zen 0.3 → 0.4

data/lib/zen/package/users/lib/users/controller/user_groups.rb

@@ -10,15 +10,15 @@ module Users
     # will show an overview of all existing groups or a message saying no groups
     # have been added yet.
     #
-    # ![User Groups](../../_static/users/user_groups_overview.png)
+    # ![User Groups](../../images/users/user_groups_overview.png)
     #
     # Editing a user group can be done by clicking on the name of the group,
     # creating a new one can be done by clicking the button "New group". When
     # creating or editing a group you'll be presented with the form shown in the
     # images below.
     #
-    # ![Edit Group](../../_static/users/edit_user_group.png)
-    # ![Group Permissions](../../_static/users/edit_user_group_permissions.png)
+    # ![Edit Group](../../images/users/edit_user_group.png)
+    # ![Group Permissions](../../images/users/edit_user_group_permissions.png)
     #
     # In this form you can fill in the following fields:
     #
@@ -45,32 +45,21 @@ module Users
     # * new_user_group
     # * delete_user_group
     #
-    # ## Events
-    #
-    # All events in this controller receive an instance of
-    # {Users::Model::UserGroup}. Just like other controllers the event
-    # ``after_delete_user_group`` will receive a user group that has already
-    # been destroyed using ``#destroy()``.
-    #
     # @since  0.1
     # @map    /admin/user-groups
-    # @event  before_new_user_group
-    # @event  after_new_user_user
-    # @event  before_edit_user_group
-    # @event  after_edit_user_group
-    # @event  before_delete_user_group
-    # @event  after_delete_user_group
     #
     class UserGroups < Zen::Controller::AdminController
       helper :users
       map    '/admin/user-groups'
       title  'user_groups.titles.%s'
 
+      autosave Model::UserGroup, Model::UserGroup::COLUMNS, :edit_user_group
+
       csrf_protection  :save, :delete
       load_asset_group :tabs
 
-      serve :javascript, ['/admin/js/users/permissions'], :minify => false
-      serve :css, ['/admin/css/users/permissions.css'], :minify => false
+      serve :javascript, ['/admin/users/js/users'], :name => 'users'
+      serve :css, ['/admin/users/css/users.css'], :name => 'users'
 
       before(:index, :edit, :new) do
         @boolean_hash = {
@@ -114,7 +103,8 @@ module Users
           lang('user_groups.titles.edit')
         )
 
-        @user_group  = flash[:form_data] || validate_user_group(id)
+        @user_group  = validate_user_group(id)
+        @user_group.set(flash[:form_data]) if flash[:form_data]
         @permissions = @user_group.permissions.map { |p| p.permission.to_sym }
 
         render_view(:form)
@@ -134,7 +124,8 @@ module Users
           lang('user_groups.titles.new')
         )
 
-        @user_group = flash[:form_data] || ::Users::Model::UserGroup.new
+        @user_group = Model::UserGroup.new
+        @user_group.set(flash[:form_data]) if flash[:form_data]
 
         render_view(:form)
       end
@@ -146,45 +137,34 @@ module Users
       # @since      0.1
       # @permission new_user_group (when creating a new group)
       # @permission edit_user_group (when editing a group)
-      # @event      before_new_user_group
-      # @event      after_new_user_group
-      # @event      before_edit_user_group
-      # @event      after_edit_user_group
       #
       def save
-        post = request.subset(:id, :name, :slug, :description, :super_group)
+        post = post_fields(*Model::UserGroup::COLUMNS)
+        id   = request.params['id']
 
-        if post['id'] and !post['id'].empty?
+        if id and !id.empty?
           authorize_user!(:edit_user_group)
 
-          user_group   = validate_user_group(post['id'])
-          save_action  = :save
-          before_event = :before_edit_user_group
-          after_event  = :after_edit_user_group
+          user_group  = validate_user_group(id)
+          save_action = :save
         else
           authorize_user!(:new_user_group)
 
