zen 0.1a

data/lib/zen/packages/settings/lib/settings/view/admin/settings/index.xhtml

@@ -0,0 +1,79 @@
+<article>
+  <header>
+    <h1>#{get_breadcrumbs}</h1>
+  </header>
+  
+  <div class="tabs">
+    <ul>
+      <?r @settings.each do |group, items| ?>
+      <?r
+        if @settings_lang.tabs.key?(group.to_sym)
+          group_label = @settings_lang.tabs[group.to_sym]
+        else
+          group_label = group
+        end
+      ?>
+      <li>
+        <a href="#group_#{group}">#{group_label}</a>
+      </li>
+      <?r end ?>
+    </ul>
+  </div>
+  
+  #{
+    form_for(@settings, :method => :post, :action => @form_save_url) do |f|
+      f.input_hidden :csrf_token, get_csrf_token
+      
+      @settings.each do |group, items|
+      
+        f.g.div :id => "group_#{group}" do
+          items.each do |s|
+            # Get the label from the language pack
+            name = s.key.to_sym
+            
+            if @settings_lang.labels.key?(s.key.to_sym)
+              label = @settings_lang.labels[s.key.to_sym]
+            else
+              label = s.key.to_s
+            end
+            
+            # Get the value from either the value or default getter
+            if s.value.nil?
+              value = s.default
+            else
+              value = s.value
+            end
+            
+            # Get all possible values for the current setting from the language pack
+            if @settings_lang.values.key?(name)
+              values = @settings_lang.values[name]
+            else
+              values = {}
+            end
+            
+            case s.type
+              when 'textbox'
+                f.input_text label, name, :value => value
+              when 'textarea'
+                f.textarea label, name, :value => value, :rows => 8
+              when 'radio'
+                f.input_radio label, name, value, :values => values
+              when 'checkbox'
+                f.input_checkbox label, name, value, :values => values
+              when 'select'
+                f.select label, name, :values => values, :size => 1, :selected => value
+            end
+          end
+        end
+
+      end
+    
+      f.g.div :class => 'clearfix' do
+        f.g.div :class => 'button' do
+          f.g.input :type => 'submit', :value => @settings_lang.buttons[:save]
+        end
+      end
+    end
+  }
+
+</article>

data/lib/zen/packages/settings/migrations/1295597111_create_schema.rb

@@ -0,0 +1,31 @@
+Sequel.migration do
+
+  up do
+    create_table :settings do
+      primary_key :id
+      
+      String :key      , :null => false, :unique => true
+      String :group_key, :null => false
+      String :default  , :text => true
+      Enum   :type     , :elements => ['textbox', 'textarea', 'radio', 'checkbox', 'select']
+      String :value    , :text => true
+    end
+    
+    # Insert our default settings
+    Zen::Database.handle[:settings].insert_multiple([
+      {:key => 'website_name'       , :group_key => 'general' , :default => 'Zen', :type => 'textbox'},
+      {:key => 'website_description', :group_key => 'general' ,                    :type => 'textarea'},
+      {:key => 'website_enabled'    , :group_key => 'general' , :default => '1',   :type => 'radio'},
+      {:key => 'language'           , :group_key => 'general' , :default => 'en',  :type => 'select'},
+      {:key => 'default_section'    , :group_key => 'general' ,                    :type => 'select'},
+      {:key => 'theme'              , :group_key => 'general' ,                    :type => 'select'},
+      {:key => 'enable_antispam'    , :group_key => 'security', :default => true,  :type => 'radio'},
+      {:key => 'defensio_key'       , :group_key => 'security',                    :type => 'textbox'}
+    ])
+  end
+  
+  down do
+    drop_table :settings
+  end
+
+end

data/lib/zen/packages/users/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2011, Yorick Peterse
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/lib/zen/packages/users/lib/users.rb

@@ -0,0 +1,35 @@
+
+require __DIR__('users/model/user')
+require __DIR__('users/model/user_group')
+require __DIR__('users/model/access_rule')
+
+require __DIR__('users/controller/users')
+require __DIR__('users/controller/user_groups')
+require __DIR__('users/controller/access_rules')
+
+require __DIR__('users/liquid/users')
+require __DIR__('users/liquid/user')
+
+Liquid::Template.register_tag('users', Users::Liquid::Users)
+Liquid::Template.register_tag('user' , Users::Liquid::User)
+
+Zen::Package.add do |p|
+  p.type        = 'extension'
+  p.name        = 'Users'
+  p.author      = 'Yorick Peterse'
+  p.url         = 'http://yorickpeterse.com/'
+  p.version     = '1.0'
+  p.about       = "Module for managing users along with handling authentication and authorization."
+  
+  p.identifier  = 'com.zen.users'
+  p.directory   = __DIR__('users')
+  
+  p.menu = [{
+    :title    => "Users",
+    :url      => "admin/users",
+    :children => [
+      {:title => "User Groups" , :url => "admin/user_groups"},
+      {:title => "Access Rules", :url => "admin/access_rules"}
+    ]
+  }]
+end

