zen 0.2.7 → 0.2.8

data/lib/zen/package/users/lib/users/controller/user_groups.rb

@@ -3,9 +3,9 @@ module Users
   #:nodoc:
   module Controller
     ##
-    # Controller for managing all user groups. It's not required to add a user to a group
-    # but it can certainly make it easier when adding custom permissions or granting a
-    # user full access to the backend.
+    # Controller for managing all user groups. It's not required to add a user
+    # to a group but it can certainly make it easier when adding custom
+    # permissions or granting a user full access to the backend.
     #
     # @author Yorick Peterse
     # @since  0.1
@@ -13,7 +13,8 @@ module Users
     class UserGroups < Zen::Controller::AdminController
       include ::Users::Model
 
-      map('/admin/user-groups')
+      helper :users
+      map '/admin/user-groups'
 
       before_all do
         csrf_protection(:save, :delete) do
@@ -34,9 +35,6 @@ module Users
       def initialize
         super
 
-        @form_save_url   = UserGroups.r(:save)
-        @form_delete_url = UserGroups.r(:delete)
-
         Zen::Language.load('user_groups')
 
         # Set the page title
@@ -44,6 +42,11 @@ module Users
           method      = action.method.to_sym
           @page_title = lang("user_groups.titles.#{method}") rescue nil
         end
+
+        @boolean_hash = {
+          true  => lang('zen_general.special.boolean_hash.true'),
+          false => lang('zen_general.special.boolean_hash.false')
+        }
       end
 
       ##
@@ -58,13 +61,11 @@ module Users
       # @since  0.1
       #
       def index
-        if !user_authorized?([:read])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:read)
 
         set_breadcrumbs(lang('user_groups.titles.index'))
 
-        @user_groups = UserGroup.all
+        @user_groups = paginate(UserGroup)
       end
 
       ##
@@ -80,20 +81,20 @@ module Users
       # @since  0.1
       #
       def edit(id)
-        if !user_authorized?([:read, :update])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:read, :update)
 
         set_breadcrumbs(
-          anchor_to(lang('user_groups.titles.index'), UserGroups.r(:index)),
+          UserGroups.a(lang('user_groups.titles.index'), :index),
           lang('user_groups.titles.edit')
         )
 
         if flash[:form_data]
           @user_group = flash[:form_data]
         else
-          @user_group = UserGroup[id.to_i]
+          @user_group = validate_user_group(id)
         end
+
+        render_view(:form)
       end
 
       ##
@@ -108,20 +109,21 @@ module Users
       # @since  0.1
       #
       def new
-        if !user_authorized?([:read, :create])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:read, :create)
 
         set_breadcrumbs(
-          anchor_to(lang('user_groups.titles.index'), UserGroups.r(:index)),
+          UserGroups.a(lang('user_groups.titles.index'), :index),
           lang('user_groups.titles.new')
         )
 
         @user_group = UserGroup.new
+
+        render_view(:form)
       end
 
       ##
-      # Saves or creates a new user group based on the POST data and a field named 'id'.
+      # Saves or creates a new user group based on the POST data and a field
+      # named 'id'.
       #
       # This method requires the following permissions:
       #
@@ -132,17 +134,17 @@ module Users
       # @since  0.1
       #
       def save
-        if !user_authorized?([:create, :update])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
-
         post = request.subset(:id, :name, :slug, :description, :super_group)
 
         if post['id'] and !post['id'].empty?
-          @user_group = UserGroup[post['id']]
+          require_permissions(:update)
+
+          user_group  = validate_user_group(post['id'])
           save_action = :save
         else
-          @user_group = UserGroup.new
+          require_permissions(:create)
+
+          user_group  = UserGroup.new
           save_action = :new
 
           post.delete('slug') if post['slug'].empty?
@@ -154,18 +156,20 @@ module Users
         flash_error   = lang("user_groups.errors.#{save_action}")
 
         begin
-          @user_group.update(post)
+          user_group.update(post)
           message(:success, flash_success)
         rescue => e
           Ramaze::Log.error(e.inspect)
           message(:error, flash_error)
 
-          flash[:form_data]   = @user_group
-          flash[:form_errors] = @user_group.errors
+          flash[:form_data]   = user_group
+          flash[:form_errors] = user_group.errors
+
+          redirect_referrer
         end
 
