zen 0.3 → 0.4

data/lib/zen/package/users/lib/users/helper/acl.rb

@@ -88,6 +88,7 @@ module Ramaze
           return [session[:super_group], session[:permissions]]
         end
 
+        user        = Ramaze::Current.action.instance.user
         super_group = false
         perms       = user.permissions.map { |p| p.permission.to_sym }
         group_ids   = []

data/lib/zen/package/users/lib/users/language/en/user_groups.rb

@@ -35,5 +35,6 @@ Zen::Language::Translation.add do |trans|
     t['permissions.edit']   = 'Edit group'
     t['permissions.new']    = 'Add group'
     t['permissions.delete'] = 'Delete group'
+    t['permissions.assign'] = 'Assign group'
   end
 end

data/lib/zen/package/users/lib/users/language/en/users.rb

@@ -59,7 +59,7 @@ Zen::Language::Translation.add do |trans|
     t['buttons.new']      = 'Add user'
     t['buttons.delete']   = 'Delete selected users'
     t['buttons.save']     = 'Save user'
-    t['buttons.register'] = 'Register'
+    t['buttons.register'] = 'Confirm registration'
 
     t['description'] = 'Manage users, user groups and permissions.'
 
@@ -67,6 +67,7 @@ Zen::Language::Translation.add do |trans|
     t['permissions.edit']   = 'Edit user'
     t['permissions.new']    = 'Add user'
     t['permissions.delete'] = 'Delete user'
+    t['permissions.status'] = 'Change user status'
 
     t['tabs.settings'] = 'User Settings'
   end

data/lib/zen/package/users/lib/users/language/nl/user_groups.rb

@@ -37,5 +37,6 @@ Zen::Language::Translation.add do |trans|
     t['permissions.edit']   = 'Groep aanpassen'
     t['permissions.new']    = 'Groep aanmaken'
     t['permissions.delete'] = 'Groep verwijderen'
+    t['permissions.assign'] = 'Groep toekennen'
   end
 end

data/lib/zen/package/users/lib/users/language/nl/users.rb

@@ -60,7 +60,7 @@ Zen::Language::Translation.add do |trans|
     t['buttons.new']      = 'Gebruiker toevoegen'
     t['buttons.save']     = 'Gebruiker opslaan'
     t['buttons.delete']   = 'Geselecteerde gebruikers verwijderen'
-    t['buttons.register'] = 'Registreer'
+    t['buttons.register'] = 'Bevestig registratie'
 
     t['description'] = 'Beheer gebruikers, gebruikers groepen en rechten.'
 
@@ -68,6 +68,7 @@ Zen::Language::Translation.add do |trans|
     t['permissions.edit']   = 'Rechten aanpassen'
     t['permissions.new']    = 'Rechten aanmaken'
     t['permissions.delete'] = 'Rechten verwijderen'
+    t['permissions.status'] = 'Gebruikers status aanpassen'
 
     t['tabs.settings'] = 'Gebruikers instellingen'
   end

data/lib/zen/package/users/lib/users/model/permission.rb

@@ -6,6 +6,8 @@ module Users
     # @since  0.3
     #
     class Permission < Sequel::Model
+      include Zen::Model::Helper
+
       many_to_one :user      , :class => 'Users::Model::User'
       many_to_one :user_group, :class => 'Users::Model::UserGroup'
 
@@ -23,6 +25,17 @@ module Users
           validates_presence(:user_id)
         end
       end
+
+      ##
+      # Hook that is executed before creating or saving an object.
+      #
+      # @since 03-01-2012
+      #
+      def before_save
+        sanitize_fields([:permission])
+
+        super
+      end
     end # Permission
   end # Model
 end # Users

data/lib/zen/package/users/lib/users/model/user.rb

@@ -1,16 +1,52 @@
 module Users
-  #:nodoc:
   module Model
     ##
     # Model that represents a single user.
     #
-    # @since  0.1
+    # @example Sending an Email for a new user
+    #  Zen::Event.listen(:after_new_user) do |user|
+    #    Mail.deliver do
+    #      from    'user@domain.tld'
+    #      to      user.email
+    #      subject 'Your new account'
+    #      body    "Dear #{user.name}, your account has been created."
+    #    end
+    #  end
+    #
+    # @since 0.1
+    # @event before_new_user
+    # @event after_new_user
+    # @event before_edit_user
+    # @event after_edit_user
+    # @event before_delete_user
+    # @event after_delete_user
     #
     class User < Sequel::Model
+      ##
       # Regex to do some basic Email validation. Emails such as foo@bar,
-      # foo@bar.com and foo@bar.a.b are all valid but foo bar@bar.com isn't.
+      # "foo@bar.com" and "foo@bar.a.b" are all valid but "foo bar@bar.com"
+      # isn't.
+      #
       EMAIL_REGEX = '^[^@]\S+@\S+(\.[a-z]+)*[^.]$'
 