-          user_group   = ::Users::Model::UserGroup.new
-          save_action  = :new
-          before_event = :before_new_user_group
-          after_event  = :after_new_user_group
+          user_group  = Model::UserGroup.new
+          save_action = :new
         end
 
-        post.delete('id')
-
         success = lang("user_groups.success.#{save_action}")
         error   = lang("user_groups.errors.#{save_action}")
 
         begin
-          post.each { |k, v| user_group.send("#{k}=", v) }
-          Zen::Event.call(before_event, user_group)
-
+          user_group.set(post)
           user_group.save
         rescue => e
-          Ramaze::Log.error(e.inspect)
+          Ramaze::Log.error(e)
           message(:error, error)
 
-          flash[:form_data]   = user_group
+          flash[:form_data]   = post
           flash[:form_errors] = user_group.errors
 
           redirect_referrer
@@ -199,8 +179,6 @@ module Users
           )
         end
 
-        Zen::Event.call(after_event, user_group)
-
         message(:success, success)
         redirect(UserGroups.r(:edit, user_group.id))
       end
@@ -210,8 +188,6 @@ module Users
       #
       # @since      0.1
       # @permission delete_user_group
-      # @event      before_delete_user_group
-      # @event      after_delete_user_group
       #
       def delete
         authorize_user!(:delete_user_group)
@@ -226,21 +202,18 @@ module Users
           group = ::Users::Model::UserGroup[id]
 
           next if group.nil?
-          Zen::Event.call(:before_delete_user_group, group)
 
           begin
             group.destroy
           rescue => e
-            Ramaze::Log.error(e.inspect)
+            Ramaze::Log.error(e)
             message(:error, lang('user_groups.errors.delete') % id)
 
             redirect_referrer
           end
-
-          Zen::Event.call(:after_delete_user_group, group)
         end
 
-        message(:success,  lang('user_groups.success.delete'))
+        message(:success, lang('user_groups.success.delete'))
         redirect_referrer
       end
     end # UserGroups

data/lib/zen/package/users/lib/users/controller/users.rb

@@ -37,14 +37,14 @@ module Users
     # permissions) you should see a page that looks like the one shown in the
     # image below.
     #
-    # ![Users](../../_static/users/overview.png)
+    # ![Users](../../images/users/overview.png)
     #
     # This overview allows you to edit users (by clicking on their Email
     # addresses), create new ones or delete existing users. When editing or
     # creating a user you'll be presented a form as shown in the images below.
     #
-    # ![Edit User](../../_static/users/edit_user.png)
-    # ![Edit Permissions](../../_static/users/edit_user_permissions.png)
+    # ![Edit User](../../images/users/edit_user.png)
+    # ![Edit Permissions](../../images/users/edit_user_permissions.png)
     #
     # In this form the following fields can be filled:
     #
@@ -78,32 +78,8 @@ module Users
     # * edit_user
     # * delete_user
     #
-    # ## Events
-    #
-    # Events in this controller receive an instance of {Users::Model::User}, the
-    # ``after_delete_user`` event receives an instance that has already been
-    # destroyed. Keep in mind that changing the Email address or password of a
-    # user will cause their session to no longer be valid, requiring them to log
-    # in again.
-    #
-    # @example Sending an Email for a new user
-    #  Zen::Event.listen(:after_new_user) do |user|
-    #    Mail.deliver do
-    #      from    'user@domain.tld'
-    #      to      user.email
-    #      subject 'Your new account'
-    #      body    "Dear #{user.name}, your account has been created."
-    #    end
-    #  end
-    #
     # @since  0.1
     # @map    /admin/users
-    # @event  before_new_user
-    # @event  after_new_user
-    # @event  before_edit_user
-    # @event  after_edit_user
-    # @event  before_delete_user
-    # @event  after_delete_user
     # @event  user_login
     # @event  before_register_user
     # @event  after_register_user
@@ -114,13 +90,14 @@ module Users
       title  'users.titles.%s'
       allow  [:login, :logout, :register]
 
