usman 0.3.9 → 0.3.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7c9994e5cbd0656c7e474abba0af96316e2026ff
-  data.tar.gz: fe09a804f3dd1eededff04c8d8e023303ac79c52
+  metadata.gz: 247fe28d994f29a5dae5161aab173588e3eabe02
+  data.tar.gz: 4eda2b63f0f9557cddd4a4eb4348a2f78949c8ff
 SHA512:
-  metadata.gz: 184a2ddb395120ca4c1a9c24034211e4260f8650935c771f3d30e56c0119cd2be5cf3c30460744b56748d083b44599c8f12bb844d91e1fe03d255076e10bfdf5
-  data.tar.gz: 4b237890aab134dd28f5f5fcb0323ff3b94d447f2a62605a13e2c40705ceaa034005ca4aca179c5333b97d7afebc2a4e339abb34603eb4454b1178b49951bec1
+  metadata.gz: 13734dfb988c4ee34a328eab1ea00595d658ac7138adeecb6992fd0b186779e523d6899702d4a34f5c4fdf7e04ae88f572436ce4dbe9127aad224a326e8d9266
+  data.tar.gz: 2c6a701c84c9d4f2d805a78982ff94b0c3619e5097bdd091434adc6c513dc94b7d20c91ddd121aba3277c04351c6e23764bc979006a8d563f971fe3ac6206a93

data/README.md

@@ -49,12 +49,12 @@ open browser and go to /sign_in url
 
 Specify the railties order if required in main application.rb
 
-``
+```bash
 config.autoload_paths << "app/services"
 config.railties_order = [:main_app, Usman::Engine, Kuppayam::Engine, :all]
 ```
 
-# Seeding Data 
+# Seeding / Importing Data 
 
 run rake task for loading dummy data for users and features to start with.
 
@@ -73,7 +73,7 @@ $ bundle exec rake usman:import:dummy:permissions verbose=false
 $ bundle exec rake usman:import:dummy:roles verbose=false
 ```
 
-# Import Data
+## Cusotmized Importing
 
 You could override the seed files with your data.
 just create db/import_data in your project folder and create the following files filled with your data in the required format (checkout the dummy csvs in usman db/import_data/dummy/features.csv) for the columns required

data/app/controllers/usman/admin_controller.rb

@@ -1,26 +1,9 @@
 module Usman
-  class AdminController < Kuppayam::BaseController
+  class AdminController < Usman::ApplicationController
     
-    include Usman::AuthenticationHelper
-
-    layout 'kuppayam/admin'
-    
-    before_action :current_user
-    before_action :require_user
     before_action :require_site_admin
 
     private
 
-    def set_default_title
-      set_title("Usman Admin | User Management Module")
-    end
-
-    def configure_filter_param_mapping
-      @filter_param_mapping = default_filter_param_mapping
-      @filter_param_mapping[:super_admin] = :sa
-      @filter_param_mapping[:user] = :us
-      @filter_param_mapping[:feature] = :ft
-    end
-
   end
 end

data/app/controllers/usman/api/v1/docs_controller.rb

@@ -1,7 +1,12 @@
 module Usman
   module Api
     module V1
-      class DocsController < DocsBaseController
+      class DocsController < Usman::AdminController
+
+        layout 'kuppayam/docs'
+
+        before_action :set_nav_items, :set_tab_items
+        helper_method :breadcrumb_home_path
 
         def register
           set_title("Register API")
@@ -33,7 +38,7 @@ module Usman
           @example_path = "usman/api/v1/docs/"
           @examples = ["pos_case_1", "pos_case_2", "pos_case_3", "neg_case_1", "neg_case_2", "neg_case_3"]
 
-          set_nav("docs/register")
+          set_nav("docs/usman/register")
 
           render 'kuppayam/api/docs/show'
         end
@@ -61,7 +66,7 @@ module Usman
           @example_path = "usman/api/v1/docs/"
           @examples = ["pos_case_1", "neg_case_1", "neg_case_2", "neg_case_3", "neg_case_4"]
 
