Permalink
Browse files

changed views to haml, added loads of features, updated readme

  • Loading branch information...
1 parent 0de70a9 commit 54836afab090c7e8b24f303ab00e3e668b3316bb Max committed Apr 8, 2009
Showing with 259 additions and 44 deletions.
  1. +1 −1 .gitignore
  2. +6 −2 Manifest
  3. +1 −1 Rakefile
  4. +11 −0 TODO
  5. +10 −1 lib/models/user.rb
  6. +102 −21 lib/sinatra-authentication.rb
  7. +21 −0 lib/views/edit.haml
  8. +19 −0 lib/views/index.haml
  9. +0 −9 lib/views/login.erb
  10. +10 −0 lib/views/login.haml
  11. +5 −0 lib/views/show.haml
  12. +0 −6 lib/views/signup.erb
  13. +13 −0 lib/views/signup.haml
  14. +60 −3 readme.rdoc
View
@@ -1 +1 @@
-db/
+pkg/
View
@@ -1,8 +1,12 @@
lib/models/user.rb
-lib/views/signup.erb
-lib/views/login.erb
+lib/views/signup.haml
+lib/views/edit.haml
+lib/views/login.haml
+lib/views/index.haml
+lib/views/show.haml
lib/sinatra-authentication.rb
History.txt
Rakefile
readme.rdoc
+TODO
Manifest
View
@@ -8,7 +8,7 @@ Echoe.new('sinatra-authentication', '0.0.1') do |p|
p.author = "Max Justus Spransy"
p.email = "maxjustus@gmail.com"
p.ignore_pattern = []
- p.development_dependencies = []
+ p.development_dependencies = ["sinatra", "dm-core", "dm-timestamps", "dm-validations"]
end
View
@@ -0,0 +1,11 @@
+TODO:
+ - write rake task which creates first admin user
+ after writing this, change the User.permission_level default value to 0
+
+ implement some way to allow for the creation of users with different
+ permission levels in an untamperable manner. Perhaps with some secret key
+ that must be sent in the form
+ - look at other permissions systems for some feature ideas
+ - ?implement a session store which isn't cookie based
+ - turn on sessions unless they're already on
+ - randomize the session key on every installation
View
@@ -8,8 +8,10 @@ class User
property :hashed_password, String
property :salt, String, :protected => true, :nullable => false
property :created_at, DateTime
+ property :permission_level, Integer, :default => -1
- validates_present :password_confirmation
+ validates_present :password_confirmation, :unless => Proc.new { |t| t.hashed_password }
+ validates_present :password, :unless => Proc.new { |t| t.hashed_password }
validates_is_confirmed :password
def self.authenticate(email, pass)
@@ -25,6 +27,9 @@ def password=(pass)
self.hashed_password = User.encrypt(@password, self.salt)
end
+ def admin?
+ self.permission_level == -1
+ end
protected
def self.encrypt(pass, salt)
@@ -38,4 +43,8 @@ def self.random_string(len)
1.upto(len) { |i| newpass << chars[rand(chars.size-1)] }
return newpass
end
+
+ def method_missing(m, *args)
+ return false
+ end
end
@@ -16,22 +16,35 @@ def self.registered(app)
#PROBLEM
#sinatra 9.1.1 doesn't have multiple view capability anywhere
#so to get around I have to do it totally manually by
- #loading the view into a string and rendering it
+ #loading the view from this path into a string and rendering it
set :lil_authentication_view_path, Pathname(__FILE__).dirname.expand_path + "views/"
- use Rack::Session::Cookie, :secret => 'A1 sauce 1s so good you should use 1t on a11 yr st34ksssss'
-
#TODO write captain sinatra developer man and inform him that the documentation
- #conserning the writing of extensions is somewhat outdaded/incorrect
+ #conserning the writing of extensions is somewhat outdaded/incorrect.
#you do not need to to do self.get/self.post when writing an extension
#In fact, it doesn't work. You have to use the plain old sinatra DSL
get '/users' do
- login_required
@users = User.all
- erb "<% @users.each { |user| %>hi <%= user.email %> <br /> <% }%>"
+ if @users != []
+ haml get_view_as_string("index.haml"), :layout => use_layout?
