alchemy_cms 3.2.0.beta → 3.2.0.rc1

data/lib/rails/generators/alchemy/{scaffold/files/elements.yml → install/templates/elements.yml.tt}

@@ -2,6 +2,7 @@
 #
 # For further informations please see http://guides.alchemy-cms.com/create_elements.html
 
+<%- unless @options[:skip_demo_files] -%>
 - name: article
   hint: true
   unique: true
@@ -17,3 +18,4 @@
     type: EssenceRichtext
     default: :article_text
     hint: true
+<%- end -%>

data/lib/rails/generators/alchemy/{scaffold → install}/templates/page_layouts.yml.tt

@@ -2,7 +2,9 @@
 #
 # For further informations please see http://guides.alchemy-cms.com/create_page_layouts.html
 
+<%- unless @options[:skip_demo_files] -%>
 - name: <%= Alchemy::Config.get(:default_language)['page_layout'] %>
   unique: true
   elements: [article]
   autogenerate: [article]
+<%- end -%>

data/lib/rails/generators/alchemy/views/views_generator.rb

@@ -0,0 +1,41 @@
+require 'rails'
+
+module Alchemy
+  module Generators
+    class ViewsGenerator < ::Rails::Generators::Base
+      ALCHEMY_VIEWS = %w(breadcrumb language_links messages navigation)
+
+      desc "Generates Alchemy views for #{ALCHEMY_VIEWS.to_sentence}."
+
+      class_option :only,
+        type: :array,
+        default: nil,
+        desc: "List of views to copy. Available views are #{ALCHEMY_VIEWS.to_sentence}."
+
+      class_option :except,
+        type: :array,
+        default: nil,
+        desc: "List of views not to copy. Available views are #{ALCHEMY_VIEWS.to_sentence}."
+
+      source_root File.expand_path("../../../../../app/views/alchemy", File.dirname(__FILE__))
+
+      def copy_alchemy_views
+        views_to_copy.each do |dir|
+          directory dir, Rails.root.join('app/views/alchemy', dir)
+        end
+      end
+
+      private
+
+      def views_to_copy
+        if @options['except']
+          ALCHEMY_VIEWS - @options['except']
+        elsif @options['only']
+          ALCHEMY_VIEWS.select { |v| @options['only'].include?(v) }
+        else
+          ALCHEMY_VIEWS
+        end
+      end
+    end
+  end
+end

data/lib/rails/templates/alchemy.rb

@@ -1,7 +1,7 @@
 # This rails template installs Alchemy and all depending gems.
 require File.expand_path("../../../alchemy/version", __FILE__)
 
-gem "alchemy_cms",    github: "AlchemyCMS/alchemy_cms",    branch: "master"
+gem "alchemy_cms",    github: "AlchemyCMS/alchemy_cms",    branch: "3.2-stable"
 gem "alchemy-devise", github: "AlchemyCMS/alchemy-devise", branch: "master"
 
-gem "capistrano", "~> 2.15.5", group: "development"
+gem "capistrano-alchemy", github: "AlchemyCMS/capistrano-alchemy", branch: "master", group: "development"

data/lib/tasks/alchemy/db.rake

@@ -1,14 +1,9 @@
 require 'shellwords'
-require 'alchemy/seeder'
 require 'alchemy/tasks/helpers'
 include Alchemy::Tasks::Helpers
 
 namespace :alchemy do
   namespace :db do
-    desc "Seeds your database with essential data for Alchemy CMS."
-    task :seed => :environment do
-      Alchemy::Seeder.seed!
-    end
 
     desc "Dumps the database to STDOUT (Pass DUMP_FILENAME to store the dump into a file)."
     task :dump => :environment do

data/lib/tasks/alchemy/install.rake

@@ -20,26 +20,32 @@ class Alchemy::InstallTask < Thor
         match = "default_language:\n  code: #{code}\n  name: #{name}"
       end
     end
-  end
 