-      csrf_protection :save, :delete
-
-      serve :javascript, ['/admin/js/users/permissions'], :minify => false
-      serve :css, ['/admin/css/users/permissions'], :minify => false
+      autosave Model::User, Model::User::COLUMNS, :edit_user
 
+      csrf_protection  :save, :delete
       load_asset_group :tabs
 
+      serve :javascript, ['/admin/users/js/users'], :name => 'users'
+      serve :css, ['/admin/users/css/users.css'], :name => 'users'
+
       set_layout :admin => [:index, :edit, :new],
         :login => [:login, :register]
 
@@ -137,10 +114,10 @@ module Users
         set_breadcrumbs(lang('users.titles.index'))
 
         @users = search do |query|
-          ::Users::Model::User.search(query).order(:id.asc)
+          Model::User.search(query).order(:id.asc)
         end
 
-        @users ||= ::Users::Model::User.order(:id.asc)
+        @users ||= Model::User.order(:id.asc)
         @users   = @users.eager(:user_status)
         @users   = paginate(@users)
       end
@@ -153,15 +130,17 @@ module Users
       # @permission edit_user
       #
       def edit(id)
-        authorize_user!(:edit_user)
+        authorize_user!(:edit_user) unless user.id == id.to_i
 
         set_breadcrumbs(
           Users.a(lang('users.titles.index'), :index),
           lang('users.titles.edit')
         )
 
-        @user           = flash[:form_data] || validate_user(id)
-        @user_group_pks = ::Users::Model::UserGroup.pk_hash(:name).invert
+        @user = validate_user(id)
+        @user.set(flash[:form_data]) if flash[:form_data]
+
+        @user_group_pks = Model::UserGroup.pk_hash(:name).invert
         @permissions    = @user.permissions.map { |p| p.permission.to_sym }
 
         render_view(:form)
@@ -181,8 +160,10 @@ module Users
           lang('users.titles.new')
         )
 
-        @user           = flash[:form_data] || ::Users::Model::User.new
-        @user_group_pks = ::Users::Model::UserGroup.pk_hash(:name).invert
+        @user           = Model::User.new
+        @user_group_pks = Model::UserGroup.pk_hash(:name).invert
+
+        @user.set(flash[:form_data]) if flash[:form_data]
 
         render_view(:form)
       end
@@ -196,12 +177,12 @@ module Users
       def login
         if request.post?
           # Let's see if we can authenticate
-          if user_login(request.subset(:email, :password))
+          if user_login(post_fields(:email, :password))
             user.update(:last_login => Time.new)
 
             Zen::Event.call(:user_login, user)
             message(:success, lang('users.success.login'))
-            redirect(::Sections::Controller::Sections.r(:index))
+            redirect(Dashboard::Controller::Dashboard.r(:index))
           else
             message(:error, lang('users.errors.login'))
           end
@@ -238,16 +219,17 @@ module Users
       # @event after_register_user
       #
       def register
-        redirect(::Sections::Controller::Sections.r(:index)) if logged_in?
+        redirect(Dashboard::Controller::Dashboard.r(:index)) if logged_in?
         redirect(r(:login)) unless get_setting(:allow_registration).true?
 
         if request.post?
-          post = request.subset(:name, :email, :password)
+          post = post_fields(:name, :email, :password)
           user = Model::User.new(post)
 
           # Check if the passwords match.
           if post['password'] != request.params['confirm_password']
-            flash[:form_data] = user
+            post.delete('password')
+            flash[:form_data] = post
 
             message(:error, lang('users.errors.no_password_match'))
             redirect(r(:register))
@@ -258,11 +240,13 @@ module Users
           begin
             user.save
           rescue => e
-            Ramaze::Log.error(e.inspect)
+            Ramaze::Log.error(e)
             message(:error, lang('users.errors.register'))
 
