usman 0.1.0

data/app/helpers/usman/authentication_helper.rb

@@ -0,0 +1,120 @@
+module Usman
+  module AuthenticationHelper
+
+    private
+    
+    def current_user
+      # Return if @current_user is already initialized else check if the user exists with the auth token present in request header
+      @current_user ||= authenticate_with_http_token { |token, options| User.find_by(auth_token: token)}
+    end
+    
+    # Returns the default URL to which the system should redirect the user after successful authentication
+    def default_redirect_url_after_sign_in
+      admin_dashboard_url    
+    end
+
+    # Returns the default URL to which the system should redirect the user after an unsuccessful attempt to authorise a resource/page
+    def default_sign_in_url
+      sign_in_url
+    end
+
+    # Method to handle the redirection after unsuccesful authentication
+    # This method should also handle the redirection if it has come through a client appliction for authentication
+    # In that case, it should persist the params passed by the client application
+    def redirect_after_unsuccessful_authentication
+      params_hsh = {}
+      params_hsh[:client_app] = params[:client_app] if params[:client_app]
+      params_hsh[:redirect_back_url] = params[:redirect_back_url] if params[:redirect_back_url]
+      params_hsh[:requested_url] = request.original_url if request.get?
+      redirect_to add_query_params(default_sign_in_url, params_hsh)
+      return
+    end
+
+    # Method to redirect after successful authentication
+    # This method should also handle the requests forwarded by the client for authentication
+    def redirect_to_appropriate_page_after_sign_in
+      if params[:redirect_back_url]
+        redirect_to params[:redirect_back_url]+"?auth_token=#{@current_user.auth_token}"
+      elsif params[:requested_url]
+        redirect_to params[:requested_url]
+      else
+        redirect_to default_redirect_url_after_sign_in
+      end
+      return
+    end
+
+    def redirect_or_popup_to_default_sign_in_page
+      respond_to do |format|
+        format.html {
+          redirect_after_unsuccessful_authentication
+        }
+        format.js {
+          render(:partial => 'usman/sessions/sign_in.js.erb', :handlers => [:erb], :formats => [:js])
+        }
+      end
+    end
+
+    # This method is widely used to create the @current_user object from the session
+    # This method will return @current_user if it already exists which will save queries when called multiple times
+    def current_user
+      # Check if the user exists with the auth token present in session
+      @current_user = User.find_by_id(session[:id]) unless @current_user
+      return @current_user
+    end
+
+    # This method is usually used as a before filter to secure some of the actions which requires the user to be signed in.
+    def require_user
+      current_user
+      if @current_user
+        if @current_user.token_expired?
+          #binding.pry
+          @current_user = nil
+          session.delete(:id)
+          set_notification_messages("authentication.session_expired", :error)
+          redirect_or_popup_to_default_sign_in_page
+          return
+        end
+      else
+        set_notification_messages("authentication.permission_denied", :error)
+        redirect_or_popup_to_default_sign_in_page
+        return
+      end
+    end
+
+    # This method is usually used as a before filter from admin controllers to ensure that the logged in user is a super admin
+    def require_super_admin
+      unless @current_user.is_super_admin?
+        set_notification_messages("authentication.permission_denied", :error)
+        redirect_or_popup_to_default_sign_in_page
+      end
+    end
+
+    # This method is only used for masquerading. When admin masquerade as user A and then as B, when he logs out as B he should be logged in back as A
+    # This is accomplished by storing the last user id in session and activating it when user is logged off
+    def restore_last_user
+      return @last_user if @last_user
+      if session[:last_user_id].present?
+        @last_user = User.find_by_id(session[:last_user_id])
+        message = translate("users.sign_in_back", user: @last_user.name)
+        set_flash_message(message, :success, false)
+        session.destroy()
+        session[:id] = @last_user.id if @last_user.present?
+        return @last_user
+      end
+    end
+
+    def masquerade_as_user(user)
+      #if ["development", "it", "test"].include?(Rails.env)
+        message = translate("users.masquerade", user: user.name)
+        set_flash_message(message, :success, false)
+        session[:last_user_id] = current_user.id if current_user
+        user.start_session
+        session[:id] = user.id
+        default_redirect_url_after_sign_in
+        url = admin_dashboard_url
+        redirect_to url
+      #end
+    end
+
+  end
+end

data/app/jobs/usman/application_job.rb

@@ -0,0 +1,4 @@
+module Usman
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/usman/application_mailer.rb