-          set_nav("docs/resend_otp")
+          set_nav("docs/usman/resend_otp")
 
           render 'kuppayam/api/docs/show'
         end
@@ -90,7 +95,7 @@ module Usman
           @example_path = "usman/api/v1/docs/"
           @examples = ["pos_case_1", "pos_case_2", "neg_case_1", "neg_case_2", "neg_case_3", "neg_case_4"]
 
-          set_nav("docs/verify_otp")
+          set_nav("docs/usman/verify_otp")
 
           render 'kuppayam/api/docs/show'
         end
@@ -119,7 +124,7 @@ module Usman
           @example_path = "usman/api/v1/docs/"# 
           @examples = ["pos_case_1", "neg_case_1", "neg_case_2", "neg_case_3"]
 
-          set_nav("docs/accept_tac")
+          set_nav("docs/usman/accept_tac")
 
           render 'kuppayam/api/docs/show'
         end
@@ -146,7 +151,7 @@ module Usman
           @example_path = "usman/api/v1/docs/"# 
           @examples = ["pos_case_1", "pos_case_2", "pos_case_3", "neg_case_1", "neg_case_2", "neg_case_3"]
 
-          set_nav("docs/create_profile")
+          set_nav("docs/usman/create_profile")
 
           render 'kuppayam/api/docs/show'
         end
@@ -174,7 +179,7 @@ module Usman
           @example_path = "usman/api/v1/docs/"# 
           @examples = ["pos_case_1", "pos_case_2", "pos_case_3", "neg_case_1", "neg_case_2", "neg_case_3"]
 
-          set_nav("docs/update_profile")
+          set_nav("docs/usman/update_profile")
 
           render 'kuppayam/api/docs/show'
         end
@@ -197,7 +202,7 @@ module Usman
           @example_path = "usman/api/v1/docs/"
           @examples = ["pos_case_1", "neg_case_1", "neg_case_2"]
 
-          set_nav("docs/get_profile_info")
+          set_nav("docs/usman/get_profile_info")
 
           render 'kuppayam/api/docs/show'
         end
@@ -223,7 +228,7 @@ module Usman
           @example_path = "usman/api/v1/docs/"
           @examples = ["pos_case_1", "neg_case_1", "neg_case_2"]
 
-          set_nav("docs/upload_profile_picture_base64")
+          set_nav("docs/usman/upload_profile_picture_base64")
 
           render 'kuppayam/api/docs/show'
         end
@@ -238,16 +243,17 @@ module Usman
           eos
 
           @input_headers = {
-            "Content-Type" => { value: "application/json", description: "The MIME media type for JSON text is application/json. This is to make sure that a valid json is returned. The default encoding is UTF-8. " },
             "Authorization" => { value: "Token token=\"87b01adbba90824b57add8cc06ad8738\"", description: "Put the API Token here. You shall get the API token after registering your device" }
           }
 
+          @warning = "Do not set Content Type Json as this is a multipart file upload request"
+
           @input_params = {}
 
           @example_path = "usman/api/v1/docs/"
           @examples = ["pos_case_1", "neg_case_1", "neg_case_2", "neg_case_3"]
 
-          set_nav("docs/upload_profile_picture")
+          set_nav("docs/usman/upload_profile_picture")
 
           render 'kuppayam/api/docs/show'
         end
@@ -270,11 +276,46 @@ module Usman
           @example_path = "usman/api/v1/docs/"
           @examples = ["pos_case_1", "neg_case_1", "neg_case_2"]
 
