Merge branch 'master' of git@github.com:Smudge/newstc

TODO_ben

@@ -0,0 +1,3 @@
+TODO
+
+test require_owner_or_dept_admin universally 

app/controllers/application_controller.rb

@@ -21,6 +21,7 @@ class ApplicationController < ActionController::Base
 
   $appconfig = AppConfig.first
 
+  # We should improve this page, probably on the actual template -ben
   def access_denied
     text = "Access denied"
     text += "<br>Maybe you want to <a href=\"#{login_path}\">try logging in with built-in authentication</a>?" if $appconfig.login_options.include?('built-in')
@@ -102,12 +103,8 @@ def load_user_session
     @user_session = UserSession.find
   end
 
-  def require_admin_of(obj)
-    redirect_to(access_denied_path) unless current_user.is_admin_of?(obj)
-  end
-
-  # these are the authorization before_filters to use under controllers
-  # these all return nil
+# These are the authorization before_filters to use under controllers
+# These all return nil
   def require_department_admin
     redirect_to(access_denied_path) unless current_user.is_admin_of?(current_department)
   end
@@ -124,6 +121,16 @@ def require_superuser
   end
 
 # These three methods all return true/false, so they can be tested to trigger return statements
+# Takes a department, location, or loc_group
+  def require_admin_of(thing)
+    unless current_user.is_admin_of?(thing)
+      flash[:error] = "You are not authorized to administer this #{thing.class.name.decamelize}"
+      redirect_to(access_denied_path) and return false
+    end
+    return true
+  end
+
+
 # Takes any object that has a user method and checks against current_user
   def require_owner(thing)
     unless current_user.is_owner_of?(thing)
@@ -144,7 +151,7 @@ def require_owner_or_dept_admin(thing, dept)
     return true
   end
 
-  # Takes a department; intended to be passed some_thing.department
+# Takes a department; intended to be passed some_thing.department
   def require_department_membership(dept)
     unless current_user.departments.include?(dept)
       flash[:error] = "You are not a member of the appropriate department."

app/controllers/data_entries_controller.rb

@@ -1,5 +1,5 @@
 class DataEntriesController < ApplicationController
-  #Not yet permission-locked!!!
+  #Not yet secured
 
   before_filter :check_for_data_object
 

app/controllers/data_fields_controller.rb

@@ -1,5 +1,4 @@
 class DataFieldsController < ApplicationController
-  # Hack to provide a consistent department within the data controller
   before_filter :require_department_admin
   before_filter :check_for_data_type
 

app/controllers/data_objects_controller.rb

@@ -1,38 +1,32 @@
 class DataObjectsController < ApplicationController
-  #User admin methods will need to be rewritten in move to other codebase
-  #Not yet permission-locked!!!
-
-  # not at all sure what's going on here anymore, will ask ryan about it -ben
+
+# Needs views revised for non-ajax degradeability -ben
   def index   
-    @data_objects = get_allowed_data_objects
+    @data_objects = @department.data_objects
     @group_type_options = options_for_group_type
     @group_by_options = []
-    # if params[:view_options]
-    #   @selected_type = params[:view_options][:group_type]
-    #   if params[:view_options][:group_by]
-    #     unless (@selected_by = params[:view_options][:group_by]).blank?
-    #       @data_objects = @selected_type.classify.constantize.find(@selected_by).data_objects
-    #     end
-    #   end
-    #   @group_by_options = options_for_group_by(@selected_type)
-    # end
-    if params[:group_by]
-      @selected_type = params[:group_by]
-      if params[:group_by] == "data_types"
-        @types_objects_hash = @data_objects.group_by(&:data_type)
-      elsif params[:group_by] == "locations"
-        @types_objects_hash = @data_objects.group_by{|object| object.locations[0]}
-      elsif params[:group_by] == "loc_groups"
-        @types_objects_hash = @data_objects.group_by(&:data_type)
+    @selected_type = ["Department", "departments"]
+    if params[:group_type]
+      @group_by_options = options_for_group_by(params[:group_type])
+      if params[:group_by] && !params[:group_by].blank?
+        @data_objects &= params[:group_type].classify.constantize.find(params[:group_by]).data_objects
+        @selected_by = @group_by_options.select{|opt| opt.include? params[:group_by].to_i}.flatten
+      else 
+        @selected_by = @group_by_options.first
       end
-    else #default
-      @types_objects_hash = @data_objects.group_by &:data_type
+      @selected_type = @group_type_options.select{|a|a.include? params[:group_type]}.flatten
+    end
+    @types_objects_hash = @data_objects.group_by &:data_type
+    respond_to do |format|
+      format.html
+      format.js
     end
   end
-
+  
 # This needs its views rewritten to enable viewing a subset of all entries -ben  
   def show
     @data_object = DataObject.find(params[:id])   
+    require_department_membership(@data_object.department)
     @data_fields = @data_object.data_type.data_fields
     @data_entries = @data_object.data_entries
   end
@@ -46,6 +40,7 @@ def new
   def create
     @data_object = DataObject.new(params[:data_object])
     @data_object.data_type_id = params[:data_type_id] if params[:data_type_id]
+    check_data_object_admin_permission(@data_object)    
     if @data_object.save
       flash[:notice] = "Successfully created data object."
       redirect_to (params[:add_another] ? new_data_type_data_object_path(@data_object.data_type) : data_objects_path)
@@ -58,10 +53,12 @@ def create
   def edit
     @data_object = DataObject.find(params[:id])
     @locations_select = current_user.loc_groups_to_admin(@department).map{|lg| lg.locations}.flatten
+    check_data_object_admin_permission(@data_object)    
   end
 