+ else
+ redirect '/signup'
+ end
end
+ get '/users/:id' do
+ login_required
+
+ #INVESTIGATE
+ #
+ #WHY THE HECK WON'T GET RETURN ANYTHING?
+ #if I user User.get(params[:id]) it returns nil for some inexplicable reason
+ @user = User.first(:id => params[:id])
+ haml get_view_as_string("show.haml"), :layout => use_layout?
+ end
+
+ #convenience for ajax but maybe entirely stupid and unnecesary
get '/logged_in' do
if session[:user]
"true"
@@ -41,7 +54,7 @@ def self.registered(app)
end
get '/login' do
- erb get_view_as_string("login.erb")
+ haml get_view_as_string("login.haml"), :layout => use_layout?
end
post '/login' do
@@ -60,11 +73,11 @@ def self.registered(app)
end
get '/signup' do
- erb get_view_as_string("signup.erb")
+ haml get_view_as_string("signup.haml"), :layout => use_layout?
end
post '/signup' do
- @user = User.new(:email => params[:email], :password => params[:password], :password_confirmation => params[:password_confirmation])
+ @user = User.new(params[:user])
if @user.save
session[:user] = @user.id
redirect '/'
@@ -74,9 +87,38 @@ def self.registered(app)
end
end
- get '/user/:id/delete' do
- user = User.first(params[:id])
- user.delete
+ get '/users/:id/edit' do
+ login_required
+ redirect "/users" unless current_user.admin? || current_user == params[:id]
+
+ @user = User.first(:id => params[:id])
+ haml get_view_as_string("edit.haml"), :layout => use_layout?
+ end
+
+ post '/users/:id/edit' do
+ login_required
+ redirect "/users" unless current_user.admin? || current_user == params[:id]
+
+ user = User.first(:id => params[:id])
+ user_attributes = params[:user]
+ if params[:user][:password] == ""
+ user_attributes.delete("password")
+ user_attributes.delete("password_confirmation")
+ end
+
+ if user.update_attributes(user_attributes)
+ redirect "/users/#{user.id}"
+ else
+ throw user.errors
+ end
+ end
+
+ get '/users/:id/delete' do
+ login_required
+ redirect "/users" unless current_user.admin? || current_user == params[:id]
+
+ user = User.first(:id => params[:id])
+ user.destroy
session[:flash] = "way to go, you deleted a user"
redirect '/'
end
@@ -97,19 +139,24 @@ def login_required
end
def current_user
- User.first(session[:user])
- end
-
- def redirect_to_stored
- if return_to = session[:return_to]
- session[:return_to] = nil
- redirect return_to
+ # TODO
+ # considering returning a user like object with a permission method if not logged in
+ if session[:user]
+ User.first(:id => session[:user])
else
- redirect '/'
+ GuestUser.new
end
end
- #BECAUSE sinatra 9.1.1 can't load views from different paths
+ def logged_in?
+ !!session[:user]
+ end
+
+ def use_layout?
+ !request.xhr?
+ end
+
+ #BECAUSE sinatra 9.1.1 can't load views from different paths properly
def get_view_as_string(filename)
view = options.lil_authentication_view_path + filename
data = ""
@@ -119,7 +166,41 @@ def get_view_as_string(filename)
end
return data
end
+
+ def render_login_logout(html_options = {:class => ""})
+ css_classes = html_options.delete(:class)
+ parameters = ''
+ html_options.each_pair do |attribute, value|
+ parameters += "#{attribute}=\"#{value}\" "
+ end
+
+ result = "<div id='sinatra-authentication-login-logout' >"
+ if logged_in?