-          set_nav("docs/delete_profile_picture")
+          set_nav("docs/usman/delete_profile_picture")
 
           render 'kuppayam/api/docs/show'
         end
 
+        private
+
+        def set_nav_items
+          @nav_items = {
+            register: { nav_class: "docs/usman/register", icon_class: "fa-group", url: usman.docs_api_v1_register_path, text: "Registraions API"},
+            resend_otp: { nav_class: "docs/usman/resend_otp", icon_class: "fa-send", url: usman.docs_api_v1_resend_otp_path, text: "Resend OTP API"},
+            verify_otp: { nav_class: "docs/usman/verify_otp", icon_class: "fa-thumbs-up", url: usman.docs_api_v1_verify_otp_path, text: "Verify OTP API"},
+            accept_tac: { nav_class: "docs/usman/accept_tac", icon_class: "fa-check-square-o", url: usman.docs_api_v1_accept_tac_path, text: "Accept T&C API"},
+            create_profile: { nav_class: "docs/usman/create_profile", icon_class: "fa-user", url: usman.docs_api_v1_create_profile_path, text: "Create Profile API"},
+            update_profile: { nav_class: "docs/usman/update_profile", icon_class: "fa-user", url: usman.docs_api_v1_update_profile_path, text: "Update Profile API"},
+            get_profile_info: { nav_class: "docs/usman/get_profile_info", icon_class: "fa-user", url: usman.docs_api_v1_get_profile_info_path, text: "Get Profile Info API"},
+            upload_profile_picture_base64: { nav_class: "docs/usman/upload_profile_picture_base64", icon_class: "fa-photo", url: usman.docs_api_v1_upload_profile_picture_base64_path, text: "Upload Profile Picture (Base64)"},
+            upload_profile_picture: { nav_class: "docs/usman/upload_profile_picture", icon_class: "fa-photo", url: usman.docs_api_v1_upload_profile_picture_path, text: "Upload Profile Picture"},
+            delete_profile_picture: { nav_class: "docs/usman/delete_profile_picture", icon_class: "fa-photo", url: usman.docs_api_v1_delete_profile_picture_path, text: "Remove Profile Picture"}
+          }
+        end
+
+        def set_tab_items
+          @tab_items = {
+            usman: { nav_class: "docs/usman", icon_class: "fa-group", url: usman.docs_api_v1_register_path, text: "User APIs"}
+          }
+        end
+
+        def breadcrumb_home_path
+          usman.dashboard_path
+        end
+
+        def breadcrumbs_configuration
+          {
+            heading: "Usman - API Documentation",
+            description: "A brief documentation of all APIs implemented in the gem Usman with input and output details and examples",
+            links: []
+          }
+        end
+
       end
     end
   end

data/app/controllers/usman/application_controller.rb

@@ -7,6 +7,8 @@ module Usman
     
     before_action :current_user
     before_action :require_user
+
+    helper_method :breadcrumb_home_path
     
     private
 

data/app/controllers/usman/features_controller.rb

@@ -1,7 +1,7 @@
 module Usman
   class FeaturesController < ResourceController
 
-    before_action :require_site_admin
+    before_action :require_super_admin
     
     private
 
@@ -57,7 +57,9 @@ module Usman
       {
         page_title: "Features",
         js_view_path: "/kuppayam/workflows/parrot",
-        view_path: "/usman/features"
+        view_path: "/usman/features",
+        show_modal_after_create: false,
+        show_modal_after_update: false
       }
     end
 

data/app/controllers/usman/permissions_controller.rb

@@ -26,6 +26,8 @@ module Usman
       @relation = Permission.where("")
 
       parse_filters
+
+      # @user = User.normal_users.first if @user.blank? && @feature.blank?
       apply_filters
       
       @permissions = @r_objects = @relation.includes(:user, :feature).page(@current_page).per(@per_page)
@@ -35,7 +37,9 @@ module Usman
 
     def apply_filters
       @relation = @relation.search(@query) if @query
-      @order_by = "user_id DESC, created_at DESC" unless @order_by
+      @relation = @relation.where("user_id = ?", @user.id) if @user
+      @relation = @relation.where("feature_id = ?", @feature.id) if @feature
+      @order_by = "created_at DESC" unless @order_by
       @relation = @relation.order(@order_by)
     end
 