+      ##
+      # Array containing the columns that can be set by the user.
+      #
+      # @since 17-02-2012
+      #
+      COLUMNS = [
+        :email,
+        :name,
+        :website,
+        :password,
+        :confirm_password,
+        :user_status_id,
+        :language,
+        :frontend_language,
+        :date_format,
+        :user_group_pks
+      ]
+
       include Zen::Model::Helper
 
       many_to_many :user_groups, :class => 'Users::Model::UserGroup',
@@ -18,10 +54,19 @@ module Users
 
       many_to_one :user_status, :class => 'Users::Model::UserStatus'
       one_to_many :permissions, :class => 'Users::Model::Permission'
+      one_to_many :widgets,     :class => 'Dashboard::Model::Widget'
 
       plugin :timestamps, :create => :created_at, :update => :updated_at
       plugin :association_dependencies, :permissions => :delete
 
+      plugin :events,
+        :before_create  => :before_new_user,
+        :after_create   => :after_new_user,
+        :before_update  => :before_edit_user,
+        :after_update   => :after_edit_user,
+        :before_destroy => :before_delete_user,
+        :after_destroy  => :after_delete_user
+
       ##
       # Searches for a set of users that match the given query.
       #
@@ -83,7 +128,10 @@ module Users
       def password=(password)
         return if password.nil? or password.empty?
 
-        password = BCrypt::Password.create(password, :cost => 10)
+        password = BCrypt::Password.create(
+          Zen::Security.sanitize(password),
+          :cost => 10
+        )
 
         super(password)
       end
@@ -106,6 +154,11 @@ module Users
       # @since  0.3
       #
       def before_save
+        # Password is sanitized in password=.
+        sanitize_fields([
+          :email, :name, :website, :language, :frontend_language, :date_format
+        ])
+
         if self.user_status_id.nil?
           self.user_status_id = Users::Model::UserStatus[:name => 'closed'].id
         end

data/lib/zen/package/users/lib/users/model/user_group.rb

@@ -4,17 +4,40 @@ module Users
     ##
     # Model that represents a single user group.
     #
-    # @since  0.1
+    # @since 0.1
+    # @event before_new_user_group
+    # @event after_new_user_user
+    # @event before_edit_user_group
+    # @event after_edit_user_group
+    # @event before_delete_user_group
+    # @event after_delete_user_group
     #
     class UserGroup < Sequel::Model
       include Zen::Model::Helper
 
+      ##
+      # Array containing the columns that can be set by the user.
+      #
+      # @since 17-02-2012
+      #
+      COLUMNS = [:name, :slug, :description, :super_group]
+
       many_to_many :users      , :class => 'Users::Model::User'
       one_to_many  :permissions, :class => 'Users::Model::Permission'
 
       plugin :sluggable, :source => :name, :freeze => false
-      plugin :association_dependencies, :permissions => :delete,
-        :users => :nullify
+
+      plugin :association_dependencies,
+        :permissions => :delete,
+        :users       => :nullify
+
+      plugin :events,
+        :before_create  => :before_new_user_group,
+        :after_create   => :after_new_user_group,
+        :before_update  => :before_edit_user_group,
+        :after_update   => :after_edit_user_group,
+        :before_destroy => :before_delete_user_group,
+        :after_destroy  => :after_delete_user_group
 
       ##
       # Searches for a set of users that match the given query.
@@ -40,6 +63,17 @@ module Users
 
         validates_type(TrueClass, :super_group)
       end
+
+      ##
+      # Hook that is executed before creating or saving an object.
+      #
+      # @since 03-01-2012
+      #
+      def before_save
+        sanitize_fields([:name, :slug, :description])
+
+        super
+      end
     end # UserGroup
   end # Model
 end # Users

data/lib/zen/package/users/lib/users/model/user_status.rb

@@ -6,6 +6,10 @@ module Users
     # @since 03-11-2011
     #
     class UserStatus < Sequel::Model
+      one_to_many :users, :class => 'Users::Model::User'
+
+      plugin :association_dependencies, :users => :delete
+
       ##
       # Returns a hash where the keys are the IDs of the various statuses and
       # the values the translations.

data/lib/zen/package/users/lib/users/public/admin/{js/users/permissions.js → users/js/users.js}

