Merge c345da3 into 0c2c835

QutEcoacoustics · Mar 20, 2016 · 7669bdf · 7669bdf
2 parents 0c2c835 + c345da3
commit 7669bdf
Show file tree

Hide file tree

Showing 107 changed files with 2,676 additions and 4,070 deletions.
diff --git a/.gitignore b/.gitignore
@@ -44,4 +44,5 @@ external_modules.log
 # ignore private static pages
 /app/views/public/_*
 
+/.bundle
 /.vagrant
diff --git a/.rspec b/.rspec
@@ -1,2 +1,2 @@
 --color
---require spec_helper
+--format progress
diff --git a/Gemfile b/Gemfile
@@ -58,8 +58,8 @@ gem 'font-awesome-sass', '~> 4.5.0'
 
 # for rails 3, 4
 gem 'kaminari'
-gem 'dotiw','~> 3.0.1'
-gem 'recaptcha', '~> 1.1.0',  require: 'recaptcha/rails'
+gem 'dotiw', '~> 3.0.1'
+gem 'recaptcha', '~> 1.1.0', require: 'recaptcha/rails'
 
 # for proper timezone support
 gem 'tzinfo', '~> 1.2.2'

diff --git a/Guardfile b/Guardfile
@@ -1,7 +1,7 @@
 # More info at https://github.com/guard/guard#readme
 notification :off
 
-guard :rspec, cmd: 'bin/rspec --format progress --color' do
+guard :rspec, cmd: 'bin/rspec' do
   watch(%r{^spec/.+_spec\.rb$})
   watch('spec/spec_helper.rb')                         { 'spec' }
 

diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb
@@ -15,7 +15,7 @@ def admin_controller?
     private
 
     def verify_admin
-      fail CanCan::AccessDenied, 'Administrator access only.' unless Access::Check.is_admin?(current_user)
+      fail CanCan::AccessDenied, 'Administrator access only.' unless Access::Core.is_admin?(current_user)
     end
   end
 end
diff --git a/app/controllers/analysis_controller.rb b/app/controllers/analysis_controller.rb
@@ -92,7 +92,7 @@ def system_audio_recordings
   def authorise_custom(request_params, user)
 
     # Can't do anything if not logged in, not in user or admin role, or not confirmed
-    if user.blank? || (!Access::Check.is_standard_user?(user) && !Access::Check.is_admin?(user)) || !user.confirmed?
+    if user.blank? || (!Access::Core.is_standard_user?(user) && !Access::Core.is_admin?(user)) || !user.confirmed?
       fail CanCan::AccessDenied, 'Anonymous users, non-admin and non-users, or unconfirmed users cannot access analysis data.'
     end
 

diff --git a/app/controllers/analysis_jobs_controller.rb b/app/controllers/analysis_jobs_controller.rb
@@ -105,7 +105,7 @@ def analysis_job_update_params
   end
 
   def get_analysis_jobs
-    Access::Query.analysis_jobs(current_user, Access::Core.levels_allow)
+    Access::ByPermission.analysis_jobs(current_user, Access::Core.levels)
   end
 
 end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -63,8 +63,23 @@ class ApplicationController < ActionController::Base
                     (session[:last_seen_at].blank? || Time.zone.at(session[:last_seen_at].to_i) < 10.minutes.ago)
                 }
 
+  # A dummy method to get rid of all the Rubymine errors.
+  # @return [User]
+  def current_user
+    super
+  end
+
+  # A dummy method to get rid of all the Rubymine errors.
+  # @return [Boolean]
+  def user_signed_in?
+    super
+  end
+
   protected
 
+  # Add archived at header to HTTP response
+  # @param [ActiveRecord::Base] model
+  # @return [void]
   def add_archived_at_header(model)
     if model.respond_to?(:deleted_at) && !model.deleted_at.blank?
       response.headers['X-Archived-At'] = model.deleted_at.httpdate # must be a string, can't just pass a Date or Time
@@ -153,6 +168,11 @@ def auth_custom_audio_event(request_params, audio_recording)
     audio_event
   end
 
