alchemy_cms 2.5.0.b9 → 2.5.0.rc3

data/app/controllers/alchemy/admin/base_controller.rb

@@ -30,7 +30,8 @@ module Alchemy
 
       # Displays an error notice in the Alchemy backend.
       def show_error_notice(e)
-        @notice = "Error: #{e.message[0..99]}"
+        # truncate the message, because very long error messages (i.e from mysql2) causes cookie oveflow errors
+        @notice = "Error: #{e.message[0..255]}"
         @trace = e.backtrace
         if request.xhr?
           render :action => "error_notice", :layout => false
@@ -127,7 +128,7 @@ module Alchemy
       def per_page_value_for_screen_size
         return 25 if session[:screen_size].blank?
         screen_height = session[:screen_size].split('x').last.to_i
-        (screen_height / 30) - 12
+        (screen_height / 30) - 10
       end
 
     end

data/app/controllers/alchemy/admin/dashboard_controller.rb

@@ -8,7 +8,7 @@ module Alchemy
         @last_edited_pages = Page.all_last_edited_from(current_user)
         @locked_pages = Page.all_locked
         @online_users = User.logged_in.to_a - [current_user]
-        @first_time = current_user.login_count == 1 && current_user.last_login_at.nil?
+        @first_time = current_user.sign_in_count == 1 && current_user.last_sign_in_at.nil?
       end
 
     end

data/app/controllers/alchemy/admin/pictures_controller.rb

@@ -157,7 +157,7 @@ module Alchemy
         when 'large'
           per_page = in_overlay? ? 4 : (per_page_value_for_screen_size / 1.7).floor + 1
         else
-          per_page = in_overlay? ? 9 : (per_page_value_for_screen_size / 1.0).ceil + 1
+          per_page = in_overlay? ? 9 : (per_page_value_for_screen_size / 1.0).ceil + 4
         end
         return per_page
       end

data/app/controllers/alchemy/admin/users_controller.rb

@@ -50,8 +50,14 @@ module Alchemy
       def update
         # User is fetched via before filter
         params[:user].delete(:role) unless permitted_to?(:update_role)
-        @user.update_attributes(params[:user])
-        Notifications.admin_user_created(@user).deliver if params[:send_credentials]
+        if params[:user][:password].present?
+          @user.update_attributes(params[:user])
+        else
+          @user.update_without_password(params[:user])
+        end
+        if params[:send_credentials]
+          Notifications.admin_user_created(@user).deliver
+        end
         render_errors_or_redirect(
           @user,
           admin_users_path,

data/app/controllers/alchemy/attachments_controller.rb

@@ -1,5 +1,5 @@
 module Alchemy
-  class AttachmentsController < Alchemy::BaseController
+  class AttachmentsController < BaseController
 
     filter_access_to [:show, :download], :attribute_check => true, :model => Alchemy::Attachment, :load_method => :load_attachment
 

data/app/controllers/alchemy/base_controller.rb

@@ -9,6 +9,7 @@ module Alchemy
     before_filter :set_current_site
     before_filter :set_language
     before_filter :mailer_set_url_options
+    before_filter :store_user_request_time
 
     helper_method :current_server, :current_site
 
@@ -187,6 +188,13 @@ module Alchemy
       redirect_to url_for(protocol: 'https')
     end
 
+    # Stores the users request time.
+    def store_user_request_time
+      if user_signed_in?
+        current_user.store_request_time!
+      end
+    end
+
   protected
 
     def permission_denied

data/app/controllers/alchemy/pages_controller.rb

@@ -76,6 +76,10 @@ module Alchemy
         # currently active language.
         Page.language_root_for(@language.id)
       end
+    rescue ArgumentError => e
+      # If encoding errors raises (ie. because of invalid byte chars in params),
+      # we render a 404 page
+      raise ActionController::RoutingError.new(e.message)
     end
 
     def enforce_primary_host_for_site

data/app/controllers/alchemy/passwords_controller.rb

@@ -0,0 +1,23 @@
+module Alchemy
+  class PasswordsController < Devise::PasswordsController
+
+    before_filter { enforce_ssl if ssl_required? && !request.ssl? }
+    before_filter :set_translation
+
+    layout 'alchemy/admin'
+
+    helper 'Alchemy::Admin::Base'
+
+  private
+
+    # Override for Devise method
+    def new_session_path(resource_name)
+      alchemy.login_path
+    end
+
+    def edit_password_url(resource, options={})
+      alchemy.edit_password_url(options)
+    end
+
+  end
+end

data/app/controllers/alchemy/user_sessions_controller.rb

@@ -1,56 +1,31 @@
 module Alchemy
-  class UserSessionsController < Alchemy::BaseController
+  class UserSessionsController < Devise::SessionsController
 
     before_filter { enforce_ssl if ssl_required? && !request.ssl? }
     before_filter :set_translation
-    before_filter :check_user_count, :only => :login
+    before_filter :check_user_count, :only => :new
 
     layout 'alchemy/admin'
 
     helper 'Alchemy::Admin::Base'
 