data/lib/zen/packages/users/lib/users/controller/access_rules.rb

@@ -0,0 +1,186 @@
+module Users
+  module Controllers
+    ##
+    # Controller for managing access rules. Each access rule can be used
+    # to specify whether or not a user can edit or create something.
+    # 
+    # The following permissions are available:
+    #
+    # * create
+    # * read
+    # * update
+    # * delete
+    #
+    # @author Yorick Peterse
+    # @since  0.1
+    #
+    class AccessRules < Zen::Controllers::AdminController
+      map '/admin/access_rules'
+      
+      trait :extension_identifier => 'com.zen.users'
+      include ::Users::Models
+      
+      before_all do
+        csrf_protection :save, :delete do
+          respond(@zen_general_lang.errors[:csrf], 401)
+        end
+      end
+      
+      ##
+      # Load our language packs, set the form URLs and define our page title.
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def initialize
+        super
+        
+        @form_save_url   = '/admin/access_rules/save'
+        @form_delete_url = '/admin/access_rules/delete'
+        @rules_lang      = Zen::Language.load 'access_rules'
+        
+        # Set the page title
+        if !action.method.nil?
+          method = action.method.to_sym
+        
+          if @rules_lang.titles.key? method 
+            @page_title = @rules_lang.titles[method]
+          end
+        end
+        
+        require_js 'users/access_rules'
+      end
+      
+      ##
+      # Show an overview of all access rules and allow the current user
+      # to manage these groups.
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def index
+        if !user_authorized?([:read])
+          respond(@zen_general_lang.errors[:not_authorized], 403)
+        end
+        
+        set_breadcrumbs @rules_lang.titles[:index]
+        
+        @access_rules = AccessRule.all
+      end
+      
+      ##
+      # Edit an existing access rule.
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def edit id
+        if !user_authorized?([:read, :update])
+          respond(@zen_general_lang.errors[:not_authorized], 403)
+        end
+        
+        set_breadcrumbs anchor_to(@rules_lang.titles[:index], "admin/access_rules"), @rules_lang.titles[:edit]
+        
+        @access_rule = AccessRule[id]
+      end
+      
+      ##
+      # Create a new access rule.
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def new
+        if !user_authorized?([:read, :create])
+          respond(@zen_general_lang.errors[:not_authorized], 403)
+        end
+        
+        set_breadcrumbs anchor_to(@rules_lang.titles[:index], "admin/access_rules"), @rules_lang.titles[:new]
+        
+        @access_rule = AccessRule.new
+      end
+      
+      ##
+      # Saves or creates a new access rule based on the POST data and a field named "id".
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def save
+        if !user_authorized?([:create, :update])
+          respond(@zen_general_lang.errors[:not_authorized], 403)
+        end
+        
+        post = request.params.dup
+       
+        post.each do |key, value|
+          post.delete(key) if value.empty?
+        end
+
+        if post['rule_applies'] == 'div_user_id'
+          post['user_group_id'] = nil
+        else
+          post['user_id'] = nil
+        end
+        
+        post.delete('rule_applies')
+
+        if post["id"] and !post["id"].empty?
+          @access_rule = AccessRule[post["id"]]
+          save_action = :save
+        else
+          @access_rule = AccessRule.new
+          save_action = :new
+        end
+        
+        flash_success = @rules_lang.success[save_action]
+        flash_error   = @rules_lang.errors[save_action]
+        
+        begin
+          @access_rule.update(post)
+          notification(:success, @rules_lang.titles[:index], flash_success)
+        rescue
+          notification(:error, @rules_lang.titles[:index], flash_error)
+          
+          flash[:form_errors] = @access_rule.errors
+        end
+        
+        if @access_rule.id
+          redirect "/admin/access_rules/edit/#{@access_rule.id}"
+        else
+          redirect_referrer
+        end
+      end
+      
+      ##
+      # Delete all specified access rules.
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def delete
+        if !user_authorized?([:delete])
+          respond(@zen_general_lang.errors[:not_authorized], 403)
+        end
+        
+        if !request.params["access_rule_ids"] or request.params["access_rule_ids"].empty?
+          notification(:error, @rules_lang.titles[:index], @rules_lang.errors[:no_delete])
+          redirect_referrer
+        end
+        
+        request.params["access_rule_ids"].each do |id|
+          @access_rule = AccessRule[id]
+          
+          begin
+            @access_rule.delete
+            notification(:success, @rules_lang.titles[:index], @rules_lang.success[:delete] % id)
+          rescue
+            notification(:error, @rules_lang.titles[:index], @rules_lang.errors[:delete] % id)
+          end
+        end
+        
+        redirect_referrer
+      end
+    end
+  end
+end

