yodel 0.0.1

data/lib/yodel/models/pages/pages.rb

@@ -0,0 +1,7 @@
+require './pages/html_decorator'
+require './pages/page'
+require './pages/layout'
+require './pages/form_builder'
+require './pages/record_proxy_page'
+require './pages/redirect_page'
+require './pages/menu'

data/lib/yodel/models/pages/record_proxy_page.rb

@@ -0,0 +1,188 @@
+class RecordProxyPage < Page
+  def record
+    @record ||= decorate_record(find_record(BSON::ObjectId.from_string(params['id'])))
+  end
+  
+  def records
+    @records ||= all_records.map {|record| decorate_record(record)}
+  end
+  
+  def new_record
+    decorate_record(construct_record)
+  end
+  
+  def record=(record)
+    @record = record
+  end
+  
+  def form_for(record, options={}, &block)
+    if record.new?
+      options[:method] = 'post'
+      action = path
+      if after_create_page
+        options[:success] = "window.location = '#{after_create_page.path}';"
+      else
+        options[:success] = "window.location = '#{path}';"
+      end
+    else
+      options[:method] = 'put'
+      action = "#{path}?id=#{record.id}"
+      if after_update_page
+        options[:success] = "window.location = '#{after_update_page.path}';"
+      else
+        options[:success] = "window.location = '#{path}';"
+      end
+    end
+    super(record, action, options, &block)
+  end
+  
+  def form_for_new_record(options={}, &block)
+    form_for(new_record, options, &block)
+  end
+  
+  # FIXME: a lot of this code is duplicated between html/json, need a way to
+  # extract common code to something like
+  # respond_to :delete do
+  #    record.destroy
+  #
+  #    with :html do
+  #      ...
+  
+  # FIXME: all json requests should be standardised to {success: true/false}
+  # i.e get needs to change from record.to_json to {success: true, record: record}
+  
+  # FIXME: change get to pass record through format_record
+  
+  # show
+  respond_to :get do
+    # FIXME: security check
+    with :html do
+      if params['id']
+        render_layout(show_record_layout, :html)
+      else
+        super()
+      end
+    end
+    
+    with :json do
+      record.to_json
+    end
+  end
+  
+  # destroy
+  respond_to :delete do
+    # FIXME: security check
+    with :html do
+      record.destroy
+      response.redirect after_delete_page.try(:path) || request.referrer || path
+    end
+    
+    with :json do
+      record.destroy
+      {success: true}
+    end
+  end
+  
+  # update
+  respond_to :put do
+    # FIXME: security check
+    with :html do
+      raise "Unimplemented"
+    end
+    
+    with :json do
+      status 404 and return unless record
+      if params.key?('record')
+        values = JSON.parse(params['record'])
+      else
+        values = params
+      end
+      
+      if record.from_json(values)
+        format_record(record).merge({success: true})
+      else
+        {success: false, errors: record.errors}
+      end
+    end
+  end
+  
+  # create
+  respond_to :post do
+    # FIXME: security check
+    with :html do
+      raise "Unimplemented"
+    end
+    
+    with :json do
+      record = new_record
+      
+      if params.key?('record')
+        vaues = JSON.parse(params['record'])
+      else
+        values = params
+      end
+
+      if record.from_json(values)
+        format_record(record).merge({success: true})
+      else
+        {success: false, errors: record.errors}
+      end        
+    end
+    
+  end
+  
+  
+  # record interaction and decoration. all_records, find_record and
+  # construct_record can be overriden for records which can't be
+  # retrieved from a record_model (such as Site or Task)
+  # override format_record to change the way records are returned
+  # to json requests, either reformatting the record itself, or
+  # adding new keys to the response object
+  private
+    def decorate_record(record)
+      record.tap do |record|
+        # if the record mixes in another model which has already
+        # included HTMLDecorator, undef these methods so record
+        # proxy page can handle them instead. When a model is
+        # mixed in, forwardable creates 
+        if record.methods(false).include?(:delete_link)
+          class << record
+            HTMLDecorator.instance_methods.each do |method_name|
+              remove_method method_name
+            end
+          end
+        end
+
+        record.instance_variable_set('@record_proxy', self)
+        record.extend HTMLDecorator
+        record.instance_eval "
+          class << self
+            def path
+              \"#{path}?id=#{record.id}\"
+            end
+            alias :path_was :path
+            
+            def form_for(record, options={}, &block)
+              @record_proxy.form_for(record, options, &block)
+            end
+          end
+        "
+      end
+    end
+    
+    def all_records
+      record_model.all
+    end
+    
+    def find_record(id)
+      record_model.find(id)
+    end
+    
+    def construct_record
+      record_model.new
+    end
+    
+    def format_record(record)
+      {record: record}
+    end
+end

