zen_admin 0.9.2

data/app/javascript/controllers/clipboard_controller.js

@@ -0,0 +1,27 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  copy(event) {
+    event.preventDefault()
+    const button = event.currentTarget
+    const text = button.dataset.clipboardText
+
+    if (!text) return
+
+    navigator.clipboard.writeText(text).then(() => {
+      const originalContent = button.innerHTML
+      button.innerHTML = '<i class="fas fa-check"></i>'
+      button.classList.replace('btn-outline-primary', 'btn-success')
+      button.disabled = true
+
+      setTimeout(() => {
+        button.innerHTML = originalContent
+        button.classList.replace('btn-success', 'btn-outline-primary')
+        button.disabled = false
+      }, 2000)
+    }).catch(err => {
+      console.error('Failed to copy: ', err)
+      alert('复制失败，请手动复制')
+    })
+  }
+}

data/app/javascript/controllers/index.js

@@ -0,0 +1,5 @@
+import { application } from "controllers/application"
+
+// Eager load all controllers defined in the import map under controllers/**/*_controller
+import { eagerLoadControllersFrom } from "@hotwired/stimulus-loading"
+eagerLoadControllersFrom("controllers", application)

data/app/javascript/controllers/layout_controller.js

@@ -0,0 +1,48 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  toggleSidebar(event) {
+    event.preventDefault()
+    document.body.classList.toggle('sidebar-collapse')
+    document.body.classList.toggle('sidebar-open')
+  }
+
+  toggleFullscreen(event) {
+    event.preventDefault()
+    if (!document.fullscreenElement) {
+      document.documentElement.requestFullscreen()
+    } else {
+      if (document.exitFullscreen) {
+        document.exitFullscreen()
+      }
+    }
+  }
+
+  previewImage(event) {
+    const url = event.currentTarget.dataset.previewUrl;
+    if (!url) return;
+
+    let modalEl = document.getElementById('zenImagePreviewModal');
+    if (!modalEl) {
+      const html = `
+        <div class="modal fade" id="zenImagePreviewModal" tabindex="-1" aria-hidden="true">
+          <div class="modal-dialog modal-dialog-centered modal-xl">
+            <div class="modal-content bg-transparent border-0 shadow-none">
+              <div class="modal-body p-0 text-center position-relative">
+                <button type="button" class="btn-close btn-close-white position-absolute" data-bs-dismiss="modal" style="top: -30px; right: 0;"></button>
+                <img id="zenPreviewImg" src="" class="img-fluid rounded shadow-lg" style="max-height: 85vh; border: 4px solid white;">
+              </div>
+            </div>
+          </div>
+        </div>`;
+      document.body.insertAdjacentHTML('beforeend', html);
+      modalEl = document.getElementById('zenImagePreviewModal');
+    }
+
+    const img = modalEl.querySelector('#zenPreviewImg');
+    img.src = url;
+
+    const modal = new bootstrap.Modal(modalEl);
+    modal.show();
+  }
+}

data/app/javascript/controllers/menu_group_controller.js

@@ -0,0 +1,40 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = ["treeview"]
+
+  get storageKey() {
+    return `zen_admin_menu_group_${this.element.textContent.trim().split('\n')[0].trim()}`
+  }
+
+  connect() {
+    // Check if any child link is active, if so, expand the group
+    const hasActiveChild = !!this.element.querySelector('.nav-link.active')
+    const isSavedOpen = localStorage.getItem(this.storageKey) === 'open'
+
+    if (hasActiveChild || isSavedOpen) {
+      this.open()
+    }
+  }
+
+  toggle(event) {
+    event.preventDefault()
+    if (this.element.classList.contains("menu-open")) {
+      this.close()
+    } else {
+      this.open()
+    }
+  }
+
+  open() {
+    this.element.classList.add("menu-is-opening", "menu-open")
+    this.treeviewTarget.style.display = "block"
+    localStorage.setItem(this.storageKey, 'open')
+  }
+
+  close() {
+    this.element.classList.remove("menu-is-opening", "menu-open")
+    this.treeviewTarget.style.display = "none"
+    localStorage.removeItem(this.storageKey)
+  }
+}