   def update
     @data_object = DataObject.find(params[:id])
+    check_data_object_admin_permission(@data_object)    
     if @data_object.update_attributes(params[:data_object])
       flash[:notice] = "Successfully updated data object."
       redirect_to @data_object
@@ -72,6 +69,7 @@ def update
 
   def destroy
     @data_object = DataObject.find(params[:id])
+    check_data_object_admin_permission(@data_object)    
     @data_type = @data_object.data_type
     @data_object.destroy
     flash[:notice] = "Successfully destroyed data object."
@@ -80,37 +78,45 @@ def destroy
 
 private
 
-#   Returns all the data objects that the user is permitted to administer
-  def get_allowed_data_objects
-    return @department.data_objects if current_user.is_admin_of?(@department)
-    unless (@loc_groups = current_user.loc_groups_to_admin(@department)).empty?
-      @loc_groups.map{|lg| DataObject.by_location_group(lg)}.flatten    
-    else
-      flash[:error] = "You do not have the permissions necessary to view any
-                      data objects."
-      redirect_to access_denied_path
-    end
-  end
+# Currently not in use -ben
+# Returns all the data objects that the user is permitted to administer
+# other methods should grab these objects, and narrow them down
+#  def get_allowed_data_objects
+#    return @department.data_objects if current_user.is_admin_of?(@department)
+#    unless (@loc_groups = current_user.loc_groups_to_admin(@department)).empty?
+#      @loc_groups.map{|lg| DataObject.by_location_group(lg)}.flatten    
+#    else
+#      flash[:error] = "You do not have the permissions necessary to view any
+#                      data objects."
+#      redirect_to access_denied_path
+#    end
+#  end
 
+  #These three options should probably be refactored into helper methods -ben
   def options_for_group_type
     options = [["Location","locations"],["Location Group","loc_groups"]]
     if current_user.is_admin_of?(@department)
-      options.push(["Data type", "data_types"], ["Department", "departments"])
+      options.push(["Data type", "data_types"], ["Department", "departments"]).sort
     end
   end 
-
+
+  #These three options should probably be refactored into helper methods -ben
   def options_for_group_by(group_type)
     return [] if group_type == "departments"
     @options = @department.send(group_type)
-    if group_type == "locations" || group_type == "loc_groups" 
-      @options.delete_if{|opt| !current_user.is_admin_of?(opt)}
-    end
-    @options.map{|t| [t.name, t.id]} << []
+    @options.map{|t| [t.name, t.id]}.sort
   end
 
+  #These three options should probably be refactored into helper methods -ben
   def options_for_location_select
     current_user.loc_groups_to_admin(@department).map{|lg| lg.locations}.flatten
   end
 
+  def check_data_object_admin_permission(obj)
+    if (current_user.loc_groups_to_admin(@department).map{|lg| lg.locations}.flatten & obj.locations).empty?
+      flash[:notice] = "You do not have permission to administer this data object"
+      redirect_to access_denied_path
+    end
+  end
 
 end

app/controllers/time_slots_controller.rb

@@ -4,7 +4,17 @@ class TimeSlotsController < ApplicationController
 
   def index
     @time_slots = TimeSlot.all
-    @period_start = params[:date].blank? ? Date.parse("last Sunday") : Date.parse(params[:date])
+    @period_start = params[:date] ? Date.parse(params[:date])+1.day : Date.today
+
+    #TODO:simplify this stuff:
+    @dept_start_hour = 9.0
+    @dept_end_hour = 17.0
+    @hours_per_day = (@dept_end_hour - @dept_start_hour)
+    @dept_start_minute = @dept_start_hour * 60
+    @dept_end_minute = @dept_end_hour * 60
+    @block_length = 15.0
+    @blocks_per_hour = 60.0/@block_length
+    @blocks_per_day = @hours_per_day * @blocks_per_hour
   end
 
   def show

app/helpers/time_slots_helper.rb

@@ -1,2 +1,18 @@
 module TimeSlotsHelper
+
+  def time_slot_style(time_slot)
+    left = ((time_slot.start - (time_slot.start.at_beginning_of_day + @dept_start_hour.hours))/3600.0)/@hours_per_day*100
+    width = (time_slot.duration/3600.0) / @hours_per_day * 100
+    if left < 0 
+      width -= left
+      left = 0 
+    elsif left < 0 
+      left=0
+      width=100/@hours_per_day
+    end
+    if left + width > 100
+      width -= (left+width)-100
+    end
+    "width: #{width}%; left: #{left}%;"
+  end
 end