@@ -1,3 +1,5 @@
+"use strict";
+
 /**
  * Javascript file loaded by the Users package. The code in this file is used to
  * make it easier for users to check all the checkboxes for a package when
@@ -8,7 +10,7 @@
 window.addEvent('domready', function()
 {
     // Button that can be used to allow all the permissions for a package.
-    $$('.package .button.allow input').addEvent('click', function()
+    $$('.package .button.allow').addEvent('click', function()
     {
         var checkboxes = this.getParent('.package')
             .getChildren('.permissions input[type="checkbox"]');
@@ -20,7 +22,7 @@ window.addEvent('domready', function()
     });
 
     // Button that can be used to deny all the permissions for a package.
-    $$('.package .button.deny input').addEvent('click', function()
+    $$('.package .button.deny').addEvent('click', function()
     {
         var checkboxes = this.getParent('.package')
             .getChildren('.permissions input[type="checkbox"]');

data/lib/zen/package/users/lib/users/view/admin/user-groups/form.xhtml

@@ -3,10 +3,11 @@
         <h1>#{get_breadcrumbs}</h1>
     </header>
 
+    <?r if @user_group.exists? ?>
     <div class="tabs">
         <ul>
             <li>
-                <a href="#user_group_tab"
+                <a href="#user_group_tab" class="icon user_group"
                 title="#{lang('user_groups.titles.edit')}">
                     #{lang('user_groups.titles.edit')}
                 </a>
@@ -14,7 +15,7 @@
 
             <?r if user_authorized?(:show_permission) ?>
             <li>
-                <a href="#permissions"
+                <a href="#permissions" class="icon lock"
                 title="#{lang('permissions.titles.index')}">
                     #{lang('permissions.titles.index')}
                 </a>
@@ -22,56 +23,59 @@
             <?r end ?>
         </ul>
     </div>
+    <?r end ?>
 
-    #{form_for(
-      @user_group,
-      :method => :post,
-      :action => Users::Controller::UserGroups.r(:save),
-      :id     => :user_group_form
-    ) do |f|
-      f.input_hidden(:id, @user_group.id)
-      f.input_hidden(:csrf_token, get_csrf_token)
+    <div class="body">
+        #{form_for(
+          @user_group,
+          :method              => :post,
+          :action              => Users::Controller::UserGroups.r(:save),
+          :id                  => :user_group_form,
+          :'data-autosave-url' => Users::Controller::UserGroups.r(:autosave)
+        ) do |f|
+          f.input_hidden(:id, @user_group.id)
+          f.input_hidden(:csrf_token, get_csrf_token)
 
-      f.g.div(:id => 'user_group_tab') do
-        f.input_text(
-          lang('user_groups.labels.name'),
-          :name,
-          :required  => :required,
-          :maxlength => 255
-        )
+          f.g.div(:id => 'user_group_tab') do
+            f.input_text(
+              lang('user_groups.labels.name'),
+              :name,
+              :required  => :required,
+              :maxlength => 255
+            )
 
-        f.input_text(
-          lang('user_groups.labels.slug'),
-          :slug,
-          :maxlength => 255
-        )
+            f.input_text(
+              lang('user_groups.labels.slug'),
+              :slug,
+              :maxlength => 255
+            )
 
-        f.input_radio(
-          lang('user_groups.labels.super_group'),
-          :super_group,
-          @user_group.super_group,
-          :values   => @boolean_hash.invert,
-          :required => :required
-        )
+            f.input_radio(
+              lang('user_groups.labels.super_group'),
+              :super_group,
+              @user_group.super_group,
+              :values   => @boolean_hash.invert,
+              :required => :required
+            )
 
-        f.textarea(
-          lang('user_groups.labels.description'),
-          :description,
-          :rows => 10
-        )
-      end
+            f.textarea(
+              lang('user_groups.labels.description'),
+              :description,
+              :rows => 10
+            )
+          end
 
-      if user_authorized?(:show_permission)
-        f.g.div(:id => 'permissions') do
-          render_file(__DIR__('../users/permissions.xhtml'))
-        end
-      end
+          if user_authorized?(:show_permission) and @user_group.exists?
+            f.g.div(:id => 'permissions') do
+              render_file(__DIR__('../users/permissions.xhtml'))
+            end
+          end
 
-      f.g.div(:class => 'button') do
-        f.g.input(
-          :type  => 'submit',
-          :value => lang('user_groups.buttons.save')
-        )
-      end
-    end}
+          f.g.input(
+            :type  => 'submit',
+            :value => lang('user_groups.buttons.save'),
+            :class => 'button'
+          )
+        end}
+    </div>
 </section>

data/lib/zen/package/users/lib/users/view/admin/user-groups/index.xhtml

@@ -1,85 +1,78 @@
 <section>
-    #{render_search_form(Users::Controller::UserGroups.r(:index))}
-
-    <header>
+    <header class="with_search">
         <h1>#{get_breadcrumbs}</h1>
+
+        #{render_search_form(Users::Controller::UserGroups.r(:index))}
     </header>
 