@@ -52,14 +56,41 @@ module Usman
     end
 
     def configure_filter_ui_settings
-      @filter_ui_settings = {}
+      @filter_ui_settings = {
+        user: {
+          object_filter: true,
+          select_label: 'Select User',
+          current_value: @user,
+          values: User.normal_users.order(:name).all,
+          current_filters: @filters,
+          url_method_name: 'permissions_url',
+          filters_to_remove: [:user],
+          filters_to_add: { feature: @feature.try(:id) },
+          show_null_filter_on_top: false,
+          show_all_filter_on_top: true
+        },
+        feature: {
+          object_filter: true,
+          select_label: 'Select Feature',
+          current_value: @feature,
+          values: Feature.order(:name).all,
+          current_filters: @filters,
+          url_method_name: 'permissions_url',
+          filters_to_remove: [:feature],
+          filters_to_add: { user: @user.try(:id) },
+          show_null_filter_on_top: false,
+          show_all_filter_on_top: true
+        }
+      }
     end
 
     def resource_controller_configuration
       {
         page_title: "Permissions",
         js_view_path: "/kuppayam/workflows/parrot",
-        view_path: "/usman/permissions"
+        view_path: "/usman/permissions",
+        show_modal_after_create: false,
+        show_modal_after_update: false
       }
     end
 

data/app/controllers/usman/resource_controller.rb

@@ -2,8 +2,13 @@ module Usman
   class ResourceController < ApplicationController
 
   	include ResourceHelper
-    before_action :configure_resource_controller
 
+    before_action :configure_resource_controller
+    before_action :require_read_permission, only: [:index, :show]
+    before_action :require_create_permission, only: [:new, :create]
+    before_action :require_update_permission, only: [:edit, :update, :update_status, :mark_as_featured, :remove_from_featured]
+    before_action :require_delete_permission, only: [:destroy]
+    
     private
 
     def set_default_title

data/app/controllers/usman/user_roles_controller.rb

@@ -113,6 +113,7 @@ module Usman
         collection_name: :users,
         item_name: :user,
         class: User,
+        feature_class: Role,
         show_modal_after_create: false,
         show_modal_after_update: false,
         page_title: "Manage User Roles",

data/app/helpers/usman/authentication_helper.rb

@@ -2,12 +2,22 @@ module Usman
   module AuthenticationHelper
 
     private
-    
-    def current_user
-      # Return if @current_user is already initialized else check if the user exists with the auth token present in request header
-      @current_user ||= authenticate_with_http_token { |token, options| User.find_by(auth_token: token)}
+
+    # --------------
+    # Common Methods
+    # --------------
+
+    def set_params_hsh
+      @params_hsh = {}
+      @params_hsh[:client_app] = params[:client_app] if params[:client_app]
+      @params_hsh[:redirect_back_url] = params[:redirect_back_url] if params[:redirect_back_url]
+      @params_hsh[:requested_url] = request.original_url if request.get?
     end
 
+    def permission_denied
+      render :file => "layouts/kuppayam/401", layout: 'layouts/kuppayam/blank_with_nav', :status => :unauthorized
+    end
+    
     # Returns the default URL to which the system should redirect the user after successful authentication
     def default_redirect_url_after_sign_in
       main_app.user_landing_url
@@ -18,15 +28,21 @@ module Usman
       usman.sign_in_url
     end
 
+    # -----------------
+    # Redirect Methods
+    # -----------------
+
     # Method to handle the redirection after unsuccesful authentication
     # This method should also handle the redirection if it has come through a client appliction for authentication
     # In that case, it should persist the params passed by the client application
-    def redirect_after_unsuccessful_authentication
-      @params_hsh = {}
-      @params_hsh[:client_app] = params[:client_app] if params[:client_app]
-      @params_hsh[:redirect_back_url] = params[:redirect_back_url] if params[:redirect_back_url]
-      @params_hsh[:requested_url] = request.original_url if request.get?
-      redirect_to add_query_params(default_sign_in_url, @params_hsh)
+    def redirect_after_unsuccessful_authentication(redirect_to_last_page=true)
+      if redirect_to_last_page
+        set_params_hsh
+        redirect_to add_query_params(default_sign_in_url, @params_hsh)
+      else
+        redirect_to default_sign_in_url
+      end
+      
       return
     end
 