data/lib/yodel/models/pages/redirect_page.rb

@@ -0,0 +1,11 @@
+class RedirectPage < Page
+  respond_to :get do
+    with :html do
+      if url?
+        response.redirect url
+      else
+        response.redirect page.path
+      end
+    end
+  end
+end

data/lib/yodel/models/search/search.rb

@@ -0,0 +1 @@
+require './search/search_page'

data/lib/yodel/models/search/search_page.rb

@@ -0,0 +1,58 @@
+class SearchPage < Page
+  OPERATOR_METHODS = {
+    'Equals' => nil,
+    'Not Equal' => :ne,
+    'Greater Than' => :gt,
+    'Less Than' => :lt,
+    'Greater Than or Equal To' => :gte,
+    'Less Than or Equal To' => :lte,
+    'In' => :in
+  }
+  
+  def query
+    q = (type || site.records).where(show_in_search: true)
+    
+    # constant constraints
+    conditions.each do |condition|
+      q = add_condition(q, type, condition.name, condition.operator, condition.value)
+    end
+    
+    # user conditions
+    user_conditions.each do |condition|
+      param_name = condition.as || condition.name
+      q = add_condition(q, type, condition.name, condition.operator, params[param_name])
+    end
+    
+    # add other optional search parameters
+    q = q.sort(sort || params['sort']) if sort || params['sort']
+    q = q.limit(limit || params['limit'].to_i) if limit || params['limit']
+    q = q.skip(skip || params['skip'].to_i) if skip || params['skip']
+    q
+  end
+  
+  def add_condition(q, type, field, operator, value)
+    return q if value.blank?
+    operator = OPERATOR_METHODS[operator]
+    field = field.to_sym
+    
+    if type && type.all_record_fields[field.to_s]
+      value = type.all_record_fields[field.to_s].from_json(value, type)
+    end
+    
+    # the in operator works on arrays
+    #if operator == :in
+    #  value = value.to_s.split(' ').reject(&:blank?).collect(&:downcase)
+    #end
+    
+    if operator
+      q.where(field.send(operator) => value)
+    else
+      q.where(field => value)
+    end
+  end
+  
+  # True if the request contains any of the parameters 
+  def user_query?
+    user_conditions.any? {|condition| params[condition.as ? condition.as : condition.name].present?}
+  end
+end

data/lib/yodel/models/security/facebook_login_page.rb

@@ -0,0 +1,55 @@
+class FacebookLoginPage < Page
+  GRAPH_DOMAIN  = 'graph.facebook.com'
+  ACCESS_URL    = "/oauth/access_token?"
+  USER_URL      = "/me?"
+  
+  respond_to :get do
+    with :html do
+      begin
+        if params['code']
+          auth_code = params['code']
+          access_url = ACCESS_URL
+          access_url += "client_id=#{app_id}"
+          access_url += "&redirect_uri=#{callback_uri}"
+          access_url += "&client_secret=#{app_secret}"
+          access_url += "&code=#{auth_code}"
+          access_code = get_https(access_url)
+        
+          # read user details
+          if access_code
+            user_response = get_https("#{USER_URL}#{access_code}")
+            user_details = JSON.parse(user_response)
+            if user_details['id']
+              user = site.users.where(oauth_id: user_details['id']).first
+              if user
+                # login
+                store_authenticated_user(user)
+                @path = after_login_page.path
+              else
+                # register with details
+                @path = join_page.path + '?'
+                @path += "first_name=#{CGI.escape(user_details['first_name'])}"
+                @path += "&last_name=#{CGI.escape(user_details['last_name'])}"
+                @path += "&email=#{CGI.escape(user_details['email'])}"
+                @path += "&oauth_id=#{CGI.escape(user_details['id'])}"
+              end
+            end
+          end
+        end
+      ensure
+        @path = join_page.path if @path.nil?
+        return "<html><script>window.opener.location.href = '#{@path}';window.close();</script></html>"
+      end
+    end
+  end
+  
+  def get_https(path)
+    https = Net::HTTP.new(GRAPH_DOMAIN, 443)
+    https.use_ssl = true
+    https.verify_mode = OpenSSL::SSL::VERIFY_PEER
+    https.start do
+      req = Net::HTTP::Get.new(path)
+      return https.request(req).read_body
+    end
+  end
+end