@@ -0,0 +1,6 @@
+module Usman
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/feature.rb

@@ -0,0 +1,112 @@
+class Feature < ApplicationRecord
+  
+  extend KuppayamValidators
+
+  # Constants
+  UNPUBLISHED = "unpublished"
+  PUBLISHED = "published"
+  DISABLED = "disabled"
+  
+  STATUS = { 
+    UNPUBLISHED => "Un-Published", 
+    PUBLISHED => "Published", 
+    DISABLED => "Disabled"
+  }
+
+  STATUS_REVERSE = { 
+    "Un-Published" => UNPUBLISHED, 
+    "Published" => PUBLISHED, 
+    "Disabled" => DISABLED
+  }
+  
+	# Associations
+  has_many :permissions
+  has_many :users, through: :permissions
+  has_one :feature_image, :as => :imageable, :dependent => :destroy, :class_name => "Image::FeatureImage"
+
+	# Validations
+	validate_string :name, mandatory: true
+	validates :status, :presence => true, :inclusion => {:in => STATUS.keys, :presence_of => :status, :message => "%{value} is not a valid status" }
+
+  # ------------------
+  # Class Methods
+  # ------------------
+
+  # return an active record relation object with the search query in its where clause
+  # Return the ActiveRecord::Relation object
+  # == Examples
+  #   >>> feature.search(query)
+  #   => ActiveRecord::Relation object
+  scope :search, lambda {|query| where("LOWER(name) LIKE LOWER('%#{query}%')")
+                        }
+
+  scope :status, lambda { |status| where("LOWER(status)='#{status}'") }
+
+  scope :unpublished, -> { where(status: UNPUBLISHED) }
+  scope :published, -> { where(status: PUBLISHED) }
+  scope :disabled, -> { where(status: DISABLED) }
+
+  # * Return full name
+  # == Examples
+  #   >>> feature.display_name
+  #   => "Products"
+  def display_name
+    "#{name}"
+  end
+
+  # * Return true if the user is not published, else false.
+  # == Examples
+  #   >>> feature.published?
+  #   => true
+  def published?
+    (status == PUBLISHED)
+  end
+
+  # * Return true if the user is unpublished, else false.
+  # == Examples
+  #   >>> feature.unpublished?
+  #   => true
+  def unpublished?
+    (status == UNPUBLISHED)
+  end
+
+  # * Return true if the user is disabled, else false.
+  # == Examples
+  #   >>> feature.disabled?
+  #   => true
+  def disabled?
+    (status == DISABLED)
+  end
+
+  # change the status to :unpublished
+  # Return the status
+  # == Examples
+  #   >>> feature.unpublish!
+  #   => "unpublished"
+  def unpublish!
+    self.update_attribute(:status, UNPUBLISHED)
+  end
+
+  # change the status to :published
+  # Return the status
+  # == Examples
+  #   >>> feature.publish!
+  #   => "published"
+  def publish!
+    self.update_attribute(:status, PUBLISHED)
+  end
+
+  # change the status to :suspended
+  # Return the status
+  # == Examples
+  #   >>> feature.suspend!
+  #   => "suspended"
+  def suspend!
+    self.update_attribute(:status, DISABLED)
+  end
+
+  def can_be_destroyed?
+    return true
+  end
+	
+end