data/app/javascript/controllers/modal_controller.js

@@ -0,0 +1,31 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  connect() {
+    this.modal = new bootstrap.Modal(this.element, {
+      keyboard: false,
+      backdrop: 'static'
+    })
+    this.modal.show()
+  }
+
+  disconnect() {
+    if (this.modal) {
+      this.modal.hide()
+    }
+  }
+
+  close(event) {
+    if (event) event.preventDefault()
+    this.modal.hide()
+    // Optional: Remove the modal content or frame src
+    // this.element.remove() 
+  }
+  
+  // Called when form submission is successful
+  submitEnd(event) {
+    if (event.detail.success) {
+      this.modal.hide()
+    }
+  }
+}

data/app/javascript/controllers/toast_controller.js

@@ -0,0 +1,14 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = ["element"]
+  
+  connect() {
+    // Auto-hide after 3 seconds
+    setTimeout(() => {
+      if (this.hasElementTarget) {
+        $(this.elementTarget).alert('close') // Use Bootstrap's alert close if jQuery available, or custom
+      }
+    }, 3000)
+  }
+}

data/app/javascript/controllers/tom_select_controller.js

@@ -0,0 +1,35 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  connect() {
+    this.init();
+  }
+
+  init() {
+    // 关键：检查全局变量是否存在
+    if (typeof TomSelect === 'undefined') {
+      console.warn("TomSelect not ready, retrying...");
+      setTimeout(() => this.init(), 50);
+      return;
+    }
+
+    // 初始化 TomSelect
+    this.select = new TomSelect(this.element, {
+      plugins: ['remove_button'],
+      placeholder: '请选择...',
+      allowEmptyOption: true,
+      maxItems: null,
+      hidePlaceholder: true,
+      onInitialize: function() {
+        // 样式微调
+        this.wrapper.classList.add('zen-ts-wrapper');
+      }
+    });
+  }
+
+  disconnect() {
+    if (this.select) {
+      this.select.destroy();
+    }
+  }
+}

data/app/javascript/zen_admin/application.js

@@ -0,0 +1,12 @@
+// 核心：引入 Rails 全局环境
+import "@hotwired/turbo-rails"
+import "controllers"
+import "trix"
+import "@rails/actiontext"
+
+// 补全：必须引入并启动 ActiveStorage，它负责处理直传逻辑
+import * as ActiveStorage from "@rails/activestorage"
+ActiveStorage.start()
+
+// 关键：虽然 Rails 7+ 倾向于不使用 UJS，但 Trix 的上传依然依赖它来自动处理 CSRF
+// 或者我们需要手动配置。为了最稳妥，我们直接在全局环境启动

data/app/jobs/zen_admin/application_job.rb

@@ -0,0 +1,4 @@
+module ZenAdmin
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/zen_admin/application_mailer.rb

@@ -0,0 +1,6 @@
+module ZenAdmin
+  class ApplicationMailer < ActionMailer::Base
+    default from: "from@example.com"
+    layout "mailer"
+  end
+end

data/app/models/zen_admin/application_record.rb

@@ -0,0 +1,5 @@
+module ZenAdmin
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/zen_admin/asset.rb