-        if @user_group.id
-          redirect(UserGroups.r(:edit, @user_group.id))
+        if user_group.id
+          redirect(UserGroups.r(:edit, user_group.id))
         else
           redirect_referrer
         end
@@ -182,11 +186,10 @@ module Users
       # @since  0.1
       #
       def delete
-        if !user_authorized?([:delete])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:delete)
 
-        if !request.params['user_group_ids'] or request.params['user_group_ids'].empty?
+        if !request.params['user_group_ids'] \
+        or request.params['user_group_ids'].empty?
           message(:error, lang('user_groups.errors.no_delete'))
           redirect_referrer
         end
@@ -198,6 +201,8 @@ module Users
           rescue => e
             Ramaze::Log.error(e.inspect)
             message(:error, lang('user_groups.errors.delete') % id)
+
+            redirect_referrer
           end
         end
 

data/lib/zen/package/users/lib/users/controller/users.rb

@@ -3,13 +3,12 @@ module Users
   #:nodoc:
   module Controller
     ##
-    # Controller for managing users. Users in this case are people
-    # that have access to the backend. However, users might be able
-    # to access the backend but that doesn't mean they can actuall use it.
-    # The permission system will block anybody that don't have the correct
-    # permissions for each module. In case of a module like a forum it's
-    # probably better to add some additional checks to ensure people
-    # can't mess around with your system.
+    # Controller for managing users. Users in this case are people that have
+    # access to the backend. However, users might be able to access the backend
+    # but that doesn't mean they can actuall use it. The permission system will
+    # block anybody that don't have the correct permissions for each module. In
+    # case of a module like a forum it's probably better to add some additional
+    # checks to ensure people can't mess around with your system.
     #
     # @author Yorick Peterse
     # @since  0.1
@@ -17,7 +16,8 @@ module Users
     class Users < Zen::Controller::AdminController
       include ::Users::Model
 
-      map('/admin/users')
+      helper :users
+      map '/admin/users'
 
       before_all do
         csrf_protection(:save, :delete) do
@@ -48,10 +48,6 @@ module Users
       def initialize
         super
 
-        @form_save_url   = Users.r(:save)
-        @form_delete_url = Users.r(:delete)
-        @form_login_url  = Users.r(:login)
-
         Zen::Language.load('users')
 
         # Set the page title
@@ -78,13 +74,11 @@ module Users
       # @since  0.1
       #
       def index
-        if !user_authorized?([:read])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:read)
 
         set_breadcrumbs(lang('users.titles.index'))
 
-        @users = User.all
+        @users = paginate(User)
       end
 
       ##
@@ -100,22 +94,22 @@ module Users
       # @since  0.1
       #
       def edit(id)
-        if !user_authorized?([:read, :update])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:read, :update)
 
         set_breadcrumbs(
-          anchor_to(lang('users.titles.index'), Users.r(:index)),
+          Users.a(lang('users.titles.index'), :index),
           lang('users.titles.edit')
         )
 
         if flash[:form_data]
           @user = flash[:form_data]
         else
-          @user = User[id.to_i]
+          @user = validate_user(id)
         end
 
         @user_group_pks = UserGroup.pk_hash(:name)
+
+        render_view(:form)
       end
 
       ##
@@ -130,17 +124,17 @@ module Users
       # @since  0.1
       #
       def new
-        if !user_authorized?([:read, :create])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:read, :create)
 
         set_breadcrumbs(
-          anchor_to(lang('users.titles.index'), Users.r(:index)),
+          Users.a(lang('users.titles.index'), :index),
           lang('users.titles.new')
         )
 
         @user           = User.new
         @user_group_pks = UserGroup.pk_hash(:name)
+
+        render_view(:form)
       end
 