app/models/data_object.rb

@@ -2,16 +2,12 @@ class DataObject < ActiveRecord::Base
   belongs_to :data_type
   has_many :data_entries, :dependent => :destroy
   has_and_belongs_to_many :locations
-  delegate :location, :to => :data_entries
+  delegate :location, :to => :data_entries      # What does this do? I wouldn't think it would work. -ben
+  delegate :department, :to => :data_type
   validates_presence_of   :name
   validates_presence_of   :data_type_id 
   validates_presence_of   :locations
   validates_uniqueness_of :name, :scope => :data_type_id
-
-#  GROUP_TYPE_OPTIONS = {"Data type"     =>  "data_types",
-#                      "Location"        =>  "locations",
-#                      "Location Group"  =>  "loc_groups",
-#                      "Department"      =>  "departments"}
 
   def self.by_location_group(loc_group)
     loc_group.locations.map{|loc| loc.data_objects}.flatten.compact

app/views/data_fields/_form.html.erb

@@ -3,6 +3,7 @@
   <%= render :partial => "data_types/summary", :locals => {:data_type => DataType.find(params[:data_type_id])} %>
 </div>
 <div style="width: 60%; float:left">
+  <%= javascript_include_tag 'data_field_input'%>
   <% form_for (params[:id] ? [DataType.find(params[:data_type_id]), @data_field] : [:data_type, @data_field]) do |f| %>
     <%= f.error_messages %>
     <p>
@@ -11,29 +12,20 @@
     </p>
     <p>
       <%= f.label :display_type %><br />
-      <%= f.select :display_type, options=(DataField::DISPLAY_TYPE_OPTIONS), {},
-                   :onchange => "//$(this).parent().parent().find('.value_fields').toggle()" %><br/>
+      <%= f.select :display_type, options=(DataField::DISPLAY_TYPE_OPTIONS), {}, :class => "display_type",
+          :onchange => "$(this).parent().parent().find('.value_field').html(description($(this).find(':selected').val()))" %><br/>   
     </p>
-
-    <script type="text/javascript">
-      // $(document).ready ( function () {
-      //   $(this).find('.value_fields').toggle();    
-      // });
-    </script>
-
-    <div class="value_fields">
-      <p>
+    <p>
+      <div class="value_field">
         <%= f.label :values %><br />
-        <%= f.select :values, options=(DataField::DISPLAY_TYPE_OPTIONS) %>
-        <em><small>For text field display types, values 
-          should be either "integer", "decimal", or "text"<br>
-          For a list of options, entries should be comma-separated</small></em>
-      </p>
-    </div>
+        <%= f.text_field :values %><br />
+        <em><small>Value should be either 'integer', 'decimal', or 'text'</small></em>
+      </div>
+    </p>
     <p>
       <%= f.submit "Save and add another field", :name => "add_another" %>
       <%= f.submit "Save and finish", :name => "submit" %>
     </p>
   <% end %>
 </div>
-<div style="clear:both"></div>
+<div style="clear:both"></div>

app/views/data_objects/_data_objects.html.erb

@@ -0,0 +1,3 @@
+  <div id="data_objects">
+  <%= render(:partial => "data_objects_table" , :collection => @types_objects_hash) %>
+  </div>

app/views/data_objects/_data_objects_form_observer.html.erb

@@ -0,0 +1,6 @@
+<div id="data_objects_form_observer", style="display:none">
+  <%= observe_form('view_options',
+      :url => { :action => :index},
+      :method => :get,
+      :on => "change") %>
+</div>

app/views/data_objects/_data_objects_table.html.erb

@@ -1,6 +1,6 @@
 <div>
   <h2><%= link_to data_objects_table.first.name.pluralize, data_objects_table.first %></h2>
-  <table class="data_table sortable">
+  <table id=<%= "data_objects_table_#{data_objects_table.first.id}" %> class="data_table">
     <thead>
       <tr>
         <th>Name</th>
@@ -25,4 +25,6 @@
     <% end %>
     </tbody>
   </table>
-</div>
+</div>
+
+<script type="text/javascript">sorttable.makeSortable(document.getElementById('<%= "data_objects_table_#{data_objects_table.first.id}" %>')); $('#<%= "data_objects_table_#{data_objects_table.first.id}" %>').addClass("sortable_style");</script>

app/views/data_objects/_group_by.html.erb

@@ -0,0 +1,9 @@
+
+  <%= select_tag "view_options[group_by]", options_for_select(@group_by_options, @selected_by) %>
+  <%= observe_field('view_options_group_by',
+      :url => { :controller => :data_objects,
+                :action => :index, 
+                :layout => false},
+      :method => :get,     
+      :with => "'group_by=' + escape(value) + '&group_type=' + \'#{@selected_type.second}\'",    
+      :on => "change") %>