@@ -0,0 +1,43 @@
+module ZenAdmin
+  class Asset < ApplicationRecord
+    self.table_name = "zen_admin_assets"
+    has_one_attached :file
+
+    zen_admin do |resource|
+      resource.label :'zen_admin.models.asset.fields.file', :'zen_admin.models.asset.fields.file'
+      resource.menu label: :'zen_admin.builtin.assets', icon: "fas fa-images", position: 99, group: "系统管理"
+      resource.soft_delete = false
+      resource.enable_batch_actions
+      resource.batch_action :delete, label: :'zen_admin.actions.delete', type: :danger, confirm: I18n.t('zen_admin.ui.confirm_delete') do |records|
+        records.destroy_all
+      end
+      
+      resource.list do
+        field :file, label: :'zen_admin.models.asset.fields.file'
+        field :name, label: :'zen_admin.models.asset.fields.name'
+        field :id, label: :'zen_admin.models.asset.fields.id' do |asset|
+          if asset.file.attached?
+            url = Rails.application.routes.url_helpers.rails_blob_url(asset.file, host: "localhost:3000") rescue "#"
+            render "zen_admin/builtin/copy_button", url: url
+          end
+        end
+        field :created_at, label: :'zen_admin.models.asset.fields.created_at'
+      end
+
+      resource.form do
+        field :name, label: :'zen_admin.models.asset.fields.name', required: true
+        field :file, label: :'zen_admin.models.asset.fields.file', type: :file
+      end
+
+      resource.show do
+        field :name, label: :'zen_admin.models.asset.fields.name'
+        field :file, label: :'zen_admin.models.asset.fields.file' do |asset|
+          if asset.file.attached?
+            url = Rails.application.routes.url_helpers.rails_blob_url(asset.file, host: "localhost:3000") rescue ""
+            render "zen_admin/builtin/file_link", url: url
+          end
+        end
+      end
+    end
+  end
+end

data/app/models/zen_admin/audit_log.rb

@@ -0,0 +1,116 @@
+module ZenAdmin
+  class AuditLog < ApplicationRecord
+    self.table_name = "zen_admin_audit_logs"
+
+    def self.record(user, resource, action, changes: nil, note: nil, request: nil)
+      return unless ZenAdmin.configuration.audit_log_enable
+
+      # 获取资源类型
+      res_type = resource.is_a?(Class) ? resource.name : resource.class.name
+      
+      # 过滤掉回收站自身的审计
+      return if res_type == "ZenAdmin::TrashItem"
+
+      create(
+        admin_user_id: user.try(:id),
+        admin_username: user.try(:username),
+        resource_type: res_type,
+        resource_id: resource.respond_to?(:id) ? resource.id : nil,
+        action: action,
+        note: note,
+        changes_data: changes,
+        ip_address: request.try(:remote_ip),
+        user_agent: request.try(:user_agent),
+        created_at: Time.current
+      )
+    end
+
+    def zen_admin_editable?; false; end
+    def zen_admin_deletable?; false; end
+
+    zen_admin do |resource|
+      resource.label :'zen_admin.models.audit_log.one', :'zen_admin.models.audit_log.other'
+      resource.menu label: :'zen_admin.models.audit_log.other', icon: "fas fa-history", position: 105
+      resource.actions = [:index, :show]
+      resource.soft_delete = false
+      
+      resource.list do
+        field :admin_username, label: :'zen_admin.models.audit_log.fields.admin_username'
+        field :resource_type, label: :'zen_admin.models.audit_log.fields.resource_type' do |log|
+          res = ZenAdmin::Registry.instance[log.resource_type]
+          res ? res.label : log.resource_type
+        end
+        field :action, label: :'zen_admin.models.audit_log.fields.action' do |log|
+          color = case log.action
+                  when 'create' then 'success'
+                  when 'update' then 'info'
+                  when 'destroy', 'move_to_trash', 'soft_delete' then 'danger'
+                  when 'restore' then 'success'
+                  else 'secondary'
+                  end
+          
+          action_key = log.action.to_s
+          clean_key = action_key.gsub(/^(bulk_|member_)/, '')
+          label = I18n.t("zen_admin.actions.#{clean_key}", default: clean_key)
+          label = "批量#{label}" if action_key.start_with?('bulk_')
+          
+          content_tag :span, label, class: "badge bg-#{color}"
+        end
+        field :note, label: "业务备注"
+        field :created_at, label: :'zen_admin.models.audit_log.fields.created_at' do |log|
+          tz = ZenAdmin.configuration.try(:time_zone) || "UTC"
+          log.created_at.in_time_zone(tz).strftime("%Y-%m-%d %H:%M:%S")
+        end
+      end
+
+      resource.show do
+        field :admin_username, label: "操作员"
+        field :action, label: "操作标识"
+        field :note, label: "业务说明"
+        field :resource_type, label: "资源类型" do |log|
+          res = ZenAdmin::Registry.instance[log.resource_type]
+          res ? "#{res.label} (#{log.resource_type})" : log.resource_type
+        end
+        field :resource_id, label: "主资源 ID"
+        
+        field :changes_data, label: "详细数据" do |log|
+          if log.changes_data.present?
+            content_tag :div do
+              if log.changes_data["ids"].is_a?(Array)
+                ids = log.changes_data["ids"]
+                model_class = log.resource_type.safe_constantize
+                header = content_tag(:div, "涉及资源 (共 #{ids.count} 个):", class: "small fw-bold text-muted mb-2")
+                
+                # 批量加载，避免 N+1
+                records_map = model_class ? model_class.where(id: ids).index_by { |r| r.id.to_s } : {}
+
+                tags = content_tag(:div, class: "d-flex flex-wrap gap-2 mb-3") do
+                  ids.map do |id|
+                    record = records_map[id.to_s]
+                    res_name = log.resource_type.underscore.pluralize.gsub('/', '_') rescue nil
+                    if record && res_name
+                      display_label = record.try(:title) || record.try(:name) || record.try(:username) || "##{id}"
+                      link_to display_label, ui_resource_path(res_name, id), data: { turbo_frame: "modal" }, class: "badge bg-info text-white text-decoration-none"
+                    else
+                      content_tag :span, "##{id} (已删除)", class: "badge bg-light text-muted border"
+                    end
+                  end.join.html_safe
+                end
+                header + tags + content_tag(:hr) + content_tag(:pre, JSON.pretty_generate(log.changes_data), class: "p-2 bg-light small rounded")
+              else
+                content_tag :pre, JSON.pretty_generate(log.changes_data), class: "p-3 bg-light rounded"
+              end
+            end
+          else
+            "无数据变动"
+          end
+        end
+        field :ip_address, label: "IP"
+        field :created_at, label: "时间" do |log|
+          tz = ZenAdmin.configuration.try(:time_zone) || "UTC"
+          log.created_at.in_time_zone(tz).strftime("%Y-%m-%d %H:%M:%S")
+        end
+      end
+    end
+  end
+end