data/lib/zen/packages/users/lib/users/controller/user_groups.rb

@@ -0,0 +1,171 @@
+module Users
+  module Controllers
+    ##
+    # Controller for managing all user groups. It's not
+    # required to add a user to a group but it can certainly
+    # make it easier when adding custom permissions or
+    # granting a user full access to the backend.
+    # 
+    # @author Yorick Peterse
+    # @since  0.1
+    #
+    class UserGroups < Zen::Controllers::AdminController
+      map '/admin/user_groups'
+      
+      trait :extension_identifier => 'com.zen.users'
+      include ::Users::Models
+      
+      before_all do
+        csrf_protection :save, :delete do
+          respond(@zen_general_lang.errors[:csrf], 401)
+        end
+      end
+      
+      ##
+      # Load our language packs, set the form URLs and define our page title.
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def initialize
+        super
+        
+        @form_save_url   = '/admin/user_groups/save'
+        @form_delete_url = '/admin/user_groups/delete'
+        @groups_lang     = Zen::Language.load 'user_groups'
+        
+        # Set the page title
+        if !action.method.nil?
+          method = action.method.to_sym
+        
+          if @groups_lang.titles.key? method 
+            @page_title = @groups_lang.titles[method]
+          end
+        end
+      end
+      
+      ##
+      # Show an overview of all user groups and allow the current user
+      # to manage these groups
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def index
+        if !user_authorized?([:read])
+          respond(@zen_general_lang.errors[:not_authorized], 403)
+        end
+        
+        set_breadcrumbs @groups_lang.titles[:index]
+        
+        @user_groups = UserGroup.all
+      end
+      
+      ##
+      # Edit an existing user group
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def edit id
+        if !user_authorized?([:read, :update])
+          respond(@zen_general_lang.errors[:not_authorized], 403)
+        end
+        
+        set_breadcrumbs anchor_to(@groups_lang.titles[:index], "admin/user_groups"), @groups_lang.titles[:edit]
+        
+        @user_group = UserGroup[id]
+      end
+      
+      ##
+      # Create a new user group
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def new
+        if !user_authorized?([:read, :create])
+          respond(@zen_general_lang.errors[:not_authorized], 403)
+        end
+        
+        set_breadcrumbs anchor_to(@groups_lang.titles[:index], "admin/user_groups"), @groups_lang.titles[:new]
+        
+        @user_group = UserGroup.new
+      end
+      
+      ##
+      # Saves or creates a new user group based on the POST data and a field named "id".
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def save
+        if !user_authorized?([:create, :update])
+          respond(@zen_general_lang.errors[:not_authorized], 403)
+        end
+        
+        post = request.params.dup
+       
+        post.each do |key, value|
+          post.delete(key) if value.empty?
+        end
+
+        if post["id"] and !post["id"].empty?
+          @user_group = UserGroup[post["id"]]
+          save_action = :save
+        else
+          @user_group = UserGroup.new
+          save_action = :new
+        end
+        
+        flash_success = @groups_lang.success[save_action]
+        flash_error   = @groups_lang.errors[save_action]
+        
+        begin
+          @user_group.update(post)
+          notification(:success, @groups_lang.titles[:index], flash_success)
+        rescue
+          notification(:error, @groups_lang.titles[:index], flash_error)
+          
+          flash[:form_errors] = @user.errors
+        end
+        
+        if @user_group.id
+          redirect "/admin/user_groups/edit/#{@user_group.id}"
+        else
+          redirect_referrer
+        end
+      end
+      
+      ##
+      # Delete all specified user groups.
+      #
+      # @author Yorick Peterse
+      # @since  0.1
+      #
+      def delete
+        if !user_authorized?([:delete])
+          respond(@zen_general_lang.errors[:not_authorized], 403)
+        end
+        
+        if !request.params["user_group_ids"] or request.params["user_group_ids"].empty?
+          notification(:error, @groups_lang.titles[:index], @groups_lang.errors[:no_delete])
+          redirect_referrer
+        end
+        
+        request.params["user_group_ids"].each do |id|
+          @user_group = UserGroup[id]
+          
+          begin
+            @user_group.delete
+            notification(:success, @groups_lang.titles[:index], @groups_lang.success[:delete] % id)
+          rescue
+            notification(:error, @groups_lang.titles[:index], @groups_lang.errors[:delete] % id)
+          end
+        end
+        
+        redirect_referrer
+      end
+    end
+  end
+end