+  # Authorise audio event by audio recording and offsets
+  # @param [Hash] request_params
+  # @param [AudioRecording] audio_recording
+  # @param [AudioEvent] audio_event
+  # @return [void]
   def auth_custom_offsets(request_params, audio_recording, audio_event)
     # check offsets are within range
 

diff --git a/app/controllers/audio_event_comments_controller.rb b/app/controllers/audio_event_comments_controller.rb
@@ -9,7 +9,7 @@ def index
 
     @audio_event_comments, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.audio_event_comments(@audio_event, current_user),
+        Access::ByPermission.audio_event_comments(current_user, Access::Core.levels, @audio_event),
         AudioEventComment,
         AudioEventComment.filter_settings
     )
@@ -58,7 +58,7 @@ def update
     # allow any logged in user to flag an audio comment
     # only the user that created the audio comment (or admin) can update any other attribute
     is_creator = @audio_event_comment.creator.id == current_user.id
-    is_admin = Access::Check.is_admin?(current_user)
+    is_admin = Access::Core.is_admin?(current_user)
     is_changing_only_flag =
         (audio_event_comment_update_params.include?(:audio_event_comment) &&
             ([:flag] - audio_event_comment_update_params[:audio_event_comment].symbolize_keys.keys).empty?)
@@ -93,7 +93,7 @@ def filter
 
     filter_response, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.comments(current_user),
+        Access::ByPermission.audio_event_comments(current_user),
         AudioEventComment,
         AudioEventComment.filter_settings
     )

diff --git a/app/controllers/audio_events_controller.rb b/app/controllers/audio_events_controller.rb
@@ -12,7 +12,7 @@ def index
 
     @audio_events, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.audio_recording_audio_events(@audio_recording, current_user),
+        Access::ByPermission.audio_events(current_user, Access::Core.levels, @audio_recording),
         AudioEvent,
         AudioEvent.filter_settings
     )
@@ -88,7 +88,7 @@ def filter
 
     filter_response, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.audio_events(current_user),
+        Access::ByPermission.audio_events(current_user),
         AudioEvent,
         AudioEvent.filter_settings
     )

diff --git a/app/controllers/audio_recordings_controller.rb b/app/controllers/audio_recordings_controller.rb
@@ -10,7 +10,7 @@ def index
 
     @audio_recordings, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.audio_recordings(current_user),
+        Access::ByPermission.audio_recordings(current_user),
         AudioRecording,
         AudioRecording.filter_settings
     )
@@ -50,9 +50,9 @@ def create
     uploader_id = audio_recording_params[:uploader_id].to_i
     user_exists = User.exists?(uploader_id)
     user = User.where(id: uploader_id).first
-    actual_level = Access::Level.project(user, @project)
+    actual_level = Access::Core.user_levels(user, @project)
     requested_level = :writer
-    is_allowed = Access::Check.allowed?(requested_level, actual_level)
+    is_allowed = Access::Core.allowed?(requested_level, actual_level)
 
     if !user_exists || !is_allowed
       respond_error(
@@ -133,23 +133,23 @@ def update
   # this is used by the harvester, do not change!
   # GET /projects/:project_id/sites/:site_id/audio_recordings/check_uploader/:uploader_id
   def check_uploader
-    #do_authorize_class - custom auth
+    #do_authorize_class - not used, this action does a custom auth
     get_project_site
 
     # current user should be the harvester
     # uploader_id must have write access to the project
 
     if current_user.blank?
       fail CanCan::AccessDenied.new(I18n.t('devise.failure.unauthenticated'), :check_uploader, AudioRecording)
-    elsif Access::Check.is_harvester?(current_user)
+    elsif Access::Core.is_harvester?(current_user)
       # auth check is skipped, so auth is checked manually here
       uploader_id = params[:uploader_id].to_i
       user_exists = User.exists?(uploader_id)
       user = User.where(id: uploader_id).first
 