+    def inject_seeder
+      append_file "./db/seeds.rb", "Alchemy::Seeder.seed!\n"
+    end
+  end
 end
 
 namespace :alchemy do
 
   desc "Installs Alchemy CMS into your app."
   task :install do
+    install_helper = Alchemy::InstallTask.new
+
     unless ENV['from_binary']
       puts "\nAlchemy Installer"
       puts "-----------------"
     end
     Rake::Task["alchemy:mount"].invoke
-    system("rails g alchemy:scaffold#{ ENV['from_binary'] ? ' --force' : '' }") || exit!(1)
-    Alchemy::InstallTask.new.set_primary_language
+    system("rails g alchemy:install#{ ENV['from_binary'] ? ' --force' : '' }") || exit!(1)
+    install_helper.set_primary_language
     Rake::Task["db:create"].invoke
     # We can't invoke this rake task, because Rails will use wrong engine names otherwise
     `bundle exec rake railties:install:migrations`
     Rake::Task["db:migrate"].invoke
-    Rake::Task["alchemy:db:seed"].invoke
+    install_helper.inject_seeder
+    Rake::Task["db:seed"].invoke
     unless ENV['from_binary']
       puts "\nAlchemy successfully installed."
       puts "\nNow start the server with:"
@@ -52,5 +58,4 @@ namespace :alchemy do
   task :mount do
     Alchemy::InstallTask.new.inject_routes
   end
-
 end

data/lib/tasks/alchemy/tidy.rake

@@ -1,3 +1,5 @@
+require 'alchemy/shell'
+
 namespace :alchemy do
   namespace :tidy do
 

data/spec/controllers/admin/attachments_controller_spec.rb

@@ -5,7 +5,7 @@ module Alchemy
     let(:attachment) { build_stubbed(:attachment) }
 
     before do
-      sign_in(admin_user)
+      authorize_user(:as_admin)
     end
 
     describe "#index" do

data/spec/controllers/admin/clipboard_controller_spec.rb

@@ -7,7 +7,7 @@ module Alchemy
     let(:another_element) { build_stubbed(:element, page: public_page) }
 
     before do
-      sign_in(admin_user)
+      authorize_user(:as_admin)
       session[:alchemy_clipboard] = {}
     end
 

data/spec/controllers/admin/contents_controller_spec.rb

@@ -6,7 +6,7 @@ module Alchemy
     let(:content) { build_stubbed(:content, element: element) }
 
     before do
-      sign_in(admin_user)
+      authorize_user(:as_admin)
     end
 
     context 'with element_id parameter' do

data/spec/controllers/admin/dashboard_controller_spec.rb

@@ -2,9 +2,9 @@ require 'spec_helper'
 
 module Alchemy
   describe Admin::DashboardController do
-    let(:user) { admin_user }
+    let(:user) { build(:alchemy_dummy_user, :as_admin) }
 
-    before { sign_in(user) }
+    before { authorize_user(user) }
 
     describe '#index' do
       before do

data/spec/controllers/admin/elements_controller_spec.rb

@@ -7,7 +7,7 @@ module Alchemy
     let(:element_in_clipboard) { create(:element, :page_id => alchemy_page.id) }
     let(:clipboard)            { session[:alchemy_clipboard] = {} }
 
-    before { sign_in(author_user) }
+    before { authorize_user(:as_author) }
 
     describe '#index' do
       let(:alchemy_page) { build_stubbed(:page) }

data/spec/controllers/admin/essence_files_controller_spec.rb

@@ -3,7 +3,7 @@ require "spec_helper"
 module Alchemy
   describe Admin::EssenceFilesController do
     before do
-      sign_in(admin_user)
+      authorize_user(:as_admin)
     end
 
     let(:essence_file) { mock_model('EssenceFile', :attachment= => nil, content: content) }

data/spec/controllers/admin/essence_pictures_controller_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 module Alchemy
   describe Admin::EssencePicturesController do
-    before { sign_in(admin_user) }
+    before { authorize_user(:as_admin) }
 