data/app/models/zen_admin/permission.rb

@@ -0,0 +1,73 @@
+module ZenAdmin
+  class Permission < ApplicationRecord
+    self.table_name = "zen_admin_permissions"
+    
+    has_and_belongs_to_many :roles, join_table: "zen_admin_roles_permissions"
+
+    def self.sync_from_registry!
+      return unless table_exists?
+
+      ZenAdmin::Registry.instance.all.each do |res|
+        # 1. 基础动作
+        base_actions = ["index", "show", "create", "update", "destroy"]
+        
+        # 2. 自定义动作 (Batch & Member)
+        custom_actions = (res.batch_actions.keys + res.member_actions.keys).map(&:to_s)
+        
+        all_actions = (base_actions + custom_actions).uniq
+        
+        raw_label = res.instance_variable_get(:@resource_label_singular)
+        res_label = if raw_label.is_a?(Symbol)
+                      I18n.t(raw_label, locale: :'zh-CN', default: res.model.model_name.human)
+                    else
+                      raw_label || res.model.model_name.human
+                    end
+        
+        all_actions.each do |action|
+          code = "#{res.name}:#{action}"
+          action_label = case action
+                         when "index"   then "列表"
+                         when "show"    then "详情"
+                         when "create"  then "创建"
+                         when "update"  then "编辑"
+                         when "destroy" then "删除"
+                         else action.humanize # 自定义动作直接显示名
+                         end
+          
+          name = "#{res_label} - #{action_label}"
+          p = find_or_initialize_by(code: code)
+          p.name = name
+          p.save! if p.changed?
+        end
+      end
+    end
+
+    zen_admin do |resource|
+      resource.label :'zen_admin.models.permission.one', :'zen_admin.models.permission.other'
+      resource.menu label: :'zen_admin.models.permission.other', icon: "fas fa-key", position: 92, visible: ZenAdmin.configuration.rbac_enable, group: "系统管理"
+      resource.list do
+        field :name, label: :'zen_admin.models.permission.fields.name'
+        field :code, label: :'zen_admin.models.permission.fields.code'
+      end
+      resource.form do
+        field :name, label: :'zen_admin.models.permission.fields.name', required: true
+        
+        # 动态计算可用权限建议
+        help_text = lambda do
+          suggestions = []
+          ZenAdmin::Registry.instance.all.each do |res|
+            suggestions << "#{res.name}:index"
+            suggestions << "#{res.name}:show"
+            suggestions << "#{res.name}:create"
+            suggestions << "#{res.name}:update"
+            suggestions << "#{res.name}:destroy"
+          end
+          
+          "<div class='mt-2 p-2 bg-dark text-light rounded'><div class='small mb-1 font-weight-bold'>建议的标识符格式：</div><pre class='mb-0 text-success' style='font-size: 11px;'>#{suggestions.join("\n")}</pre></div>"
+        end
+
+        field :code, label: :'zen_admin.models.permission.fields.code', required: true, help: help_text.call
+      end
+    end
+  end
+end

