alchemy_cms 2.5.0.b9 → 2.5.0.rc3

data/app/models/alchemy/message.rb

@@ -46,7 +46,7 @@ module Alchemy
 
       case field.to_sym
       when :email
-        validates_format_of field, :with => ::Authlogic::Regex.email, :if => :email_is_filled
+        validates_format_of field, :with => ::Devise.email_regexp, :if => :email_is_filled
       when :email_confirmation
         validates_confirmation_of :email
       end

data/app/models/alchemy/page.rb

@@ -46,7 +46,7 @@ module Alchemy
 
     has_many :folded_pages
     has_many :cells, :dependent => :destroy
-    has_many :elements, :dependent => :destroy, :order => :position
+    has_many :elements, :order => :position
     has_many :contents, :through => :elements
     has_many :legacy_urls, :class_name => 'Alchemy::LegacyPageUrl'
     has_and_belongs_to_many :to_be_sweeped_elements, :class_name => 'Alchemy::Element', :uniq => true, :join_table => 'alchemy_elements_alchemy_pages'
@@ -74,6 +74,7 @@ module Alchemy
     after_update :trash_not_allowed_elements, :if => :page_layout_changed?
     after_update :autogenerate_elements, :if => :page_layout_changed?
     after_update :create_legacy_url, :if => :urlname_changed?
+    after_destroy { elements.each {|el| el.destroy unless el.trashed? } }
 
     scope :language_roots, where(:language_root => true)
     scope :layoutpages, where(:layoutpage => true)
@@ -95,6 +96,10 @@ module Alchemy
     # Used for flushing all page caches at once.
     scope :flushables, not_locked.published.contentpages
     scope :searchables, not_restricted.published.contentpages
+    # Scope for only the pages from Alchemy::Site.current
+    scope :from_current_site, lambda { where(:alchemy_languages => {site_id: Site.current}).joins(:language) }
+    # TODO: add this as default_scope
+    #default_scope { from_current_site }
 
     # Class methods
     #
@@ -158,7 +163,7 @@ module Alchemy
       #
       def copy_elements(source, target)
         new_elements = []
-        source.elements.each do |element|
+        source.elements.not_trashed.each do |element|
           # detect cell for element
           if element.cell
             cell = target.cells.detect { |c| c.name == element.cell.name }

data/app/models/alchemy/user.rb

@@ -3,10 +3,9 @@ module Alchemy
 
     model_stamper
     stampable(:stamper_class_name => 'Alchemy::User')
-    acts_as_authentic do |c|
-      c.transition_from_restful_authentication = true
-      c.logged_in_timeout = Config.get(:auto_logout_time).minutes
-    end
+
+    devise(*Config.get(:devise_modules))
+
     acts_as_taggable
 
     attr_accessible(
@@ -24,59 +23,102 @@ module Alchemy
 
     has_many :folded_pages
 
-    before_destroy :unlock_pages
+    # Unlock all locked pages before destroy and before the user gets logged out.
+    before_destroy :unlock_pages!
+    Warden::Manager.before_logout do |user, auth, opts|
+      if user
+        user.unlock_pages!
+      end
+    end
 
     scope :admins, where(:role => 'admin')
+    scope :logged_in, lambda { where("last_request_at > ?", logged_in_timeout.seconds.ago) }
+    scope :logged_out, lambda { where("last_request_at is NULL or last_request_at <= ?", logged_in_timeout.seconds.ago) }
 
     ROLES = Config.get(:user_roles)
 
+    class << self
+      def human_rolename(role)
+        I18n.t("user_roles.#{role}")
+      end
+
+      def genders_for_select
+        [
+          [I18n.t('male'), 'male'],
+          [I18n.t('female'), 'female']
+        ]
+      end
+
+      def logged_in_timeout
+        Config.get(:auto_logout_time).minutes.to_i
+      end
+    end
+
     def role_symbols
       [role.to_sym]
     end
 
+    # Returns true if the user ahs admin role
     def is_admin?
-      self.role == "admin"
+      role == "admin"
     end
     alias_method :admin?, :is_admin?
 
