ui tweaks, mainly simplifications; also add some security re mass ass…

…ignment
davearonson · Jan 1, 2012 · a5ffeef · a5ffeef
1 parent e376983
commit a5ffeef
Show file tree

Hide file tree

Showing 22 changed files with 96 additions and 145 deletions.
diff --git a/app/assets/javascripts/thedecider.js b/app/assets/javascripts/thedecider.js
@@ -0,0 +1,6 @@
+// put focus on first visible input, if any
+$(document).ready( function() {
+  var tgts = $('input:visible');
+  if( tgts.length != 0 ) tgts.first().focus();
+});
+
diff --git a/app/assets/stylesheets/main.css.scss b/app/assets/stylesheets/main.css.scss
@@ -24,15 +24,15 @@ div.form_item {
 
 div#main {
   background-color: rgba(0, 0, 255, 0.96);
-  border:2px solid;
-  border-radius:25px;
-  box-shadow: 10px 10px 5px gray;
+  border: .2em solid;
+  border-radius: 2em;
+  box-shadow: .5em .5em 1em black;
   color: white;
-  margin-top: 20px;
-  margin-bottom: 20px;
+  margin-top: 2em;
+  margin-bottom: 2em;
   margin-left: auto;
   margin-right: auto;
-  padding: 20px 40px 20px;
+  padding: 2em 4em 2em;
 }
 
 /* note that this is INSIDE main */

diff --git a/app/assets/stylesheets/scaffolds.css.scss b/app/assets/stylesheets/scaffolds.css.scss
@@ -10,8 +10,8 @@ p, ol, ul, td {
 
 pre {
   background-color: #eee;
-  padding: 10px;
-  font-size: 11px; }
+  padding: 1em;
+  font-size: 11pt; }
 
 a {
   color: #000;
@@ -23,32 +23,32 @@ a {
 
 div {
   &.field, &.actions {
-    margin-bottom: 10px; } }
+    margin-bottom: 1em; } }
 
 #notice {
   color: green; }
 
 .field_with_errors {
-  padding: 2px;
+  padding: .2em;
   background-color: red;
   display: table; }
 
 #error_explanation {
-  width: 450px;
-  border: 2px solid red;
-  padding: 7px;
+  width: 45em;
+  border: .2em solid red;
+  padding: .7em;
   padding-bottom: 0;
-  margin-bottom: 20px;
+  margin-bottom: 2em;
   background-color: #f0f0f0;
   h2 {
     text-align: left;
     font-weight: bold;
-    padding: 5px 5px 5px 15px;
-    font-size: 12px;
-    margin: -7px;
+    padding: .5em .5em .5em 1.5em;
+    font-size: 14pt;
+    margin: -.7em;
     margin-bottom: 0px;
     background-color: #c00;
     color: #fff; }
   ul li {
-    font-size: 12px;
+    font-size: 14pt;
     list-style: square; } }
diff --git a/app/controllers/alternatives_controller.rb b/app/controllers/alternatives_controller.rb
@@ -7,8 +7,8 @@ class AlternativesController < ApplicationController
   def new
     @title = 'New Alternative'
     @alternative = Alternative.new
-    @alternative.decision_id = params[:decision_id]
-    return if ! can_access Decision.find @alternative.decision_id
+    @decision_id = params[:decision_id]
+    return if ! can_access Decision.find @decision_id
     respond_to do |format|
       format.html # new.html.erb
       format.json { render json: @alternative }
@@ -20,6 +20,8 @@ def new
   def create
     @title = 'New Alternative'
     @alternative = Alternative.new(params[:alternative])
+    @decision_id = params[:alternative][:decision_id]
+    return if ! can_access Decision.find(@decision_id)
     respond_to do |format|
       if @alternative && can_access(@alternative) && @alternative.save
         format.html { redirect_to @alternative.decision,
@@ -36,6 +38,7 @@ def create
   # PUT /alternatives/1.json
   def update
     @title = 'Edit Alternative'
+    @decision_id = params[:alternative][:decision_id]
     respond_to do |format|
       if @alternative.update_attributes(params[:alternative])
         format.html { redirect_to @alternative.decision,

diff --git a/app/controllers/decisions_controller.rb b/app/controllers/decisions_controller.rb
@@ -8,7 +8,6 @@ def index
     @show_all = @user.is_admin?
     @decisions = @show_all ? Decision.all : current_user.decisions
     @title = "#{@user.is_admin? ? 'Everybody' : @user.username}'s Decisions"
-    @decision = Decision.new  # for the form, just in case
     respond_to do |format|
       format.html # index.html.erb
       format.json { render json: @decisions }
@@ -61,8 +60,6 @@ def show
         @scores[alt.id] = Level::Medium
       end
     end
-    @alternative = Alternative.new
-    @factor = Factor.new
 