+            post.delete('password')
+
             flash[:form_errors] = user.errors
-            flash[:form_data]   = user
+            flash[:form_data]   = post
 
             redirect(r(:register))
           end
@@ -273,7 +257,8 @@ module Users
           redirect(r(:login))
         end
 
-        @user = flash[:form_data] || Model::User.new
+        @user = Model::User.new
+        @uset.set(flash[:form_data]) if flash[:form_data]
       end
 
       ##
@@ -282,40 +267,21 @@ module Users
       # @since      0.1
       # @permission new_user (when creating a new user)
       # @permission edit_user (when editing a user)
-      # @event      before_new_user
-      # @event      after_new_user
-      # @event      before_edit_user
-      # @event      after_edit_user
       #
       def save
-        post = request.subset(
-          :id,
-          :email,
-          :name,
-          :website,
-          :password,
-          :confirm_password,
-          :user_status_id,
-          :language,
-          :frontend_language,
-          :date_format,
-          :user_group_pks
-        )
+        post = post_fields(*Model::User::COLUMNS)
+        id   = request.params['id']
 
-        if post['id'] and !post['id'].empty?
-          authorize_user!(:edit_user)
+        if id and !id.empty?
+          authorize_user!(:edit_user) unless id.to_i == user.id
 
-          user         = validate_user(post['id'])
-          save_action  = :save
-          before_event = :before_edit_user
-          after_event  = :after_edit_user
+          user        = validate_user(id)
+          save_action = :save
         else
           authorize_user!(:new_user)
 
-          user         = ::Users::Model::User.new
-          save_action  = :new
-          before_event = :before_new_user
-          after_event  = :after_new_user
+          user        = Model::User.new
+          save_action = :new
         end
 
         if post['password'] != post['confirm_password']
@@ -324,23 +290,32 @@ module Users
         end
 
         post.delete('confirm_password')
-        post.delete('id')
 
         post['user_group_pks'] ||= []
-        success            = lang("users.success.#{save_action}")
-        error              = lang("users.errors.#{save_action}")
+        success                  = lang("users.success.#{save_action}")
+        error                    = lang("users.errors.#{save_action}")
+
+        unless user_authorized?(:assign_user_group)
+          post.delete('user_group_pks')
+        end
+
+        unless user_authorized?(:edit_user_status)
+          post.delete('user_status_id')
+        end
 
         begin
           post.each { |k, v| user.send("#{k}=", v) }
-          Zen::Event.call(before_event, user)
 
           user.save
-          user.user_group_pks = post['user_group_pks'] if save_action == :new
+
+          if save_action == :new and post['user_group_pks']
+            user.user_group_pks = post['user_group_pks']
+          end
         rescue => e
-          Ramaze::Log.error(e.inspect)
+          Ramaze::Log.error(e)
           message(:error, error)
 
-          flash[:form_data]   = user
+          flash[:form_data]   = post
           flash[:form_errors] = user.errors
 
           redirect_referrer
@@ -356,8 +331,6 @@ module Users
           )
         end
 
-        Zen::Event.call(after_event, user)
-
         message(:success, success)
         redirect(Users.r(:edit, user.id))
       end
@@ -367,8 +340,6 @@ module Users
       #
       # @since      0.1
       # @permission delete_user
-      # @event      before_delete_user
-      # @event      after_delete_user
       #
       def delete
         authorize_user!(:delete_user)
@@ -379,22 +350,19 @@ module Users
         end
 
         request.params['user_ids'].each do |id|
-          user = ::Users::Model::User[id]
+          user = Model::User[id]
 
           next if user.nil?
-          Zen::Event.call(:before_delete_user, user)
 
           begin
             user.user_group_pks = []
             user.destroy
           rescue => e
-            Ramaze::Log.error(e.inspect)
+            Ramaze::Log.error(e)
             message(:error, lang('users.errors.delete') % id)
 
             redirect_referrer
           end
-
-          Zen::Event.call(:after_delete_user, user)
         end
 
         message(:success, lang('users.success.delete'))