-    def unlock_pages
-      for page in pages_locked_by_me
-        page.unlock
-      end
+    # Calls unlock on all locked pages
+    def unlock_pages!
+      pages_locked_by_me.map(&:unlock)
     end
 
+    # Returns all pages locked by user.
+    #
+    # A page gets locked, if the user requests to edit the page.
+    #
     def pages_locked_by_me
       Page.where(:locked => true).where(:locked_by => self.id).order(:updated_at)
     end
+    alias_method :locked_pages, :pages_locked_by_me
 
     # Returns the firstname and lastname as a string
+    #
     # If both are blank, returns the login
-    # options
-    #   :flipped=false  : returns "lastname, firstname"
+    #
+    # @option options :flipped (false)
+    #   Flip the firstname and lastname
+    #
     def fullname(options = {})
-      unless (self.lastname.blank? && self.firstname.blank?)
-        options = (default_options = {:flipped => false}.merge(options))
-        options[:flipped] ? "#{self.lastname}, #{self.firstname}".squeeze(" ") : "#{self.firstname} #{self.lastname}".squeeze(" ")
+      if lastname.blank? && firstname.blank?
+        login
       else
-        self.login
+        options = {:flipped => false}.merge(options)
+        fullname = options[:flipped] ? "#{lastname}, #{firstname}" : "#{firstname} #{lastname}"
+        fullname.squeeze(" ").strip
       end
     end
+    alias_method :name, :fullname
 
-    alias :name :fullname
+    # Returns true if the last request not longer ago then the logged_in_time_out
+    def logged_in?
+      raise "Can not determine the records login state because there is no last_request_at column" if !respond_to?(:last_request_at)
+      !last_request_at.nil? && last_request_at > logged_in_timeout.seconds.ago
+    end
+
+    # Opposite of logged_in?
+    def logged_out?
+      !logged_in?
+    end
 
     def human_role_name
       self.class.human_rolename(self.role)
     end
 
-    def self.human_rolename(role)
-      I18n.t("user_roles.#{role}")
+    def store_request_time!
+      update_attribute(:last_request_at, Time.now)
     end
 
-    def self.genders_for_select
-      [
-        [I18n.t('male'), 'male'],
-        [I18n.t('female'), 'female']
-      ]
+  private
+
+    def logged_in_timeout
+      self.class.logged_in_timeout
     end
 
   end

data/app/views/alchemy/admin/dashboard/index.html.erb

@@ -8,7 +8,7 @@
       <% end -%>
     </h1>
     <p>
-      <small><%= _t('Your last login was on %{time}', :time => l(current_user.last_login_at)) unless current_user.last_login_at.blank? %></small>
+      <small><%= _t('Your last login was on %{time}', :time => l(current_user.last_sign_in_at)) unless current_user.last_sign_in_at.blank? %></small>
     </p>
   </div>
   <div class="widget">

data/app/views/alchemy/admin/essence_files/edit.html.erb

@@ -14,6 +14,7 @@
             [_t("left"), "left"],
             [_t("right"), "right"]
           ],
+          {},
           :class => 'alchemy_selectbox'
         ) %>
       </td>

data/app/views/alchemy/admin/pages/_create_language_form.html.erb

@@ -1,3 +1,4 @@
+<% if root = Alchemy::Page.rootpage %>
 <div id="create_language_tree_form" style="display: none">
   <div class="info">
     <%= render_icon('info') %>
@@ -37,7 +38,7 @@
     <%= form.hidden_field :language_code, :value => @language.code %>
     <%= form.hidden_field :page_layout, :value => @language.page_layout %>
     <%= form.hidden_field :language_root, :value => true %>
-    <%= form.hidden_field :parent_id, :value => Alchemy::Page.rootpage.id %>
+    <%= form.hidden_field :parent_id, :value => root.id %>
     <%= hidden_field_tag :redirect_to, admin_pages_path %>
     <%= form.button _t("create_tree_as_new_language", :language => @language.name), :class => 'button' %>
   <% end %>
@@ -51,3 +52,9 @@
 <%- end -%>
 
 </div>
+<% else %>
+<%= render_message :error do %>
+  <h2>Root page not found.</h2>
+  <p>Please run <code>rake alchemy:db:seed</code> task.</p>
+<% end %>
+<% end %>

data/app/views/alchemy/admin/partials/_flash.html.erb

@@ -1,4 +1,4 @@
 <div class="flash <%= flash_type %>">
-  <%= render_icon(flash_type.to_s == 'notice' ? 'tick' : flash_type.to_s) %>
+  <%= render_icon(flash_type.to_s) %>
   <%= message %>
 </div>

data/app/views/alchemy/admin/users/_table.html.erb

@@ -31,7 +31,7 @@
     <td class="label mandatory"><%= f.label 'password_confirmation' %></td>
     <td class="input"><%= f.password_field 'password_confirmation', :class => 'thin_border long', :autocomplete => "off", :required => action_name == 'signup' %></td>
   </tr>
-  <% if action_name == 'signup' %>
+  <% if @signup %>
   <%= f.hidden_field :role %>
   <% elsif permitted_to? :update_role %>
   <tr>
@@ -39,7 +39,7 @@
     <td class="select"><%= f.select :role, options_for_select(@user_roles, @user.role), {}, {:class => 'alchemy_selectbox long'} %></td>
   </tr>
   <% end %>
-  <% unless action_name == 'signup' %>
+  <% unless @signup %>
   <tr>
     <td class="label"><%= f.label :tag_list %></td>
     <td class="input">