-      actual_level = Access::Level.project(user, @project)
+      actual_level = Access::Core.user_levels(user, @project)
       requested_level = :writer
-      is_allowed = Access::Check.allowed?(requested_level, actual_level)
+      is_allowed = Access::Core.allowed?(requested_level, actual_level)
 
       if !user_exists || !is_allowed
         respond_error(
@@ -190,7 +190,7 @@ def filter
 
     filter_response, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.audio_recordings(current_user),
+        Access::ByPermission.audio_recordings(current_user),
         AudioRecording,
         AudioRecording.filter_settings
     )
@@ -203,7 +203,7 @@ def update_status_user_check
     # auth is checked manually here - not sure if this is necessary or not
     if current_user.blank?
       fail CanCan::AccessDenied.new(I18n.t('devise.failure.unauthenticated'), :update_status_user_check, AudioRecording)
-    elsif Access::Check.is_harvester?(current_user)
+    elsif Access::Core.is_harvester?(current_user)
       update_status_params_check
     else
       respond_error(:forbidden, 'only harvester can update audio recordings')

diff --git a/app/controllers/bookmarks_controller.rb b/app/controllers/bookmarks_controller.rb
@@ -7,7 +7,7 @@ def index
 
     @bookmarks, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.bookmarks_modified(current_user),
+        Access::ByUserModified.bookmarks(current_user),
         Bookmark,
         Bookmark.filter_settings
     )
@@ -71,7 +71,7 @@ def filter
 
     filter_response, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.bookmarks_modified(current_user),
+        Access::ByUserModified.bookmarks(current_user),
         Bookmark,
         Bookmark.filter_settings
     )

diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb
@@ -60,7 +60,7 @@ def show
   def authorise_custom(request_params, user)
 
     # Can't do anything if not logged in, not in user or admin role, or not confirmed
-    if user.blank? || (!Access::Check.is_standard_user?(user) && !Access::Check.is_admin?(user)) || !user.confirmed?
+    if user.blank? || (!Access::Core.is_standard_user?(user) && !Access::Core.is_admin?(user)) || !user.confirmed?
       fail CanCan::AccessDenied, 'Anonymous users, non-admin and non-users, or unconfirmed users cannot access media.'
     end
 

diff --git a/app/controllers/permissions_controller.rb b/app/controllers/permissions_controller.rb
@@ -12,7 +12,7 @@ def index
       format.json {
         @permissions, opts = Settings.api_response.response_advanced(
             api_filter_params,
-            Access::Query.project_permissions(@project),
+            Access::ByPermission.permissions(@project),
             Permission,
             Permission.filter_settings)
         respond_index(opts)

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
@@ -7,12 +7,12 @@ def index
 
     respond_to do |format|
       format.html {
-        @projects = Access::Query.projects_accessible(current_user).includes(:creator).references(:creator)
+        @projects = Access::ByPermission.projects(current_user).includes(:creator).references(:creator)
       }
       format.json {
         @projects, opts = Settings.api_response.response_advanced(
             api_filter_params,
-            Access::Query.projects_accessible(current_user),
+            Access::ByPermission.projects(current_user),
             Project,
             Project.filter_settings
         )
@@ -187,7 +187,7 @@ def destroy
   def new_access_request
     do_authorize_class
 
-    @all_projects = Access::Query.projects_inaccessible(current_user).order(name: :asc)
+    @all_projects = Access::ByPermission.projects(current_user, Access::Core.levels_none).order(name: :asc)
     respond_to do |format|
       format.html
     end
@@ -222,7 +222,7 @@ def filter
 
     filter_response, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.projects_accessible(current_user),
+        Access::ByPermission.projects(current_user),
         Project,
         Project.filter_settings
     )

diff --git a/app/controllers/public_controller.rb b/app/controllers/public_controller.rb
@@ -1,18 +1,18 @@
 class PublicController < ApplicationController
   skip_authorization_check only: [
-                               :index, :status,
-                               :website_status,
-                               :credits,
-                               :disclaimers,
-                               :ethics_statement,
-                               :data_upload,
+      :index, :status,
+      :website_status,
+      :credits,
+      :disclaimers,
+      :ethics_statement,
+      :data_upload,
 
-                               :new_contact_us, :create_contact_us,
-                               :new_bug_report, :create_bug_report,
-                               :new_data_request, :create_data_request,
+      :new_contact_us, :create_contact_us,
+      :new_bug_report, :create_bug_report,
+      :new_data_request, :create_data_request,
 
-                               :cors_preflight
-                           ]
+      :cors_preflight
+  ]
 