@@ -56,25 +72,21 @@ module Usman
       end
     end
 
-    def redirect_or_popup_to_default_sign_in_page
+    def redirect_or_popup_to_default_sign_in_page(redirect_to_last_page=true)
       respond_to do |format|
         format.html {
-          redirect_after_unsuccessful_authentication
+          redirect_after_unsuccessful_authentication(redirect_to_last_page)
         }
         format.js {
-          @params_hsh = {}
-          @params_hsh[:client_app] = params[:client_app] if params[:client_app]
-          @params_hsh[:redirect_back_url] = params[:redirect_back_url] if params[:redirect_back_url]
-          @params_hsh[:requested_url] = request.original_url if request.get?
-          
+          set_params_hsh if redirect_to_last_page
           render(:partial => 'usman/sessions/sign_in.js.erb', :handlers => [:erb], :formats => [:js])
         }
       end
     end
 
-    def permission_denied
-      render :file => "layouts/kuppayam/401", layout: 'layouts/kuppayam/blank_with_nav', :status => :unauthorized
-    end
+    # -------------------
+    # Permission Helpers
+    # -------------------
 
     # This method is widely used to create the @current_user object from the session
     # This method will return @current_user if it already exists which will save queries when called multiple times
@@ -90,7 +102,6 @@ module Usman
       unless @current_user
         text = "#{I18n.t("authentication.login_required.heading")}"
         set_flash_message(text, :error, false) if defined?(flash) && flash
-
         redirect_or_popup_to_default_sign_in_page
         return
       end
@@ -101,8 +112,7 @@ module Usman
       unless @current_user.super_admin?
         text = "#{I18n.t("authentication.permission_denied.heading")}: #{I18n.t("authentication.permission_denied.message")}"
         set_flash_message(text, :error, false) if defined?(flash) && flash
-
-        redirect_or_popup_to_default_sign_in_page
+        redirect_or_popup_to_default_sign_in_page(false)
       end
     end
 
@@ -110,24 +120,82 @@ module Usman
       return true if @current_user && @current_user.super_admin?
       unless @current_user && @current_user.has_role?("Site Admin")
         respond_to do |format|
-          format.html {
-            #text = "#{I18n.t("authentication.permission_denied.heading")}: #{I18n.t("authentication.permission_denied.message")}"
-            #set_flash_message(text, :error, false) if defined?(flash) && flash
-            #redirect_after_unsuccessful_authentication
-            permission_denied
-          }
+          format.html { permission_denied }
           format.js {
-            @params_hsh = {}
-            @params_hsh[:client_app] = params[:client_app] if params[:client_app]
-            @params_hsh[:redirect_back_url] = params[:redirect_back_url] if params[:redirect_back_url]
-            @params_hsh[:requested_url] = request.original_url if request.get?
-            
+            set_params_hsh
             render(:partial => 'usman/sessions/sign_in.js.erb', :handlers => [:erb], :formats => [:js])
           }
         end
       end
     end
 
+    def require_read_permission
+      return true if @current_user && @current_user.super_admin?
+      current_permission
+      unless (@current_permission && @current_permission.can_read?)
+        respond_to do |format|
+          format.html { permission_denied }
+          format.js {
+            set_params_hsh
+            render(:partial => 'usman/sessions/permission_denied.js.erb', :handlers => [:erb], :formats => [:js])
+          }
+        end
+      end
+    end
+
+    def require_create_permission
+      return true if @current_user && @current_user.super_admin?
+      current_permission
+      unless (@current_permission && @current_permission.can_create?)
+        respond_to do |format|
+          format.html { permission_denied }
+          format.js {
+            set_params_hsh
+            render(:partial => 'usman/sessions/permission_denied.js.erb', :handlers => [:erb], :formats => [:js])
+          }
+        end
+      end
+    end
+
+    def require_update_permission
+      return true if @current_user && @current_user.super_admin?
+      current_permission
+      unless (@current_permission && @current_permission.can_update?)
+        respond_to do |format|
+          format.html { permission_denied }
+          format.js {
+            set_params_hsh
+            render(:partial => 'usman/sessions/permission_denied.js.erb', :handlers => [:erb], :formats => [:js])
+          }
+        end
+      end
+    end
+
+    def require_delete_permission
+      return true if @current_user && @current_user.super_admin?
+      current_permission
+      unless (@current_permission && @current_permission.can_delete?)
+        respond_to do |format|
+          format.html { permission_denied }
+          format.js {
+            set_params_hsh
+            render(:partial => 'usman/sessions/permission_denied.js.erb', :handlers => [:erb], :formats => [:js])
+          }
+        end
+      end
+    end
+
+    def current_permission
+      feature_class = @resource_options[:feature_class] || @resource_options[:class]
+      @current_feature = Feature.published.find_by_name(feature_class)
+      feature_id = @current_feature ? @current_feature.id : -1
+      @current_permission = @current_user.permissions.where("feature_id = ?", feature_id).first
+    end
+
+    # -------------------
+    # Masquerade Helpers
+    # -------------------
+
     # This method is only used for masquerading. When admin masquerade as user A and then as B, when he logs out as B he should be logged in back as A
     # This is accomplished by storing the last user id in session and activating it when user is logged off
     def restore_last_user