-    # Signup only works if no user is present in database.
-    def signup
-      @user_genders = User.genders_for_select
-      if request.get?
-        redirect_to admin_dashboard_path if User.count != 0
-        @user = User.new({:role => 'admin'})
-      else
-        @user = User.new(params[:user])
-        if @user.save
-          if params[:send_credentials]
-            Notifications.admin_user_created(@user).deliver
-          end
-          flash[:notice] = _t('Successfully signup admin user')
-          redirect_to admin_dashboard_path
-        end
-      end
-    rescue Errno::ECONNREFUSED => e
-      flash[:error] = _t(:signup_mail_delivery_error)
-      redirect_to admin_dashboard_path
+    def new
+      super
     end
 
-    def login
-      if current_user
-        redirect_to admin_dashboard_path, :notice => _t('You are already logged in')
-      else
-        if request.get?
-          @user_session = UserSession.new()
-          flash.now[:info] = params[:message] || _t("welcome_please_identify_notice")
+    def create
+      authenticate_user!
+      if user_signed_in?
+        store_screen_size
+        if session[:redirect_path].blank?
+          redirect_path = admin_dashboard_path
         else
-          @user_session = UserSession.new(params[:alchemy_user_session])
-          store_screen_size
-          if @user_session.save
-            if session[:redirect_path].blank?
-              redirect_to admin_dashboard_path
-            else
-              # We have to strip double slashes from beginning of path, because of strange rails/rack bug.
-              redirect_to session[:redirect_path].gsub(/^\/{2,}/, '/')
-            end
-          else
-            render
-          end
+          # We have to strip double slashes from beginning of path, because of strange rails/rack bug.
+          redirect_path = session[:redirect_path].gsub(/^\/{2,}/, '/')
         end
+        redirect_to redirect_path, :notice => t(:signed_in, :scope => 'devise.sessions')
+      else
+        super
       end
     end
 
@@ -58,21 +33,17 @@ module Alchemy
       render :layout => false
     end
 
-    def logout
-      message = params[:message] || _t("logged_out")
-      @user_session = UserSession.find
-      if @user_session
-        @user_session.destroy
-      end
-      flash[:info] = message
-      redirect_to root_url
+    def destroy
+      cookies.clear
+      session.clear
+      super
     end
 
   private
 
     def check_user_count
       if User.count == 0
-        redirect_to :action => 'signup'
+        redirect_to signup_path
       else
         return true
       end

data/app/controllers/alchemy/users_controller.rb

@@ -0,0 +1,49 @@
+module Alchemy
+  class UsersController < BaseController
+
+    before_filter { enforce_ssl if ssl_required? && !request.ssl? }
+    before_filter :set_translation
+    before_filter :check_user_count
+    before_filter :load_genders
+
+    layout 'alchemy/admin'
+
+    helper 'Alchemy::Admin::Base'
+
+    def new
+      @signup = true
+      @user = User.new(:role => 'admin')
+    end
+
+    def create
+      @user = User.new(params[:user])
+      if @user.save
+        if params[:send_credentials]
+          Notifications.admin_user_created(@user).deliver
+        end
+        flash[:notice] = _t('Successfully signup admin user')
+        sign_in :user, @user
+        redirect_to admin_dashboard_path
+      else
+        @signup = true
+        render :new
+      end
+    rescue Errno::ECONNREFUSED => e
+      flash[:error] = _t(:signup_mail_delivery_error)
+      redirect_to admin_dashboard_path
+    end
+
+  private
+
+    def load_genders
+      @user_genders = User.genders_for_select
+    end
+
+    def check_user_count
+      if User.count > 0
+        redirect_to admin_dashboard_path
+      end
+    end
+
+  end
+end

data/app/mailers/alchemy/notifications.rb

@@ -21,5 +21,10 @@ module Alchemy
       )
     end
 
+    def reset_password_instructions(user, opts={})
+      @user = user
+      mail :to => user.email, :subject => Alchemy::I18n.t("Reset password instructions")
+    end
+
   end
 end

data/app/models/alchemy/content.rb

@@ -166,8 +166,12 @@ module Alchemy
       essence.ingredient = value
     end
 
-    # Calls essence.update_attributes. Called from +Alchemy::Element#save_contents+
-    # Ads errors to self.base if essence validation fails.
+    # Calls essence.update_attributes.
+    #
+    # Called from +Alchemy::Element#save_contents+
+    #
+    # Adds errors to self.base if essence validation fails.
+    #
     def update_essence(params={})
       raise EssenceMissingError if essence.nil?
       if essence.update_attributes(params)

data/app/models/alchemy/element.rb

@@ -44,6 +44,10 @@ module Alchemy
     scope :excluded, lambda { |names| where(arel_table[:name].not_in(names)) }
     scope :not_in_cell, where(:cell_id => nil)
     scope :in_cell, where("#{self.table_name}.cell_id IS NOT NULL")
+    # Scope for only the elements from Alchemy::Site.current
+    scope :from_current_site, lambda { where(:alchemy_languages => {site_id: Site.current}).joins(:page => :language) }
+    # TODO: add this as default_scope
+    #default_scope { from_current_site }
 