     let(:essence) { EssencePicture.new }
     let(:content) { Content.new }

data/spec/controllers/admin/languages_controller_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 describe Alchemy::Admin::LanguagesController do
 
   before do
-    sign_in(admin_user)
+    authorize_user(:as_admin)
   end
 
   describe "#new" do

data/spec/controllers/admin/layoutpages_controller_spec.rb

@@ -4,7 +4,7 @@ module Alchemy
   describe Admin::LayoutpagesController do
 
     before(:each) do
-      sign_in(admin_user)
+      authorize_user(:as_admin)
     end
 
     describe "#index" do

data/spec/controllers/admin/pages_controller_spec.rb

@@ -12,7 +12,7 @@ module Alchemy
     end
 
     context 'a member' do
-      before { sign_in(member_user) }
+      before { authorize_user(build(:alchemy_dummy_user)) }
 
       it 'can not access page tree' do
         alchemy_get :index
@@ -21,9 +21,9 @@ module Alchemy
     end
 
     context 'with logged in editor user' do
-      let(:user) { editor_user }
+      let(:user) { build(:alchemy_dummy_user, :as_editor) }
 
-      before { sign_in(user) }
+      before { authorize_user(user) }
 
       describe '#index' do
         let(:language)      { build_stubbed(:language) }
@@ -367,7 +367,7 @@ module Alchemy
 
       describe '#edit' do
         let!(:page)       { create(:page) }
-        let!(:other_user) { create(:author_user) }
+        let!(:other_user) { create(:alchemy_dummy_user, :as_author) }
 
         context 'if page is locked by another user' do
           before { page.lock_to!(other_user) }

data/spec/controllers/admin/pictures_controller_spec.rb

@@ -4,7 +4,7 @@ module Alchemy
   describe Admin::PicturesController do
 
     before do
-      sign_in(admin_user)
+      authorize_user(:as_admin)
     end
 
     describe "#index" do

data/spec/controllers/admin/resources_controller_spec.rb

@@ -14,7 +14,7 @@ describe Admin::EventsController do
     let(:lustig) { Event.create(name: 'Lustig') }
 
     before do
-      sign_in(admin_user)
+      authorize_user(:as_admin)
       peter; lustig
     end
 

data/spec/controllers/admin/trash_controller_spec.rb

@@ -9,7 +9,7 @@ module Alchemy
       let(:element) { FactoryGirl.create(:element, :public => false, :page => alchemy_page) }
 
       before {
-        sign_in(admin_user)
+        authorize_user(:as_admin)
         element.trash!
       }
 

data/spec/controllers/alchemy/admin/tags_controller_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 module Alchemy
   module Admin
     describe TagsController do
-      before { sign_in(admin_user) }
+      before { authorize_user(:as_admin) }
 
       describe '#create' do
         context 'without required params' do

data/spec/controllers/attachments_controller_spec.rb

@@ -47,7 +47,7 @@ module Alchemy
       end
 
       context "as member user" do
-        before { sign_in(member_user) }
+        before { authorize_user(build(:alchemy_dummy_user)) }
 
         it "should be possible to download attachments from restricted pages" do
           alchemy_get :download, :id => attachment.id

data/spec/controllers/base_controller_spec.rb

@@ -25,5 +25,27 @@ module Alchemy
       end
     end
 
+    describe "#configuration" do
+      it "returns certain configuration options" do
+        allow(Config).to receive(:show).and_return({"some_option" => true})
+        expect(controller.configuration(:some_option)).to eq(true)
+      end
+    end
+
+    describe "#multi_language?" do
+      context "if more than one published language exists" do
+        it "returns true" do
+          allow(Alchemy::Language).to receive(:published).and_return double(count: 2)
+          expect(controller.multi_language?).to eq(true)
+        end
+      end
+
+      context "if less than two published languages exists" do
+        it "returns false" do
+          allow(Alchemy::Language).to receive(:published).and_return double(count: 1)
+          expect(controller.multi_language?).to eq(false)
+        end
+      end
+    end
   end
 end