   # ensure that invalid CORS preflight requests get useful responses
   skip_before_action :verify_authenticity_token, only: :cors_preflight
@@ -255,7 +255,7 @@ def recent_audio_recordings
     if current_user.blank?
       @recent_audio_recordings = AudioRecording.order(order_by_coalesce).limit(7)
     else
-      @recent_audio_recordings = Access::Query.audio_recordings(current_user, Access::Core.levels_allow).includes(site: :projects).order(order_by_coalesce).limit(10)
+      @recent_audio_recordings = Access::ByPermission.audio_recordings(current_user, Access::Core.levels).includes(site: :projects).order(order_by_coalesce).limit(10)
     end
 
   end
@@ -267,14 +267,14 @@ def recent_audio_events
       @recent_audio_events = AudioEvent
           .order(order_by_coalesce)
           .limit(7)
-    elsif Access::Check.is_admin?(current_user)
+    elsif Access::Core.is_admin?(current_user)
       @recent_audio_events = AudioEvent
           .includes([:creator, audio_recording: {site: :projects}])
           .order(order_by_coalesce)
           .limit(10)
     else
-      @recent_audio_events = Access::Query
-          .audio_events(current_user, Access::Core.levels_allow)
+      @recent_audio_events = Access::ByPermission
+          .audio_events(current_user, Access::Core.levels)
           .includes([:updater, audio_recording: :site])
           .order(order_by_coalesce).limit(10)
     end
@@ -301,9 +301,9 @@ def annotation_download
       site = Site.find(site_id)
       msg = "You must have access to the site (#{site.id}) and project(s) (#{site.projects.pluck(:id).join(', ')}) to download annotations."
       fail CanCan::AccessDenied.new(msg, :show, site) if project.nil? || site.nil?
-      fail CanCan::AccessDenied.new(msg, :show, site) unless Access::Check.can?(current_user, :reader, project)
-      Access::Check.check_orphan_site!(site)
-      fail CanCan::AccessDenied.new(msg, :show, site) unless Access::Check.can_any?(current_user, :reader, site.projects)
+      fail CanCan::AccessDenied.new(msg, :show, site) unless Access::Core.can?(current_user, :reader, project)
+      Access::Core.check_orphan_site!(site)
+      fail CanCan::AccessDenied.new(msg, :show, site) unless Access::Core.can_any?(current_user, :reader, site.projects)
       fail CanCan::AccessDenied.new(msg, :show, site) unless project.sites.pluck(:id).include?(site_id)
 
       @annotation_download = {
@@ -319,7 +319,7 @@ def annotation_download
       is_same_user = User.same_user?(current_user, user)
       msg = 'Only admins and annotation creators can download annotations created by a user.'
       fail CanCan::AccessDenied.new(msg, :show, AudioEvent) if user.nil?
-      fail CanCan::AccessDenied.new(msg, :show, AudioEvent) if !Access::Check.is_admin?(current_user) && !is_same_user
+      fail CanCan::AccessDenied.new(msg, :show, AudioEvent) if !Access::Core.is_admin?(current_user) && !is_same_user
 
       @annotation_download = {
           link: download_user_audio_events_path(user_id, selected_timezone_name: selected_timezone_name),

diff --git a/app/controllers/saved_searches_controller.rb b/app/controllers/saved_searches_controller.rb
@@ -85,7 +85,7 @@ def saved_search_params
   end
 
   def get_saved_searches
-    Access::Query.saved_searches(current_user, Access::Core.levels_allow)
+    Access::ByPermission.saved_searches(current_user)
   end
 
 end
diff --git a/app/controllers/sites_controller.rb b/app/controllers/sites_controller.rb
@@ -12,7 +12,7 @@ def index
       format.json {
         @sites, opts = Settings.api_response.response_advanced(
             api_filter_params,
-            Access::Query.project_sites(@project, current_user),
+            Access::ByPermission.sites(current_user, Access::Core.levels, @project),
             Site,
             Site.filter_settings
         )
@@ -162,7 +162,7 @@ def filter
 
     filter_response, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.sites(current_user),
+        Access::ByPermission.sites(current_user),
         Site,
         Site.filter_settings
     )