added basic user management

VERSION

@@ -1 +1 @@
-0.5.1
+0.5.2

web/Gemfile

@@ -28,6 +28,7 @@ gem 'sidekiq'
 gem 'sinatra', :require => nil
 gem 'whenever'
 gem 'redis-namespace'
+gem "rolify"
 
 # Use jquery as the JavaScript library
 gem 'jquery-rails'

web/Gemfile.lock

@@ -168,6 +168,7 @@ GEM
     ref (2.0.0)
     responders (2.1.0)
       railties (>= 4.2.0, < 5)
+    rolify (5.0.0)
     rspec-core (3.3.2)
       rspec-support (~> 3.3.0)
     rspec-expectations (3.3.1)
@@ -261,6 +262,7 @@ DEPENDENCIES
   rails (= 4.2.4)
   react-rails (~> 1.5.0)
   redis-namespace
+  rolify
   rspec-rails (~> 3.0)
   sass-rails (~> 5.0)
   sdoc (~> 0.4.0)

web/app/assets/javascripts/system/user.coffee

@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/

web/app/assets/stylesheets/system/user.scss

@@ -0,0 +1,3 @@
+// Place all the styles related to the System/User controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/

web/app/controllers/application_controller.rb

@@ -3,12 +3,36 @@ class ApplicationController < ActionController::Base
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
   before_action :set_websocket_host
-  
+
   def set_websocket_host
     if ENV['RAILS_CABLE_IP'].blank?
       @RAILS_CABLE_IP = "127.0.0.1"
     else
       @RAILS_CABLE_IP = ENV['RAILS_CABLE_IP']
     end
   end
+
+  def filter_needs_admin_role
+    if !current_user || !current_user.has_role?(:admin)
+      redirect_to "/"
+      return
+    end
+  end
+
+  def filter_needs_race_director_role
+    if !current_user
+      redirect_to "/"
+      return
+    end
+
+    if !current_user.has_role?(:admin)
+      redirect_to "/"
+      return
+    end
+
+    if !current_user.has_role?(:race_director)
+      redirect_to "/"
+      return
+    end
+  end
 end

web/app/controllers/history_controller.rb

@@ -1,5 +1,5 @@
 class HistoryController < ApplicationController
-  before_action :authenticate_user!, only: [:delete]
+  before_action :filter_needs_admin_role, only: [:delete]
 
   def index
     @race_sessions = RaceSession.where(active: false).order("id DESC")

web/app/controllers/race_director_controller.rb

@@ -1,5 +1,5 @@
 class RaceDirectorController < ApplicationController
-  before_action :authenticate_user!
+  before_action :filter_needs_race_director_role
 
   def index
     @race_session_prototype = RaceSession.new

web/app/controllers/system/user_controller.rb

@@ -0,0 +1,71 @@
+class System::UserController < ApplicationController
+  before_action :filter_needs_admin_role
+
+  def index
+    @users = User.all
+  end
+
+  def edit
+    @user = User.find(params[:id])
+  end
+
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(strong_params_user)
+
+    if !@user.save
+      flash['error'] = @user.errors.full_messages
+      render action: 'new'
+    else
+      redirect_to action: 'edit', id: @user.id
+    end
+  end
+
+  def update
+    @user = User.find(params[:id])
+
+    Role.all.each do |role|
+      if params[:role][role.id.to_s].to_i == 1
+        @user.add_role(role.name)
+      else
+        @user.remove_role(role.name)
+      end
+    end
+
+    # ensure that the first user is always admin!!!
+    if @user.id == 1
+      @user.add_role(:admin)
+    end
+
+    if !params[:user][:password].blank?
+      @user.password = params[:user][:password]
+      @user.password_confirmation = params[:user][:password_confirmation]
+    end
+
+    if !@user.save
+      flash['error'] = @user.errors.full_messages
+      render action: 'edit'
+    else
+
+      redirect_to action: :index
+    end
+  end
+
+  def destroy
+    @user = User.find(params[:id])
+
+    if @user.id != 1
+      @user.destroy
+    end
+    redirect_to action: 'index'
+  end
+
+  private
+
+  def strong_params_user
+    params.require(:user).permit(:email,:password,:password_confirmation)
+  end
+end

web/app/controllers/system_controller.rb

@@ -1,5 +1,5 @@
 class SystemController < ApplicationController
-  before_action :authenticate_user!
+  before_action :filter_needs_admin_role
   before_action :get_style_settings
 