data/spec/controllers/elements_controller_spec.rb

@@ -36,7 +36,7 @@ module Alchemy
       end
 
       context "for member user" do
-        before { sign_in(member_user) }
+        before { authorize_user(build(:alchemy_dummy_user)) }
 
         it "should render elements of restricted pages" do
           alchemy_get :show, id: restricted_element.id

data/spec/controllers/pages_controller_spec.rb

@@ -12,11 +12,12 @@ module Alchemy
     context 'an author' do
       let(:unpublic) { create(:page, parent: default_language_root) }
 
-      before { allow(controller).to receive(:current_alchemy_user).and_return(author_user) }
+      before { authorize_user(:as_author) }
 
       it "should not be able to visit a unpublic page" do
-        alchemy_get :show, urlname: unpublic.urlname
-        expect(response.status).to eq(404)
+        expect {
+          alchemy_get :show, urlname: unpublic.urlname
+        }.to raise_error(ActionController::RoutingError)
       end
     end
 
@@ -75,18 +76,18 @@ module Alchemy
 
       context "with incorrect levelnames in params" do
         it "should render a 404 page" do
-          alchemy_get :show, {urlname: 'catalog/faqs/screwdriver'}
-          expect(response.status).to eq(404)
-          expect(response.body).to have_content('The page you were looking for doesn\'t exist')
+          expect {
+            alchemy_get :show, {urlname: 'catalog/faqs/screwdriver'}
+          }.to raise_error(ActionController::RoutingError)
         end
       end
     end
 
     context "when a non-existent page is requested" do
       it "should rescue a RoutingError with rendering a 404 page." do
-        alchemy_get :show, {urlname: 'doesntexist'}
-        expect(response.status).to eq(404)
-        expect(response.body).to have_content('The page you were looking for doesn\'t exist')
+        expect {
+          alchemy_get :show, {urlname: 'doesntexist'}
+        }.to raise_error(ActionController::RoutingError)
       end
     end
 
@@ -139,14 +140,14 @@ module Alchemy
 
         it "should redirect permanently to page that belongs to legacy page url even if url has an unknown format & get parameters" do
           expect(request).to receive(:fullpath).at_least(:once).and_return(legacy_url4.urlname)
-          alchemy_get :show, urlname: "index.php"
+          alchemy_get :show, urlname: legacy_url4.urlname
           expect(response.status).to eq(301)
           expect(response).to redirect_to("/#{second_page.urlname}")
         end
 
         it "should not pass query string for legacy routes" do
           expect(request).to receive(:fullpath).at_least(:once).and_return(legacy_url3.urlname)
-          alchemy_get :show, urlname: "index.php"
+          alchemy_get :show, urlname: legacy_url4.urlname
           expect(URI.parse(response["Location"]).query).to be_nil
         end
 
@@ -184,12 +185,12 @@ module Alchemy
 
         context "with no lang parameter present" do
           it "should store defaults language id in the session." do
-            alchemy_get :show, urlname: 'a-public-page'
+            alchemy_get :show, urlname: page.urlname
             expect(controller.session[:alchemy_language_id]).to eq(Language.default.id)
           end
 
           it "should store default language as class var." do
-            alchemy_get :show, urlname: 'a-public-page'
+            alchemy_get :show, urlname: page.urlname
             expect(Language.current).to eq(Language.default)
           end
         end
@@ -209,10 +210,8 @@ module Alchemy
       end
 
       context 'with user logged in' do
-        let(:author_user) { mock_model(Alchemy.user_class, cache_key: 'bbb') }
-
         before do
-          sign_in(author_user)
+          authorize_user(mock_model(Alchemy.user_class, cache_key: 'bbb'))
         end
 
         it "returns another etag for response headers" do

data/spec/controllers/pictures_controller_spec.rb

@@ -19,12 +19,37 @@ module Alchemy
         create(:picture, image_file: fixture_file_upload(File.expand_path('../../fixtures/80x60.png', __FILE__), 'image/png'))
       end
 