data/lib/yodel/models/security/group.rb

@@ -0,0 +1,10 @@
+class Group < Record
+  def match_user_on_record?(user, record)
+    return false if user.nil?
+    user.values['groups'].include? id
+  end
+  
+  def permitted?(user, record)
+    match_user_on_record?(user, record) || parent.try(:match_user_on_record?, user, record)
+  end
+end

data/lib/yodel/models/security/guests_group.rb

@@ -0,0 +1,5 @@
+class GuestsGroup < Group
+  def match_user_on_record?(user, record)
+    true
+  end
+end

data/lib/yodel/models/security/login_page.rb

@@ -0,0 +1,20 @@
+class LoginPage < Page
+  respond_to :post do
+    with :html do
+      credentials = {username_field => params[username_field], password_field => params[password_field]}
+      
+      if login(credentials)
+        path = redirect_to.try(:path) || session.delete(:redirect_to_after_login) || request.referrer || '/'
+        response.redirect path
+      else
+        flash.now(:login_failed, true)
+        render_or_default(:html) { raise LayoutNotFound }
+      end
+    end
+    
+    with :json do
+      credentials = {username_field => params[username_field], password_field => params[password_field]}
+      {success: login(credentials)}
+    end
+  end
+end

data/lib/yodel/models/security/logout_page.rb

@@ -0,0 +1,13 @@
+class LogoutPage < Page
+  respond_to :get do
+    with :html do
+      logout
+      response.redirect redirect_to.try(:path) || '/'
+    end
+    
+    with :json do
+      logout
+      {success: true}
+    end
+  end
+end

data/lib/yodel/models/security/noone_group.rb

@@ -0,0 +1,5 @@
+class NooneGroup < Group
+  def match_user_on_record?(user, record)
+    false
+  end
+end

data/lib/yodel/models/security/owner_group.rb

@@ -0,0 +1,8 @@
+class OwnerGroup < Group
+  def match_user_on_record?(user, record)
+    return false if user.nil?
+    user == record.owner
+  rescue
+    false
+  end
+end

data/lib/yodel/models/security/password.rb

@@ -0,0 +1,5 @@
+module Password
+  def self.hashed_password(password_salt, password)
+    Digest::SHA1.hexdigest("#{password_salt}:#{password}")
+  end
+end

data/lib/yodel/models/security/password_reset_page.rb

@@ -0,0 +1,47 @@
+class PasswordResetPage < Page
+  def reset?
+    !!@reset
+  end
+  
+  def reset=(reset)
+    @reset = reset
+  end
+  
+  def failed_email_lookup?
+    !!@failed_email_lookup
+  end
+  
+  def failed_email_lookup=(failed)
+    @failed_email_lookup = failed
+  end
+  
+  respond_to :get do
+    with :html do
+      @email = params['email']
+      render_or_default(:html) { raise LayoutNotFound }
+    end
+  end
+  
+  respond_to :post do
+    with :html do
+      email = params[email_field]
+      user = site.users.where(email: email).first
+      
+      if user
+        name = user.name
+        new_password = user.reset_password
+        site.emails[:password_reset].deliver to: user.email, new_password: new_password, first_name: user.first_name
+        self.reset = true
+      else
+        self.failed_email_lookup = true
+      end
+      
+      @email = email
+      render_or_default(:html) { raise LayoutNotFound }
+    end
+    
+    with :json do
+      # FIXME: implement json page for this
+    end
+  end
+end