.page(params[:page])
     end
     #--
@@ -23,27 +26,13 @@ module Typus
     #       We should find a way to be able to process data.
     #++
     def generate_csv
       fields = @resource.typus_fields_for(:csv)
-      require 'csv'
-      if CSV.const_defined?(:Reader)
-        # Old CSV version so we enable faster CSV.
-        begin
-          require 'fastercsv'
-        rescue Exception => error
-          raise error.message
-        end
-        csv = FasterCSV
-      else
-        csv = CSV
-      end
       filename = Rails.root.join("tmp", "export-#{@resource.to_resource}-#{Time.zone.now.to_s(:number)}.csv")
       options = { :conditions => @conditions, :batch_size => 1000 }
-      csv.open(filename, 'w', :col_sep => ';') do |csv|
+      FasterCSV.open(filename, 'w', :col_sep => ';') do |csv|
         csv << fields.keys
         @resource.find_in_batches(options) do |records|
           records.each do |record|
@@ -63,11 +52,15 @@ module Typus
       end
       send_file filename
+    end
+    def generate_json
+      export(:json)
     end
-    def generate_json; export(:json); end
-    def generate_xml; export(:xml); end
+    def generate_xml
+      export(:xml)
+    end
     def export(format)
       fields = @resource.typus_fields_for(format).collect { |i| i.first }