     # class methods
     class << self
@@ -77,7 +81,7 @@ module Alchemy
       #
       def descriptions
         if ::File.exists? "#{::Rails.root}/config/alchemy/elements.yml"
-          ::YAML.load_file("#{::Rails.root}/config/alchemy/elements.yml")
+          ::YAML.load_file("#{::Rails.root}/config/alchemy/elements.yml") || []
         else
           raise LoadError, "Could not find elements.yml file! Please run: rails generate alchemy:scaffold"
         end
@@ -198,16 +202,16 @@ module Alchemy
     # Pass an element name to get next of this kind.
     def next(name = nil)
       elements = page.elements.published.where(Element.arel_table[:position].gt(position))
-      elements = elements.where(:name => name) if name.present?
-      elements.order("position ASC").limit(1).first
+      elements = elements.named(name) if name.present?
+      elements.reorder("position ASC").limit(1).first
     end
 
     # Returns previous public element from same page.
     # Pass an element name to get previous of this kind.
     def prev(name = nil)
       elements = page.elements.published.where(Element.arel_table[:position].lt(position))
-      elements = elements.where(:name => name) if name.present?
-      elements.order("position DESC").limit(1).first
+      elements = elements.named(name) if name.present?
+      elements.reorder("position DESC").limit(1).first
     end
 
     # Stores the page into `to_be_sweeped_pages` (Pages that have to be sweeped after updating element).

data/app/models/alchemy/essence_richtext.rb

@@ -7,20 +7,38 @@ module Alchemy
 
     attr_accessible :do_not_index, :body, :public, :stripped_body
 
-    # Require acts_as_ferret only if Ferret full text search is enabled (default).
+    before_save :strip_content
+
+
+    # Enable Ferret indexing.
+    #
+    # But only, if Ferret full text search is enabled (default).
+    #
     # You can disable it in +config/alchemy/config.yml+
+    #
     if Config.get(:ferret) == true
       require 'acts_as_ferret'
-      acts_as_ferret(
-        :fields => {
-          :stripped_body => {:store => :yes}
-        },
-        :remote => false
-      )
-      before_save :check_ferret_indexing
-    end
+      acts_as_ferret(:fields => { :stripped_body => {:store => :yes} }, :remote => false)
 
-    before_save :strip_content
+      # Ensures that the current setting for do_not_index gets updated in the db.
+      before_save { write_attribute(:do_not_index, description['do_not_index'] || false); return true }
+
+      # Disables the ferret indexing, if do_not_index attribute is set to true
+      #
+      # You can disable indexing in the elements.yml file.
+      #
+      # === Example
+      #
+      #   name: secrets
+      #   contents:
+      #   - name: confidential
+      #     type: EssenceRichtext
+      #     do_not_index: true
+      #
+      def ferret_enabled?(is_bulk_index = false)
+        !do_not_index?
+      end
+    end
 
   private
 
@@ -28,12 +46,6 @@ module Alchemy
       self.stripped_body = strip_tags(self.body)
     end
 
-    def check_ferret_indexing
-      if self.do_not_index
-        self.disable_ferret(:always)
-      end
-    end
-
     # Stripping HTML Tags and only returns plain text.
     def strip_tags(html)
       return html if html.blank?

data/app/models/alchemy/essence_text.rb

@@ -13,24 +13,33 @@ module Alchemy
       :link_target
     )
 
-    # Require acts_as_ferret only if Ferret full text search is enabled (default).
+    # Enable Ferret indexing.
+    #
+    # But only, if Ferret full text search is enabled (default).
+    #
     # You can disable it in +config/alchemy/config.yml+
+    #
     if Config.get(:ferret) == true
       require 'acts_as_ferret'
-      acts_as_ferret(
-        :fields => {
-          :body => {:store => :yes}
-        },
-        :remote => false
-      )
-      before_save :check_ferret_indexing
-    end
+      acts_as_ferret(:fields => { :body => {:store => :yes} }, :remote => false)
 
-    private
+      # Ensures that the current setting for do_not_index gets updated in the db.
+      before_save { write_attribute(:do_not_index, description['do_not_index'] || false); return true }
 
-    def check_ferret_indexing
-      if self.do_not_index
-        self.disable_ferret(:always)
+      # Disables the ferret indexing, if do_not_index attribute is set to true
+      #
+      # You can disable indexing in the elements.yml file.
+      #
+      # === Example
+      #
+      #   name: contact_form
+      #   contents:
+      #   - name: email
+      #     type: EssenceText
+      #     do_not_index: true
+      #
+      def ferret_enabled?(is_bulk_index = false)
+        !do_not_index?
       end
     end