     respond_to do |format|
       format.html # show.html.erb
@@ -76,7 +73,7 @@ def new
     @title = 'New Decision'
     @decision = Decision.new
     @decision.user_id = current_user.id
-    make_subparts
+    @show_all = @user.is_admin?
     respond_to do |format|
       format.html # new.html.erb
       format.json { render json: @decision }
@@ -86,14 +83,15 @@ def new
   # GET /decisions/1/edit
   def edit
     @title = 'Edit Decision'
-    make_subparts
+    @show_all = @user.is_admin?
   end
 
   # POST /decisions
   # POST /decisions.json
   def create
     @title = 'New Decision'
     @decision = Decision.new(params[:decision])
+    @show_all = @user.is_admin?
     respond_to do |format|
       if @decision.save
         format.html { redirect_to @decision,
@@ -149,12 +147,4 @@ def get_decision
     @decision = nil if ! can_access @decision
   end
 
-  # since they are on the new/edit form we need them if we're creating or editing
-  def make_subparts
-    @alternative = Alternative.new
-    @alternative.decision_id = @decision.id
-    @factor = Factor.new
-    @factor.decision_id = @decision.id
-  end
-
 end
diff --git a/app/controllers/factors_controller.rb b/app/controllers/factors_controller.rb
@@ -7,25 +7,21 @@ class FactorsController < ApplicationController
   def new
     @title = 'New Factor'
     @factor = Factor.new
-    @factor.decision_id = params[:decision_id]
-    return if ! can_access Decision.find @factor.decision_id
+    @decision_id = params[:decision_id]
+    return if ! can_access Decision.find @decision_id
     respond_to do |format|
       format.html # new.html.erb
       format.json { render json: @factor }
     end
   end
 
-  # GET /factors/1/edit
-  def edit
-    @title = 'Edit Factor'
-    @factor = Factor.find(params[:id])
-  end
-
   # POST /factors
   # POST /factors.json
   def create
     @title = 'New Factor'
     @factor = Factor.new(params[:factor])
+    @decision_id = params[:factor][:decision_id]
+    return if ! can_access Decision.find(@decision_id)
     respond_to do |format|
       if @factor && can_access(@factor) && @factor.save
         format.html { redirect_to @factor.decision,
@@ -42,6 +38,7 @@ def create
   # PUT /factors/1.json
   def update
     @title = 'Edit Factor'
+    @decision_id = params[:factor][:decision_id]
     respond_to do |format|
       if @factor.update_attributes(params[:factor])
         format.html { redirect_to @factor.decision,

diff --git a/app/models/alternative.rb b/app/models/alternative.rb
@@ -2,8 +2,15 @@ class Alternative < ActiveRecord::Base
 
   belongs_to :decision
 
+  # just in case -- "design for evil clients"
+  validates_presence_of :decision_id
+
   has_many :rankings, :dependent => :destroy
 
+  # this has security applied in controller; see can_access call
+  attr_accessible :decision_id
+
+  attr_accessible :name
   validates :name, :length => { :minimum => 2, :maximum => 20 },
             :presence => true
             # :uniqueness => true -- NOT YET, NEED TO SCOPE W/IN DECISION!

diff --git a/app/models/decision.rb b/app/models/decision.rb
@@ -2,9 +2,16 @@ class Decision < ActiveRecord::Base
 
   belongs_to :user
 
+  # just in case -- "design for evil clients"
+  validates_presence_of :user
+
+  # this has security applied in controller; see can_access call
+  attr_accessible :user_id
+
   has_many :alternatives, :dependent => :destroy
   has_many :factors, :dependent => :destroy
 
+  attr_accessible :name
   validates :name, :length => { :minimum => 2, :maximum => 20 },
             :presence => true,
             :uniqueness => true

diff --git a/app/models/factor.rb b/app/models/factor.rb
@@ -2,11 +2,22 @@ class Factor < ActiveRecord::Base
 
   belongs_to :decision
 
+  # just in case -- "design for evil clients"
+  validates_presence_of :decision_id
+
   has_many :rankings, :dependent => :destroy
 