   def index

web/app/helpers/system/user_helper.rb

@@ -0,0 +1,2 @@
+module System::UserHelper
+end

web/app/models/role.rb

@@ -0,0 +1,10 @@
+class Role < ActiveRecord::Base
+  has_and_belongs_to_many :users, :join_table => :users_roles
+  belongs_to :resource, :polymorphic => true
+
+  validates :resource_type,
+            :inclusion => { :in => Rolify.resource_types },
+            :allow_nil => true
+
+  scopify
+end

web/app/models/user.rb

@@ -1,4 +1,5 @@
 class User < ActiveRecord::Base
+  rolify
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable

web/app/views/devise/registrations/new.html.erb

@@ -1,24 +1 @@
-<%= bootstrap_devise_error_messages! %>
-<div class="panel panel-default">
-  <div class="panel-heading">
-    <h4><%= t('.sign_up', :default => "Sign up") %></h4>
-  </div>
-  <div class="panel-body">
-    <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), html: { role: "form" }) do |f| %>
-      <div class="form-group">
-        <%= f.label :email %>
-        <%= f.email_field :email, autofocus: true, class: "form-control" %>
-      </div>
-      <div class="form-group">
-        <%= f.label :password %><br />
-        <%= f.password_field :password, class: "form-control" %>
-      </div>
-      <div class="form-group">
-        <%= f.label :password_confirmation %>
-        <%= f.password_field :password_confirmation, class: "form-control" %>
-      </div>
-      <%= f.submit t('.sign_up', :default => "Sign up"), class: "btn btn-primary" %>
-    <% end %>
-  </div>
-</div>
-<%= render "devise/shared/links" %>
+

web/app/views/devise/sessions/new.html.erb

@@ -14,7 +14,7 @@
       </div>
       <% if devise_mapping.rememberable? %>
         <div class="checkbox">
-          <label>  
+          <label>
           <%= f.check_box :remember_me %>
           <%= t('.remember_me', :default => "Remember me") %>
           </label>
@@ -24,4 +24,3 @@
     <% end %>
   </div>
 </div>
-<%= render "devise/shared/links" %>

web/app/views/history/index.html.haml

@@ -45,7 +45,7 @@
             %strong
               = formated_lap_time(session.average_lap_time)
           %td
-            - if current_user
+            - if current_user && current_user.has_role?(:admin)
               = link_to('Delete',url_for(action: 'delete', id: session.id),{method: 'DELETE', class: 'btn btn-warning', "data-confirm" => 'Are you sure?'})
             -#= link_to('XLSX Export',url_for(action: 'export_to_xlsx', id: session.id),{class: 'btn btn-success'})
             = link_to('PDF Export',url_for(action: 'pdf', id: session.id, format: :pdf),{class: 'btn btn-default btn-primary'})

web/app/views/layouts/application.html.haml

@@ -23,25 +23,37 @@
             EasyRaceLapTimer
         #navbar.collapse.navbar-collapse
           %ul.nav.navbar-nav.navbar-right
-            %li
-              =link_to('Race Director',{action: 'index',controller: '/race_director'})
-            %li.dropdown
-              %a{href:"#", class:"dropdown-toggle", "data-toggle"=>"dropdown", role:"button", "aria-haspopup"=>"true", "aria-expanded"=>"false"}
-                Configuration
-                %span.caret
-              %ul.dropdown-menu
-                %li
-                  =link_to('System',{action: 'index',controller: '/system'})
-                %li
-                  =link_to('Pilots',{action: 'index',controller: '/system/pilot'})
-                %li
-                  =link_to('Soundeffects',{action: 'index',controller: '/system/soundfile'})
+            - if current_user && (current_user.has_role?(:admin) || current_user.has_role?(:race_director))
+              %li
+                =link_to('Race Director',{action: 'index',controller: '/race_director'})
+            - if current_user && current_user.has_role?(:admin)
+              %li.dropdown
+                %a{href:"#", class:"dropdown-toggle", "data-toggle"=>"dropdown", role:"button", "aria-haspopup"=>"true", "aria-expanded"=>"false"}
+                  Configuration
+                  %span.caret
+                %ul.dropdown-menu
+                  %li
+                    =link_to('System',{action: 'index',controller: '/system'})
+                  %li
+                    =link_to('Users',{action: 'index',controller: '/system/user'})
+                  %li
+                    =link_to('Pilots',{action: 'index',controller: '/system/pilot'})
+                  %li
+                    =link_to('Soundeffects',{action: 'index',controller: '/system/soundfile'})
             %li
               =link_to('Monitor',{action: 'index',controller: '/monitor'})
             %li
               =link_to('Pilots',{action: 'index',controller: '/pilots'})
             %li
               =link_to('History',{action: 'index',controller: '/history'})
+            - if current_user
+              %li
+                = link_to(main_app.destroy_user_session_path, {:method => :delete}) do
+                  Log Out
+            - else
+              %li
+                = link_to(main_app.new_user_session_path) do
+                  Login
             %li
               %a{href:"#"}
                 Version