data/app/models/image/base.rb

@@ -0,0 +1,30 @@
+class Image::Base < ActiveRecord::Base
+
+  self.table_name = "images"
+
+  attr_accessor :crop_x, :crop_y, :crop_w, :crop_h
+
+  # Associations
+  belongs_to :imageable, :polymorphic => true, optional: true
+
+  # Callbacks
+  after_save :crop_image
+
+  def crop_image
+    image.recreate_versions! if crop_x.present?
+  end
+
+  #one convenient method to pass jq_upload the necessary information
+  def to_jq_upload
+    {
+      "name" => read_attribute(:image),
+      "size" => image.size,
+      "original_url" => image.url,
+      "large_url" => image.large.url,
+      "medium_url" => image.medium.url,
+      "small_url" => image.small.url,
+      "tiny_url" => image.tiny.url
+    }
+  end
+
+end

data/app/models/image/feature_image.rb

@@ -0,0 +1,3 @@
+class Image::FeatureImage < Image::Base
+	mount_uploader :image, FeatureImageUploader
+end

data/app/models/image/profile_picture.rb

@@ -0,0 +1,3 @@
+class Image::ProfilePicture < Image::Base
+	mount_uploader :image, ProfilePictureUploader
+end

data/app/models/permission.rb

@@ -0,0 +1,28 @@
+class Permission < ApplicationRecord
+  
+	# Associations
+  belongs_to :user
+  belongs_to :feature
+
+  # Validations
+  validates :can_create, inclusion: { in: [true, false] }
+  validates :can_read, inclusion: { in: [true, false] }
+  validates :can_update, inclusion: { in: [true, false] }
+  validates :can_delete, inclusion: { in: [true, false] }
+
+  # ------------------
+  # Class Methods
+  # ------------------
+
+  # return an active record relation object with the search query in its where clause
+  # Return the ActiveRecord::Relation object
+  # == Examples
+  #   >>> permission.search(query)
+  #   => ActiveRecord::Relation object
+  scope :search, lambda {|query|  joins("INNER JOIN users u on permissions.user_id = u.id").
+                                  joins("INNER JOIN features f on permissions.feature_id = f.id").
+                                  where("LOWER(u.name) LIKE LOWER('%#{query}%') OR\
+                                        LOWER(u.username) LIKE LOWER('%#{query}%') OR\
+                                        LOWER(u.email) LIKE LOWER('%#{query}%') OR\
+                                        LOWER(f.name) LIKE LOWER('%#{query}%')")}
+end