       ##
@@ -154,7 +148,8 @@ module Users
           # Let's see if we can authenticate
           if user_login(request.subset(:email, :password))
             # Update the last time the user logged in
-            User[:email => request.params['email']].update(:last_login => Time.new)
+            User[:email => request.params['email']] \
+              .update(:last_login => Time.new)
 
             message(:success, lang('users.success.login'))
             redirect(::Sections::Controller::Sections.r(:index))
@@ -190,20 +185,29 @@ module Users
       # @since  0.1
       #
       def save
-        if !user_authorized?([:update, :create])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
-
         post = request.subset(
-          :id, :email, :name, :website, :new_password, :confirm_password, :status,
-          :language, :frontend_language, :date_format
+          :id,
+          :email,
+          :name,
+          :website,
+          :new_password,
+          :confirm_password,
+          :status,
+          :language,
+          :frontend_language,
+          :date_format,
+          :user_group_pks
         )
 
         if post['id'] and !post['id'].empty?
-          @user       = User[post['id']]
+          require_permissions(:update)
+
+          user        = validate_user(post['id'])
           save_action = :save
         else
-          @user       = User.new
+          require_permissions(:create)
+
+          user        = User.new
           save_action = :new
         end
 
@@ -228,18 +232,20 @@ module Users
         flash_error   = lang("users.errors.#{save_action}")
 
         begin
-          @user.update(post)
+          user.update(post)
           message(:success, flash_success)
         rescue => e
           Ramaze::Log.error(e.inspect)
           message(:error, flash_error)
 
-          flash[:form_data]   = @user
-          flash[:form_errors] = @user.errors
+          flash[:form_data]   = user
+          flash[:form_errors] = user.errors
+
+          redirect_referrer
         end
 
-        if @user.id
-          redirect(Users.r(:edit, @user.id))
+        if user.id
+          redirect(Users.r(:edit, user.id))
         else
           redirect_referrer
         end
@@ -256,9 +262,7 @@ module Users
       # @since  0.1
       #
       def delete
-        if !user_authorized?([:delete])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:delete)
 
         if !request.params['user_ids'] or request.params['user_ids'].empty?
           message(:error, lang('users.errors.no_delete'))
@@ -272,6 +276,8 @@ module Users
           rescue => e
             Ramaze::Log.error(e.inspect)
             message(:error,lang('users.errors.delete') % id)
+
+            redirect_referrer
           end
         end
 

data/lib/zen/package/users/lib/users/helper/users.rb

@@ -0,0 +1,72 @@
+#:nodoc:
+module Ramaze
+  #:nodoc:
+  module Helper
+    ##
+    # Helper for the users package. Note that this helper is called "Users"
+    # rather than "User" as otherwise Ramaze could get confused and load the
+    # incorrect helper (as it already comes with a helper named "User").
+    #
+    # @author Yorick Peterse
+    # @since  0.2.8
+    #
+    module Users
+      ##
+      # Checks if an access rule is valid and returns it if ithis is the case.
+      #
+      # @author Yorick Peterse
+      # @since  0.2.8
+      # @param  [Fixnum] access_rule_id The ID of the access rule to validate.
+      # @return [Users::Model::AccessRule]
+      #
+      def validate_access_rule(access_rule_id)
+        rule = ::Users::Model::AccessRule[access_rule_id]
+
+        if rule.nil?
+          message(:error, lang('access_rules.errors.invalid_rule'))
+          redirect(::Users::Controller::AccessRules.r(:index))
+        else
+          return rule
+        end
+      end
+
+      ##
+      # Checks if a user group is valid and returns it if this is the case.
+      #
+      # @author Yorick Peterse
+      # @since  0.2.8
+      # @param  [Fixnum] user_group_id The ID of the user group to validate.
+      # @return [Users::Model::UserGroup]
+      #
+      def validate_user_group(user_group_id)
+        group = ::Users::Model::UserGroup[user_group_id]
+
+        if group.nil?
+          message(:error, lang('user_groups.errors.invalid_group'))
+          redirect(::Users::Controller::UserGroups.r(:index))
+        else
+          return group
+        end
+      end
+
+      ##
+      # Validates a user and returns the object if it's a valid user.
+      #
+      # @author Yorick Peterse
+      # @since  0.2.8
+      # @param  [Fixnum] user_id The ID of the user to validate.
+      # @return [Users::Model::User]
+      #
+      def validate_user(user_id)
+        user = ::Users::Model::User[user_id]
+
+        if user.nil?
+          message(:error, lang('users.errors.invalid_user'))
+          redirect(::Users::Controller::Users.r(:index))
+        else
+          return user
+        end
+      end
+    end # Users
+  end # Helper
+end # Ramaze