-      before { sign_in(editor_user) }
-
       it "renders the original image without any resizing" do
         alchemy_get :zoom, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
         expect(response.body[0x10..0x18].unpack('NN')).to eq([80, 60])
       end
+
+      context "Requesting a picture that is assigned with restricted pages only" do
+        before do
+          essence = restricted_element.contents.where(name: 'image').first.essence
+          essence.picture_id = picture.id
+          essence.save
+        end
+
+        context "as guest user" do
+          it "should not render the picture, but redirect to login path" do
+            alchemy_get :zoom, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
+            expect(response.status).to eq(302)
+            expect(response).to redirect_to(Alchemy.login_path)
+          end
+        end
+
+        context "as member user" do
+          before do
+            authorize_user(build(:alchemy_dummy_user))
+          end
+
+          it "should render the picture" do
+            alchemy_get :zoom, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
+            expect(response.status).to eq(200)
+          end
+        end
+      end
     end
 
     describe '#show' do
@@ -35,222 +60,247 @@ module Alchemy
           request.session_options.fetch(:skip) { false }
         }.to(true)
       end
-    end
 
-    context "Requesting a picture with tempared security token" do
-      it "should render status 400" do
-        alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: '14m4b4dh4ck3r'
-        expect(response.status).to eq(400)
+      context "Requesting a picture with tempared security token" do
+        it "should render status 400" do
+          alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: '14m4b4dh4ck3r'
+          expect(response.status).to eq(400)
+        end
       end
-    end
 
-    context "Requesting a picture with another format then the original image" do
-      it "should convert the picture format" do
-        alchemy_get :show, id: picture.id, name: picture.urlname, format: :jpeg, sh: picture.security_token
-        expect(response.content_type).to eq('image/jpeg')
+      context "Requesting a picture with another format then the original image" do
+        it "should convert the picture format" do
+          alchemy_get :show, id: picture.id, name: picture.urlname, format: :jpeg, sh: picture.security_token
+          expect(response.content_type).to eq('image/jpeg')
+        end
       end
-    end
 
-    context "Requesting a picture with not allowed format" do
-      it "should raise error" do
-        expect {
-          alchemy_get :show, id: picture.id, name: picture.urlname, format: :wim, sh: picture.security_token
-        }.to raise_error(ActionController::UnknownFormat)
+      context "Requesting a picture with not allowed format" do
+        it "should raise error" do
+          expect {
+            alchemy_get :show, id: picture.id, name: picture.urlname, format: :wim, sh: picture.security_token
+          }.to raise_error(ActionController::UnknownFormat)
+        end
       end
-    end
 
-    describe '#thumbnail' do
-      let(:picture) do
-        create(:picture, image_file: fixture_file_upload(File.expand_path('../../fixtures/500x500.png', __FILE__), 'image/png'))
+      context "Requesting a picture that has no image file attached" do
+        before do
+          expect(picture).to receive(:image_file).and_return(nil)
+          expect(Picture).to receive(:find).and_return(picture)
+        end
+
+        it "raises missing file error" do
+          expect {
+            alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
+          }.to raise_error(Alchemy::MissingImageFileError)
+        end
       end
 
-      before { sign_in(author_user) }
+      context "Requesting a picture with crop_from and crop_size parameters" do
+        let(:picture) do
+          create(:picture, image_file: fixture_file_upload(File.expand_path('../../fixtures/500x500.png', __FILE__), 'image/png'))
+        end
 