+  # this has security applied in controller; see can_access call
+  attr_accessible :decision_id
+
+  attr_accessible :name, :weight_id
   validates :name, :length => { :minimum => 2, :maximum => 20 },
             :presence => true
             # :uniqueness => true -- NOT YET, NEED TO SCOPE W/IN DECISION!
+  validates :weight_id, :numericality => { :only_integer => true,
+                                           :greater_than_or_equal_to => Level::Very_Low,
+                                           :less_than_or_equal_to => Level::Very_High },
+            :presence => true
 
   def user_id
     decision ? decision.user_id : nil

diff --git a/app/models/level.rb b/app/models/level.rb
@@ -1,3 +1,6 @@
+# TODO: make separate levels for factor weight & rating level?
+# TODO MAYBE: make size adjustable per user preference?
+
 class Level
 
   # ruby has no enums :-(
@@ -34,13 +37,13 @@ def self.weightNames
   end
 
   @@BadNames = [
-    new(Very_Low , 'Very_Good'),
+    new(Very_Low , 'Very Good'),
     new(Low      , 'Good'),
-    new(Semi_Low , 'Semi_Good'),
+    new(Semi_Low , 'Semi Good'),
     new(Medium   , 'Medium'),
-    new(Semi_High, 'Semi_Bad'),
+    new(Semi_High, 'Semi Bad'),
     new(High     , 'Bad'),
-    new(Very_High, 'Very_Bad')
+    new(Very_High, 'Very Bad')
   ]
 
   @@GoodColors = [
@@ -54,23 +57,23 @@ def self.weightNames
   ]
 
   @@GoodNames = [
-    new(Very_Low , 'Very_Bad'),
+    new(Very_Low , 'Very Bad'),
     new(Low      , 'Bad'),
-    new(Semi_Low , 'Semi_Bad'),
+    new(Semi_Low , 'Semi Bad'),
     new(Medium   , 'Medium'),
-    new(Semi_High, 'Semi_Good'),
+    new(Semi_High, 'Semi Good'),
     new(High     , 'Good'),
-    new(Very_High, 'Very_Good')
+    new(Very_High, 'Very Good')
   ]
 
   @@WeightNames = [
-    new(Very_Low , 'Very_Low'),
+    new(Very_Low , 'Very Low'),
     new(Low      , 'Low'),
-    new(Semi_Low , 'Semi_Low'),
+    new(Semi_Low , 'Semi Low'),
     new(Medium   , 'Medium'),
-    new(Semi_High, 'Semi_High'),
+    new(Semi_High, 'Semi High'),
     new(High     , 'High'),
-    new(Very_High, 'Very_High')
+    new(Very_High, 'Very High')
   ]
 
 end
diff --git a/app/models/ranking.rb b/app/models/ranking.rb
@@ -1,6 +1,13 @@
 class Ranking < ActiveRecord::Base
 
   belongs_to :alternative
+  belongs_to :factor
+
+  # just in case -- "design for evil clients"
+  validates_presence_of :alternative
+  validates_presence_of :factor
+
+  attr_accessible :weight_id
 
   def user_id
     alternative.decision.user_id

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -2,7 +2,11 @@ class User < ActiveRecord::Base
 
   has_many :decisions, :dependent => :destroy
 
-  validates_presence_of :name, :realname
+  validates :name, :length => { :minimum => 2, :maximum => 50 },
+            :presence => true, :uniqueness => true
+
+  validates :username, :length => { :minimum => 2, :maximum => 20 },
+            :presence => true
 
   # Include default devise modules. Others available are:
   # :token_authenticatable, :encryptable, :confirmable,
@@ -11,6 +15,7 @@ class User < ActiveRecord::Base
          :recoverable, :rememberable, :trackable, :validatable
 
   # Setup accessible (or protected) attributes for your model
+  # TODO: can we protect username?
   attr_accessible :email, :password, :password_confirmation, :remember_me
   attr_accessible :username, :realname
 

diff --git a/app/views/alternatives/_form.html.erb b/app/views/alternatives/_form.html.erb
@@ -16,7 +16,7 @@
     <%= f.text_field :name %>
   </div>
 
-  <%= hidden_field(:alternative, :decision_id, value: @alternative.decision.id) %>
+  <%= hidden_field(:alternative, :decision_id, value: @decision_id) %>
 
   <div class="actions">
     <%= f.submit %>

diff --git a/app/views/alternatives/edit.html.erb b/app/views/alternatives/edit.html.erb
@@ -1,5 +1,3 @@
-<h1>Editing alternative</h1>
-
 <%= render 'form' %>
 
 <%= link_to 'Back to Decision', @alternative.decision %>
diff --git a/app/views/alternatives/new.html.erb b/app/views/alternatives/new.html.erb
@@ -1,5 +1,3 @@
-<h1>New alternative</h1>
-
 <%= render 'form' %>
 
 <%= link_to 'Back to Decision', @alternative.decision %>