data/app/models/user.rb

@@ -0,0 +1,247 @@
+class User < ActiveRecord::Base
+
+  extend KuppayamValidators
+  
+  # including Password Methods
+  has_secure_password
+
+  # Constants
+  PENDING = "pending"
+  APPROVED = "approved"
+  SUSPENDED = "suspended"
+  
+  STATUS = { 
+    PENDING => "Pending", 
+    APPROVED => "Approved", 
+    SUSPENDED => "Suspended"
+  }
+
+  STATUS_REVERSE = { 
+    "Pending" => PENDING, 
+    "Approved" => APPROVED, 
+    "Suspended" => SUSPENDED
+  }
+
+  EXCLUDED_JSON_ATTRIBUTES = [:confirmation_token, :password_digest, :reset_password_token, :unlock_token, :status, :reset_password_sent_at, :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip, :last_sign_in_ip, :confirmed_at, :confirmation_sent_at, :unconfirmed_email, :failed_attempts, :locked_at, :created_at, :updated_at]
+  DEFAULT_PASSWORD = "Password@1"
+  SESSION_TIME_OUT = 30.minutes
+
+  # Validations
+  validate_string :name, mandatory: true
+  validate_username :username
+  validate_email :email
+  validate_password :password, condition_method: :should_validate_password?
+
+  validates :status, :presence => true, :inclusion => {:in => STATUS.keys, :presence_of => :status, :message => "%{value} is not a valid status" }
+
+  # Callbacks
+  before_validation :generate_auth_token
+
+  # Associations
+  has_one :profile_picture, :as => :imageable, :dependent => :destroy, :class_name => "Image::ProfilePicture"
+  has_many :permissions
+  has_many :features, through: :permissions
+
+  
+  # ------------------
+  # Class Methods
+  # ------------------
+
+  def self.find_by_email_or_username(query)
+    self.where("LOWER(email) = LOWER('#{query}') OR LOWER(username) = LOWER('#{query}')").first
+  end
+
+  # return an active record relation object with the search query in its where clause
+  # Return the ActiveRecord::Relation object
+  # == Examples
+  #   >>> user.search(query)
+  #   => ActiveRecord::Relation object
+  scope :search, lambda {|query| where("LOWER(name) LIKE LOWER('%#{query}%') OR\
+                                        LOWER(username) LIKE LOWER('%#{query}%') OR\
+                                        LOWER(email) LIKE LOWER('%#{query}%') OR\
+                                        LOWER(designation) LIKE LOWER('%#{query}%')")
+                        }
+
+  scope :status, lambda { |status| where("LOWER(status)='#{status}'") }
+
+  scope :pending, -> { where(status: PENDING) }
+  scope :approved, -> { where(status: APPROVED) }
+  scope :suspended, -> { where(status: SUSPENDED) }
+
+  # ------------------
+  # Instance variables
+  # ------------------
+
+  # * Return full name
+  # == Examples
+  #   >>> user.display_name
+  #   => "Joe Black"
+  def display_name
+    "#{name}"
+  end
+
+  # * Return true if the user is not approved, else false.
+  # == Examples
+  #   >>> user.approved?
+  #   => true
+  def approved?
+    (status == APPROVED)
+  end
+
+  # * Return true if the user is pending, else false.
+  # == Examples
+  #   >>> user.pending?
+  #   => true
+  def pending?
+    (status == PENDING)
+  end
+
+  # * Return true if the user is suspended, else false.
+  # == Examples
+  #   >>> user.suspended?
+  #   => true
+  def suspended?
+    (status == SUSPENDED)
+  end
+
+  # change the status to :pending
+  # Return the status
+  # == Examples
+  #   >>> user.pending!
+  #   => "pending"
+  def pending!
+    self.update_attribute(:status, PENDING)
+  end
+
+  # change the status to :approved
+  # Return the status
+  # == Examples
+  #   >>> user.approve!
+  #   => "approved"
+  def approve!
+    self.update_attribute(:status, APPROVED)
+  end
+
+  # change the status to :suspended
+  # Return the status
+  # == Examples
+  #   >>> user.suspend!
+  #   => "suspended"
+  def suspend!
+    self.update_attribute(:status, SUSPENDED)
+  end
+
+  def is_super_admin?
+    super_admin
+  end
+
+  def start_session
+    # FIX ME - specs are not written to ensure that all these data are saved
+    self.token_created_at = Time.now
+    self.sign_in_count = self.sign_in_count ? self.sign_in_count + 1 : 1
+    self.last_sign_in_at = self.current_sign_in_at
+    self.last_sign_in_ip = self.current_sign_in_ip
+    self.current_sign_in_at = self.token_created_at
+
+    # FIX ME - pass remote_ip to this method.
+    # Make necessary changes to authentication service to make it work
+    # self.current_sign_in_ip = remote_ip if remote_ip
+    self.save
+  end
+
+  def end_session
+    # Reseting the auth token for user when he logs out.
+    # (Time.now - 1.second)
+    self.update_attributes auth_token: SecureRandom.hex, token_created_at: nil
+  end
+
+  def assign_default_password
+    self.password = DEFAULT_PASSWORD
+    self.password_confirmation = DEFAULT_PASSWORD
+  end
+
+  def token_expired?
+    return self.token_created_at.nil? || (Time.now > self.token_created_at + SESSION_TIME_OUT)
+  end
+
+  def generate_reset_password_token
+     self.reset_password_token = SecureRandom.hex unless self.reset_password_token
+     self.reset_password_sent_at = Time.now unless self.reset_password_sent_at
+  end
+
+  def default_image_url(size="small")
+    "/assets/kuppayam/defaults/user-#{size}.png"
+  end
+
+  def set_permission(feature_name, **options)
+    options.reverse_merge!(
+      can_create: false,
+      can_read: true,
+      can_update: false,
+      can_delete: false
+    )
+
+    feature = get_feature(feature_name)
+
+    permission = Permission.where("user_id = ? AND feature_id = ?", self.id, feature.id).first || Permission.new(user: self, feature: feature)
+    permission.assign_attributes(options)
+    permission.save
+  end
+
+  def can_create?(feature_name)
+    feature = get_feature(feature_name)
+
+    permission = Permission.where("feature_id = ? AND user_id = ?", feature.id, self.id).first
+    permission && permission.can_create?
+  end
+
+  def can_read?(feature_name)
+    feature = get_feature(feature_name)
+
+    permission = Permission.where("feature_id = ? AND user_id = ?", feature.id, self.id).first
+    permission && permission.can_read?
+  end
+
+  def can_update?(feature_name)
+    feature = get_feature(feature_name)
+
+    permission = Permission.where("feature_id = ? AND user_id = ?", feature.id, self.id).first
+    permission && permission.can_update?
+  end
+
+  def can_delete?(feature_name)
+    feature = get_feature(feature_name)
+
+    permission = Permission.where("feature_id = ? AND user_id = ?", feature.id, self.id).first
+    permission && permission.can_delete?
+  end
+
+  def can_be_destroyed?
+    return true
+  end
+
+  private
+
+  def should_validate_password?
+    self.new_record? || (self.new_record? == false and self.password.present?)
+  end
+
+  def generate_auth_token
+    self.auth_token = SecureRandom.hex unless self.auth_token
+  end
+
+  def get_feature(feature_name)
+    case feature_name
+    when Feature
+      feature = feature_name
+    when String
+      feature = Feature.find_by_name(feature_name)
+    when Integer
+      feature = Feature.find_by_id(feature_name)
+    else
+      raise "Feature with name '#{feature.name}' doesn't exist" unless feature
+    end
+    return feature
+  end
+
+end