data/app/models/zen_admin/role.rb

@@ -0,0 +1,45 @@
+module ZenAdmin
+  class Role < ApplicationRecord
+    self.table_name = "zen_admin_roles"
+    
+    has_and_belongs_to_many :users, join_table: "zen_admin_users_roles"
+    has_and_belongs_to_many :permissions, join_table: "zen_admin_roles_permissions"
+
+    validates :name, presence: true, uniqueness: true
+    validates :code, presence: true, uniqueness: true
+
+    zen_admin do |resource|
+      resource.label :'zen_admin.models.role.one', :'zen_admin.models.role.other'
+      resource.menu label: :'zen_admin.models.role.other', icon: "fas fa-user-shield", position: 91, visible: ZenAdmin.configuration.rbac_enable, group: "系统管理"
+      resource.list do
+        field :name, label: :'zen_admin.models.role.fields.name'
+        field :code, label: :'zen_admin.models.role.fields.code'
+        field :permissions, label: :'zen_admin.models.role.fields.permissions' do |role, label|
+          if role.code == "superadmin"
+            content_tag :span, "所有权限 (ALL)", class: "badge badge-danger p-2"
+          else
+            # label 此时已经是逗号分隔的权限名称字符串了
+            content_tag :div, class: "d-flex flex-wrap", style: "gap: 4px;" do
+              role.permissions.first(5).map do |p|
+                content_tag :span, p.name, class: "badge badge-info"
+              end.join.html_safe + (content_tag(:span, "+#{role.permissions.count - 5}", class: "text-muted small") if role.permissions.count > 5).to_s.html_safe
+            end
+          end
+        end
+      end
+      resource.form do
+        field :name, label: :'zen_admin.models.role.fields.name', required: true
+        field :code, label: :'zen_admin.models.role.fields.code', required: true, help: "建议使用英文，如 'editor', 'superadmin'"
+        field :permission_ids, label: :'zen_admin.models.role.fields.permission_ids', type: :multi_select, collection: -> { ZenAdmin::Permission.all.map { |p| [p.name, p.id] } }
+      end
+    end
+
+    def zen_admin_deletable?
+      code != "superadmin"
+    end
+
+    def zen_admin_editable?
+      code != "superadmin"
+    end
+  end
+end