data/app/views/alchemy/admin/users/_user.html.erb

@@ -8,7 +8,7 @@
   <td><%= user.lastname -%></td>
   <td class="email"><%= user.email %></td>
   <td><%= _t(user.language, :scope => 'translations') %></td>
-  <td><%= user.last_login_at.present? ? l(user.last_login_at, :format => :default) : _t(:unknown) %></td>
+  <td><%= user.last_sign_in_at.present? ? l(user.last_sign_in_at, :format => :default) : _t(:unknown) %></td>
   <td class="role"><%= user.human_role_name %></td>
   <td class="tools">
     <%- permitted_to?(:destroy, :alchemy_admin_users) do -%>

data/app/views/alchemy/admin/users/index.html.erb

@@ -26,7 +26,7 @@
       <th><%= Alchemy::User.human_attribute_name('lastname') %></th>
       <th class="email"><%= Alchemy::User.human_attribute_name('email') %></th>
       <th><%= Alchemy::User.human_attribute_name('language') %></th>
-      <th><%= Alchemy::User.human_attribute_name('last_login_at') %></th>
+      <th><%= Alchemy::User.human_attribute_name('last_sign_in_at') %></th>
       <th class="role"><%= Alchemy::User.human_attribute_name('role') %></th>
       <th class="tools"></th>
     </tr>

data/app/views/alchemy/notifications/admin_user_created.de.text.erb

@@ -0,0 +1,11 @@
+Willkommen in Alchemy!
+
+Um die Inhalte Ihrer Webseite zu bearbeiten klicken Sie bitte auf folgenden Link:
+
+<%= @url %>
+
+Ihr Benutzername lautet: <%= @user.login %>
+
+(Aus Sicherheitsgründen stellen wir Ihr Passwort hier nicht da. Wenn Sie Ihr Passwort vergessen haben oder dies Ihr erster Login ist, gehen Sie bitte auf: <%= new_password_url(@user) %>)
+
+Viel Spaß mit Alchemy!

data/app/views/alchemy/notifications/admin_user_created.en.text.erb

@@ -0,0 +1,11 @@
+Welcome to Alchemy!
+
+To manage your website open a browser and go to:
+
+<%= @url %>
+
+Your username is: <%= @user.login %>
+
+(For security reasons we do not show your password here. If you forgot your password or this is your first login, please goto: <%= new_password_url(@user) %>)
+
+Have much fun with Alchemy!

data/app/views/alchemy/notifications/registered_user_created.text.erb

@@ -5,6 +5,7 @@
 <%= @url %>
 
 <%= Alchemy::I18n.t('mailer.new_user_mail.username') %>: <%= @user.login %>
-<%= Alchemy::I18n.t('mailer.new_user_mail.password') %>: <%= @user.password %>
+
+<%= Alchemy::I18n.t('mailer.new_user_mail.password_notice') % {:url => new_password_url(@user)}%>
 
 <%= Alchemy::I18n.t('mailer.new_user_mail.greeting') %>

data/app/views/alchemy/notifications/reset_password_instructions.de.text.erb

@@ -0,0 +1,8 @@
+Hallo <%= @user.fullname %>.
+
+Sie haben angefordert Ihr Passwort zurückzusetzen. Dies kann durch anklicken des nachfolgenden Links bestätigt werden.
+
+<%= alchemy.edit_password_url(@user, :reset_password_token => @user.reset_password_token) %>
+
+Wenn Sie diese Zurücksetzung nicht angefragt haben, dann können Sie diese E-Mail einfach ignorieren.
+Ihr Passwort wird erst dann zurückgesetzt, wenn Sie den Link anklicken.

data/app/views/alchemy/notifications/reset_password_instructions.en.text.erb

@@ -0,0 +1,8 @@
+Hello <%= @user.fullname %>.
+
+You has requested to change your password. Please confirm this by clicking the link below.
+
+<%= alchemy.edit_password_url(@user, :reset_password_token => @user.reset_password_token) %>
+
+If you didn't request this, please ignore this email.
+Your password won't change until you access the link above and create a new one.