data/app/models/usman/application_record.rb

@@ -0,0 +1,5 @@
+module Usman
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/services/usman/authentication_service.rb

@@ -0,0 +1,45 @@
+module Usman
+  class AuthenticationService
+
+    attr_reader :login_handle, :password, :error, :user
+
+    def initialize(params)
+      @login_handle = params[:login_handle]
+      @password = params[:password]
+      @error = nil
+
+      check_if_user_exists
+      if @user
+        authenticate
+        check_if_user_is_approved
+      end
+
+      @user.start_session unless @error
+    end
+
+    def invalid_login_error
+      "authentication.invalid_login"
+    end
+
+    def user_status_error
+      "authentication.user_is_#{@user.status.downcase}"
+    end
+
+    def check_if_user_exists
+      @user = User.where("LOWER(email) = LOWER('#{@login_handle}') OR LOWER(username) = LOWER('#{@login_handle}')").first
+      set_error(invalid_login_error) unless @user
+    end
+
+    def check_if_user_is_approved
+      set_error(user_status_error) unless @user.approved?
+    end
+
+    def authenticate
+      set_error(invalid_login_error) unless @user.authenticate(@password)
+    end
+
+    def set_error(id)
+      @error ||= id
+    end
+  end
+end

data/app/uploaders/feature_image_uploader.rb

@@ -0,0 +1,14 @@
+class FeatureImageUploader < ImageUploader
+	def store_dir
+    "uploads/feature_images/#{model.id}"
+  end
+
+	version :large do
+    process :resize_to_fill => [400, 400]
+  end
+
+  version :small do
+    process :resize_to_fill => [100, 100]
+  end
+  
+end