data/app/models/zen_admin/trash_item.rb

@@ -0,0 +1,98 @@
+module ZenAdmin
+  class TrashItem < ApplicationRecord
+    self.table_name = "zen_admin_trash_items"
+
+    def self.move_to_trash(record, admin_user)
+      snapshot = record.attributes
+      associations = {}
+      record.class.reflect_on_all_associations(:has_and_belongs_to_many).each do |assoc|
+        associations[assoc.name.to_s] = record.send("#{assoc.name.to_s.singularize}_ids")
+      end
+      snapshot["_zen_associations"] = associations
+
+      create!(
+        resource_type: record.class.name,
+        resource_id: record.id,
+        resource_label: record.try(:title) || record.try(:name) || record.try(:username) || "##{record.id}",
+        data: snapshot,
+        admin_username: admin_user.try(:username),
+        created_at: Time.current
+      )
+      record.destroy!
+    end
+
+    def restore!
+      klass = resource_type.constantize
+      
+      # 1. 检查 ID 占用冲突
+      if klass.exists?(resource_id)
+        return { success: false, message: "还原失败：原始 ID (##{resource_id}) 已被新数据占用。" }
+      end
+
+      snapshot = data.dup
+      associations = snapshot.delete("_zen_associations") || {}
+      
+      # 2. 还原基础记录
+      record = klass.new(snapshot)
+      record.id = resource_id
+      
+      if record.save
+        # 3. 尝试还原多对多关联
+        associations.each do |name, ids|
+          method_name = "#{name.to_s.singularize}_ids="
+          record.send(method_name, ids) if record.respond_to?(method_name)
+        rescue => e
+          Rails.logger.error "[ZenAdmin] Failed to restore association #{name}: #{e.message}"
+        end
+
+        # 4. 关键：同步数据库自增序列 (针对 PostgreSQL)
+        sync_db_sequence(klass)
+        
+        destroy
+        return { success: true }
+      else
+        return { success: false, message: record.errors.full_messages.join(", ") }
+      end
+    rescue => e
+      Rails.logger.error "[ZenAdmin] Restore failed: #{e.message}"
+      return { success: false, message: e.message }
+    end
+
+    private
+
+    def sync_db_sequence(klass)
+      # 仅在 PostgreSQL 下需要手动重置序列，MySQL 会自动处理
+      if ActiveRecord::Base.connection.respond_to?(:reset_pk_sequence!)
+        ActiveRecord::Base.connection.reset_pk_sequence!(klass.table_name)
+      end
+    end
+
+    # 保持原本的 method_missing 逻辑...
+    def method_missing(method, *args, &block)
+      if data.has_key?(method.to_s)
+        data[method.to_s]
+      else
+        super
+      end
+    end
+
+    def respond_to_missing?(method, include_private = false)
+      data.has_key?(method.to_s) || super
+    end
+
+    zen_admin do |resource|
+      resource.label :'zen_admin.models.trash_item.one', :'zen_admin.models.trash_item.other'
+      resource.menu visible: false
+      resource.actions = [:index, :show, :destroy]
+      resource.list do
+        field :resource_label, label: "资源名称"
+        field :resource_type, label: "类型" do |item|
+          res = ZenAdmin::Registry.instance[item.resource_type]
+          res ? res.label : item.resource_type
+        end
+        field :admin_username, label: "删除者"
+        field :created_at, label: "删除时间"
+      end
+    end
+  end
+end

data/app/models/zen_admin/user.rb

@@ -0,0 +1,37 @@
+module ZenAdmin
+  class User < ApplicationRecord
+    self.table_name = "zen_admin_users"
+    has_secure_password
+
+    has_and_belongs_to_many :roles, join_table: "zen_admin_users_roles"
+    
+    validates :username, presence: true, uniqueness: true
+
+    zen_admin do |resource|
+      resource.label :'zen_admin.models.user.one', :'zen_admin.models.user.other'
+      resource.menu label: :'zen_admin.models.user.other', icon: "fas fa-users-cog", position: 90, visible: ZenAdmin.configuration.rbac_enable, group: "系统管理"
+      resource.list do
+        field :username, label: :'zen_admin.models.user.fields.username'
+        field :roles, label: :'zen_admin.models.user.fields.roles'
+        field :created_at, label: :'zen_admin.models.user.fields.created_at'
+      end
+      resource.form do
+        field :username, label: :'zen_admin.models.user.fields.username', required: true
+        field :password, label: :'zen_admin.models.user.fields.password', type: :password
+        field :role_ids, label: :'zen_admin.models.user.fields.roles', type: :multi_select, collection: -> { ZenAdmin::Role.all.map { |r| [r.name, r.id] } }
+      end
+    end
+
+    def can?(permission_name)
+      super_admin? || permissions.include?(permission_name.to_s)
+    end
+
+    def super_admin?
+      roles.any? { |r| r.code == "superadmin" }
+    end
+
+    def permissions
+      @permissions ||= roles.includes(:permissions).flat_map { |r| r.permissions.map(&:code) }.uniq
+    end
+  end
+end