web/app/views/system/user/edit.html.haml

@@ -0,0 +1,24 @@
+%h1
+  Edit User
+
+
+= form_for(@user,url: {action: :update, id: @user.id}, :html => { :method => :put }) do |f|
+  .form-group
+    = f.label :email
+    = f.email_field :email, autofocus: true, class: "form-control"
+
+  .form-group
+    = f.label :password
+    = f.password_field :password, :autocomplete => "off", class: "form-control"
+
+  .form-group
+    = f.label :password_confirmation
+    = f.password_field :password_confirmation, class: "form-control"
+
+  .form-group
+    Roles:
+    - Role.all.each do |role|
+      = check_box("role", role.id, checked: @user.has_role?(role.name))
+      = role.name
+
+  = f.submit

web/app/views/system/user/index.html.haml

@@ -0,0 +1,20 @@
+%h1
+  Accounts
+
+= link_to 'Add User',{action: 'new'},{class: 'btn btn-primary'}
+
+%table.table.table-bordered
+  %thead
+  %tbody
+    - @users.each do |u|
+      %tr
+        %td
+          = u.id
+        %td
+          = u.email
+        %td
+          - u.roles.each do |r|
+            = r.name
+        %td
+          = link_to('edit',{action: 'edit', id: u.id},{class: 'btn btn-primary'})
+          = link_to('delete',{action: 'destroy', id: u.id},{class: 'btn btn-warning', method: :delete,data: {confirm:'Are you sure?'}})

web/app/views/system/user/new.html.haml

@@ -0,0 +1,18 @@
+%h1
+  New User
+
+
+= form_for(@user,url: {action: :create }, :html => { :method => :post }) do |f|
+  .form-group
+    = f.label :email
+    = f.email_field :email, autofocus: true, class: "form-control"
+
+  .form-group
+    = f.label :password
+    = f.password_field :password, :autocomplete => "off", class: "form-control"
+
+  .form-group
+    = f.label :password_confirmation
+    = f.password_field :password_confirmation, class: "form-control"
+
+  = f.submit

web/config/initializers/rolify.rb

@@ -0,0 +1,7 @@
+Rolify.configure do |config|
+  # By default ORM adapter is ActiveRecord. uncomment to use mongoid
+  # config.use_mongoid
+
+  # Dynamic shortcuts for User class (user.is_admin? like methods). Default is: false
+  # config.use_dynamic_shortcuts
+end

web/config/routes.rb

@@ -11,7 +11,7 @@
   get 'race_director/lap_times' => 'race_director#lap_times'
   get 'race_director/invalidate_lap' => 'race_director#invalidate_lap'
   get 'race_director/undo_invalidate_lap' => 'race_director#undo_invalidate_lap'
-  
+
   # You can have the root of your site routed with "root"
   get 'system' => 'system#index'
   get '/system/pilot' => 'system/pilot#index'
@@ -23,6 +23,13 @@
   post '/system/set_config_val/:id' => 'system#set_config_val'
   get '/system/shutdown' => 'system#shutdown'
 
+  get '/system/user' => 'system/user#index'
+  get '/system/user/new' => 'system/user#new'
+  post '/system/user/create' => 'system/user#create'
+  get '/system/user/:id' => 'system/user#edit'
+  delete '/system/user/delete/:id' => 'system/user#destroy'
+  put '/system/update/:id' => 'system/user#update'
+
   get 'system/soundfile' => 'system/soundfile#index'
   patch 'system/soundfile/:id' => 'system/soundfile#update'
   get 'system/soundfile/clear/:id' => 'system/soundfile#clear'