data/app/views/alchemy/passwords/edit.html.erb

@@ -0,0 +1,35 @@
+<div id="login_box">
+  <div id="alchemy_greeting">
+    <%= image_tag("alchemy/alchemy-logo.png", :style => "width: 240px; height: 70px") %>
+  </div>
+  <div class="login_signup_box">
+    <% if @user.errors.blank? %>
+    <%= render_message do %>
+      <h1><%= _t 'Password reset' %></h1>
+      <p><%= _t 'Please enter a new password' %></p>
+    <% end %>
+    <% else %>
+    <div id="errors" style="display: block">
+      <%= devise_error_messages! %>
+    </div>
+    <% end %>
+    <%= form_for(:user, :url => password_path, :html => { :method => :put }) do |f| %>
+      <table>
+        <tr>
+          <td class="label"><%= f.label :password, _t("New password") %></td>
+          <td class="input"><%= f.password_field :password, :autofocus => true %></td>
+        </tr>
+        <tr>
+          <td class="label"><%= f.label :password_confirmation, _t("Confirm new password") %></td>
+          <td class="input"><%= f.password_field :password_confirmation %></td>
+        </tr>
+        <tr>
+          <td colspan="2" class="submit">
+            <%= f.hidden_field :reset_password_token %>
+            <%= f.button _t("Change password") %>
+          </td>
+        </tr>
+      </table>
+    <% end %>
+  </div>
+</div>

data/app/views/alchemy/passwords/new.html.erb

@@ -0,0 +1,30 @@
+<div id="login_box">
+  <div id="alchemy_greeting">
+    <%= image_tag("alchemy/alchemy-logo.png", :style => "width: 240px; height: 70px") %>
+  </div>
+  <div class="login_signup_box">
+    <% if @user.errors.blank? %>
+    <%= render_message do %>
+      <h1><%= _t 'Password reset' %></h1>
+      <p><%= _t 'Please enter your email address' %></p>
+    <% end %>
+    <% else %>
+    <div id="errors" style="display: block">
+      <%= devise_error_messages! %>
+    </div>
+    <% end %>
+    <%= form_for(:user, :url => password_path, :html => { :method => :post }) do |f| %>
+      <table>
+        <tr>
+          <td class="label"><%= f.label :email %></td>
+          <td class="input"><%= f.email_field :email, :autofocus => true %></td>
+        </tr>
+        <tr>
+          <td colspan="2" class="submit">
+            <%= f.button _t("Send reset instructions") %>
+          </td>
+        </tr>
+      </table>
+    <% end %>
+  </div>
+</div>

data/app/views/alchemy/user_sessions/leave.html.erb

@@ -4,8 +4,8 @@
     <label><%= _t("Do you want to") %></label>
     <%= link_to _t('stay logged in'), alchemy.root_path, :class => 'button' %>
   </p>
-  <p class="buttons">
+  <%= form_tag alchemy.logout_path, :method => :delete, :class => 'buttons' do %>
     <label><%= _t('or to completly') %></label>
-    <%= link_to _t('logout'), alchemy.logout_path, :class => 'button' %>
-  </p>
+    <%= button _t('logout') %>
+  <% end %>
 </div>

data/app/views/alchemy/user_sessions/{login.html.erb → new.html.erb}

@@ -3,7 +3,7 @@
     <%= image_tag("alchemy/alchemy-logo.png", :style => "width: 240px; height: 70px") %>
   </div>
   <div class="login_signup_box">
-    <%= form_for @user_session, :url => {:action => 'login'}, :html => { :id => "login" } do |f| %>
+    <%= form_for :user, :url => {:action => :create}, :html => { :id => "login" } do |f| %>
       <%= f.error_messages %>
       <table>
         <tr>
@@ -20,6 +20,9 @@
           </td>
           <td class="input">
             <%= f.password_field :password, :class => 'thin_border' %>
+            <p class="foot_note">
+              <%= link_to _t('Forgot your password?'), new_password_path(@user) %>
+            </p>
           </td>
         </tr>
         <tr>
@@ -36,7 +39,7 @@
 <%- content_for :javascripts do -%>
 <script type="text/javascript" charset="utf-8">
   jQuery(function($) {
-    $('#alchemy_user_session_login').focus();
+    $('#user_login').focus();
     $('#user_screensize').val(function() {
       return screen.width+'x'+screen.height;
     });

data/config/alchemy/config.yml

@@ -185,3 +185,15 @@ link_target_options: [blank]
 
 # Should pages that redirect to an external url open the link in a new tab/window?
 open_external_links_in_new_tab: true
+
+# === Devise modules
+#
+# List of Devise modules that should be activated on the user model.
+#
+devise_modules:
+  - :database_authenticatable
+  - :trackable
+  - :validatable
+  - :timeoutable
+  - :recoverable
+  # - :encryptable # Uncomment this if you are upgrading from an Alchemy version < 2.5.0