data/app/models/feature.rb

@@ -53,7 +53,7 @@ class Feature < Usman::ApplicationRecord
 
     feature = Feature.find_by_name(hsh[:name]) || Feature.new
     feature.name = hsh[:name]
-    feature.status = Feature::UNPUBLISHED
+    feature.status = hsh[:status]
     
     if feature.valid?
       begin
@@ -160,7 +160,7 @@ class Feature < Usman::ApplicationRecord
   #   >>> feature.display_name
   #   => "Products"
   def display_name
-    "#{name}"
+    "#{name.to_s.demodulize.pluralize.titleize}"
   end
 	
 end

data/app/models/permission.rb

@@ -72,4 +72,15 @@ class Permission < Usman::ApplicationRecord
     return error_object
   end
 
+  # Permission Methods
+  # ------------------
+
+  def can_be_deleted?
+    true
+  end
+
+  def can_be_edited?
+    true
+  end
+
 end

data/app/models/user.rb

@@ -354,6 +354,71 @@ class User < Usman::ApplicationRecord
     end
   end
 
+  # Permission Methods
+  # ------------------
+
+  def add_permission(feature_name, **options)
+    options.reverse_merge!(
+      can_create: false,
+      can_read: true,
+      can_update: false,
+      can_delete: false
+    )
+    feature = Feature.find_by_name(feature_name)
+    permission = self.permissions.where("feature_id = ?", feature.id).first || self.permissions.build
+    permission.feature = feature
+    permission.can_create = options[:can_create]
+    permission.can_read = options[:can_read]
+    permission.can_update = options[:can_update]
+    permission.can_delete = options[:can_delete]
+    permission.save
+    permission
+  end
+
+  def has_read_permission?(class_name)
+    return true if self.super_admin
+    feature = Feature.published.find_by_name(class_name.to_s)
+    if feature
+      permission = Permission.where("feature_id =?", feature.id).first
+      return permission && permission.can_read?
+    else
+      return false
+    end
+  end
+
+  def has_create_permission?(class_name)
+    return true if self.super_admin
+    feature = Feature.published.find_by_name(class_name.to_s)
+    if feature
+      permission = Permission.where("feature_id =?", feature.id).first
+      return permission && permission.can_create?
+    else
+      return false
+    end
+  end
+
+  def has_update_permission?(class_name)
+    return true if self.super_admin
+    feature = Feature.published.find_by_name(class_name.to_s)
+    if feature
+      permission = Permission.where("feature_id =?", feature.id).first
+      return permission && permission.can_update?
+    else
+      return false
+    end
+  end
+
+  def has_delete_permission?(class_name)
+    return true if self.super_admin
+    feature = Feature.published.find_by_name(class_name.to_s)
+    if feature
+      permission = Permission.where("feature_id =?", feature.id).first
+      return permission && permission.can_delete?
+    else
+      return false
+    end
+  end
+
   # Other Methods
   # -------------