+ result += "<a href='/logout' class='#{css_classes} sinatra-authentication-logout' #{parameters}>logout</a> "
+ result += "<a href='/users/#{current_user.id}/edit' class='#{css_classes} sinatra-authentication-edit' #{parameters}>edit account</a>"
+ else
+ result += "<a href='/login' class='#{link_class} sinatra-authentication-login' #{parameters}>login</a> <a href='/signup' class='#{link_class} sinatra-authentication-signup' #{parameters}>signup</a>"
+ end
+
+ result += "</div>"
+ end
end
register LilAuthentication
end
+
+class GuestUser
+ def guest?
+ true
+ end
+
+ def permission_level
+ 0
+ end
+
+ # current_user.admin? returns false. current_user.has_a_baby? returns false.
+ # (which is a bit of an assumption I suppose)
+ def method_missing(m, *args)
+ return false
+ end
+end
View
@@ -0,0 +1,21 @@
+#sinatra_authentication
+ %h1
+ Editing
+ = @user.email
+ %form{:action => "/users/#{@user.id}/edit", :method => "post"}
+ %input{ :id => "user_password", :name => "user[password]", :size => 30, :type => "password" }
+ new password
+ %br
+ %input{ :id => "user_password_confirmation", :name => "user[password_confirmation]", :size => 30, :type => "password" }
+ confirm
+ -# don't render permission field if admin and editing yourself so you don't shoot yourself in the foot
+ - if current_user.admin? && current_user.id != @user.id
+ %br
+ %select{ :id => "permission_level", :name => "user[permission_level]" }
+ %option{:value => -1}
+ admin
+ %option{:value => 1}
+ authenticated user
+ permission level
+ %br
+ %input{ :value => "update", :type => "submit" }
View
@@ -0,0 +1,19 @@
+#sinatra_authentication
+ %h1 Users
+ %table
+ %tr
+ %th email
+ - if current_user.admin?
+ %th permission level
+ - @users.each do |user|
+ %tr
+ %td= user.email
+ - if current_user.admin?
+ %td= user.permission_level
+ %td
+ %a{:href => "/users/#{user.id}"} show
+ - if current_user.admin?
+ %td
+ %a{:href => "/users/#{user.id}/edit"} edit
+ %td
+ %a{:href => "/users/#{user.id}/delete", :onclick => "return confirm('you sure?')"} delete
View
@@ -1,9 +0,0 @@
-<form action="/login" method="post">
- <input id="user_email" name="email" size=30 type="text" />
- email
- <br />
- <br />
- <input id="user_password" name="password" size=30 type="password" />
- password<br />
- <input value="login" type="submit" />
-</form>
View
@@ -0,0 +1,10 @@
+#sinatra_authentication
+ %h1 Login
+ %form{:action => "/login", :method => "post"}
+ %input{:id => "user_email", :name => "email", :size => 30, :type => "text"}
+ email
+ %br
+ %input{:id => "user_password", :name => "password", :size => 30, :type => "password"}
+ password
+ %br
+ %input{:value => "login", :type => "submit"}
View
@@ -0,0 +1,5 @@
+#sinatra_authentication
+ %h1= @user.email
+ - if current_user.admin?
+ %h2 permission level
+ = @user.permission_level
@@ -1,6 +0,0 @@
-<form action="/signup" method="post">
- email: <input id="user_email" name="email" size=30 type="text" /><br />
- password: <input id="user_password" name="password" size=30 type="password" /> <br />
- confirm: <input id="user_password_confirmation" name="password_confirmation" size=30 type="password" /> <br />
- <input value="sign up" type="submit" />
-</form>
View
@@ -0,0 +1,13 @@
+#sinatra_authentication
+ %h1 Signup
+ %form{:action => "/signup", :method => "post"}
+ %input{ :id => "user_email", :name => "user[email]", :size => 30, :type => "text" }
+ email
+ %br
+ %input{ :id => "user_password", :name => "user[password]", :size => 30, :type => "password" }
+ password
+ %br
+ %input{ :id => "user_password_confirmation", :name => "user[password_confirmation]", :size => 30, :type => "password" }
+ confirm
+ %br
+ %input{ :value => "sign up", :type => "submit" }
Oops, something went wrong.

0 comments on commit 54836af

Please sign in to comment.