-    <form method="post" action="#{Users::Controller::UserGroups.r(:delete)}">
-        <input type="hidden" name="csrf_token" value="#{get_csrf_token}" />
+    <div class="body">
+        <form method="post" action="#{Users::Controller::UserGroups.r(:delete)}">
+            <input type="hidden" name="csrf_token" value="#{get_csrf_token}" />
 
-        <?r if !@user_groups.empty? ?>
+            <?r if !@user_groups.empty? ?>
 
-        <table>
-            <thead>
-                <tr>
-                    <?r if user_authorized?(:delete_user_group) ?>
-                    <th class="no_sort">
-                        <input type="checkbox" />
-                    </th>
-                    <?r end ?>
+            <table>
+                <thead>
+                    <tr>
+                        <?r if user_authorized?(:delete_user_group) ?>
+                        <th class="no_sort">
+                            <input type="checkbox" />
+                        </th>
+                        <?r end ?>
 
-                    <th>#{lang('user_groups.labels.id')}</th>
-                    <th>#{lang('user_groups.labels.name')}</th>
-                    <th>#{lang('user_groups.labels.slug')}</th>
-                    <th>#{lang('user_groups.labels.super_group')}</th>
-                </tr>
-            </thead>
-            <tbody>
-                <?r @user_groups.each do |group| ?>
-                <tr>
-                    <?r if user_authorized?(:delete_user_group) ?>
-                    <td>
-                        <input type="checkbox" name="user_group_ids[]"
-                        value="#{group.id}" />
-                    </td>
-                    <?r end ?>
+                        <th>#{lang('user_groups.labels.id')}</th>
+                        <th>#{lang('user_groups.labels.name')}</th>
+                        <th>#{lang('user_groups.labels.slug')}</th>
+                        <th>#{lang('user_groups.labels.super_group')}</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?r @user_groups.each do |group| ?>
+                    <tr>
+                        <?r if user_authorized?(:delete_user_group) ?>
+                        <td>
+                            <input type="checkbox" name="user_group_ids[]"
+                            value="#{group.id}" />
+                        </td>
+                        <?r end ?>
 
-                    <td>#{group.id}</td>
-                    <td>
-                        #{if user_authorized?(:edit_user_group)
-                          Users::Controller::UserGroups.a(
-                            group.name,
-                            :edit,
-                            group.id
-                          )
-                        else
-                          group.name
-                        end}
-                    </td>
-                    <td>#{group.slug}</td>
-                    <td>#{@boolean_hash[group.super_group]}</td>
-                </tr>
-                <?r end ?>
-            </tbody>
-        </table>
+                        <td>#{group.id}</td>
+                        <td>
+                            #{if user_authorized?(:edit_user_group)
+                              edit_link(
+                                Users::Controller::UserGroups.r(:edit, group.id),
+                                group.name
+                              )
+                            else
+                              group.name
+                            end}
+                        </td>
+                        <td>#{group.slug}</td>
+                        <td>#{@boolean_hash[group.super_group]}</td>
+                    </tr>
+                    <?r end ?>
+                </tbody>
+            </table>
 
-        #{if @user_groups.respond_to?(:navigation) \
-        and @user_groups.page_count > 1
-          @user_groups.navigation
-        end}
+            #{render_pagination(@user_groups)}
 
-        <?r else ?>
+            <?r else ?>
 
-        <p>#{lang('user_groups.messages.no_groups')}</p>
+            <p>#{lang('user_groups.messages.no_groups')}</p>
 
-        <?r end ?>
+            <?r end ?>
 
-        <?r if user_authorized?(:new_user_group) ?>
-        <div class="button">
-            #{Users::Controller::UserGroups.a(
-              lang('user_groups.buttons.new'),
-              :new
+            <?r if user_authorized?(:new_user_group) ?>
+            #{new_button(
+              Users::Controller::UserGroups.r(:new),
+              lang('user_groups.buttons.new')
             )}
-        </div>
-        <?r end ?>
+            <?r end ?>
 
-        <?r if user_authorized?(:delete_user_group) \
-        and !@user_groups.empty? ?>
-        <div class="button">
-            <input type="submit"
-            value="#{lang('user_groups.buttons.delete')}" />
-        </div>
-        <?r end ?>
-    </form>
+            <?r if user_authorized?(:delete_user_group) \
+            and !@user_groups.empty? ?>
+            #{delete_button(lang('user_groups.buttons.delete'))}
+            <?r end ?>
+        </form>
+    </div>
 </section>