-      context 'with size param set to small' do
-        it "resizes the image to 80x60 while maintaining aspect ratio" do
-          alchemy_get :thumbnail, id: picture.id, name: picture.urlname, size: 'small', format: :png, sh: picture.security_token(size: 'small')
-          expect(response.body[0x10..0x18].unpack('NN')).to eq([60, 60])
+        it "renders the cropped picture" do
+          alchemy_get :show, id: picture.id, name: picture.urlname, crop: 'crop', size: '123x44', crop_size: '123x44',
+            crop_from: '0x0', format: :png,
+            sh: picture.security_token(crop_size: '123x44', crop_from: '0x0', crop: true, size: '123x44')
+          expect(response.body[0x10..0x18].unpack('NN')).to eq([123, 44])
         end
       end
 
-      context 'with size param set to medium' do
-        it "resizes the image to 160x120 while maintaining aspect ratio" do
-          alchemy_get :thumbnail, id: picture.id, name: picture.urlname, size: 'medium', format: :png, sh: picture.security_token(size: 'medium')
-          expect(response.body[0x10..0x18].unpack('NN')).to eq([120, 120])
+      context "Requesting a picture with crop_from and crop_size parameters with different size param" do
+        let(:picture) do
+          create(:picture, image_file: fixture_file_upload(File.expand_path('../../fixtures/500x500.png', __FILE__), 'image/png'))
         end
-      end
 
-      context 'with size param set to large' do
-        it "resizes the image to 240x180 while maintaining aspect ratio" do
-          alchemy_get :thumbnail, id: picture.id, name: picture.urlname, size: 'large', format: :png, sh: picture.security_token(size: 'large')
-          expect(response.body[0x10..0x18].unpack('NN')).to eq([180, 180])
+        it "renders the cropped picture" do
+          alchemy_get :show,
+            id: picture.id,
+            name: picture.urlname,
+            crop: 'crop',
+            size: '100x100',
+            crop_size: '200x200',
+            crop_from: '0x0',
+            format: :png,
+            sh: picture.security_token(
+              crop_size: '200x200',
+              crop_from: '0x0',
+              crop: true,
+              size: '100x100'
+            )
+         expect(response.body[0x10..0x18].unpack('NN')).to eq [100, 100]
         end
       end
 
-      context 'with size param set to nil' do
-        it "resizes the image to 111x93 while maintaining aspect ratio" do
-          alchemy_get :thumbnail, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
-          expect(response.body[0x10..0x18].unpack('NN')).to eq([93, 93])
+      context "Requesting a picture with crop_from and crop_size parameters with larger size param" do
+        let(:picture) do
+          create(:picture, image_file: fixture_file_upload(File.expand_path('../../fixtures/500x500.png', __FILE__), 'image/png'))
         end
-      end
 
-      context 'with size param set to another value' do
-        it "resizes the image to the given size while maintaining aspect ratio" do
-          alchemy_get :thumbnail, id: picture.id, name: picture.urlname, size: '33x33', format: :png, sh: picture.security_token(size: '33x33')
-          expect(response.body[0x10..0x18].unpack('NN')).to eq([33, 33])
+        it "renders the cropped picture without upsampling" do
+          alchemy_get :show,
+            id: picture.id,
+            name: picture.urlname,
+            crop: 'crop',
+            size: '400x400',
+            crop_size: '200x200',
+            crop_from: '0x0',
+            format: :png,
+            sh: picture.security_token(
+              crop_size: '200x200',
+              crop_from: '0x0',
+              crop: true,
+              size: '400x400'
+            )
+          expect(response.body[0x10..0x18].unpack('NN')).to eq [200, 200]
         end
       end
-    end
 
-    context "Requesting a picture that has no image file attached" do
-      before do
-        expect(picture).to receive(:image_file).and_return(nil)
-        expect(Picture).to receive(:find).and_return(picture)
+      context "Requesting a picture with crop_from and crop_size parameters with larger size param and upsample set" do
+        let(:picture) do
+          create(:picture, image_file: fixture_file_upload(File.expand_path('../../fixtures/500x500.png', __FILE__), 'image/png'))
+        end
+
+        it "renders the cropped picture with upsampling" do
+          alchemy_get :show,
+            id: picture.id,
+            name: picture.urlname,
+            crop: 'crop',
+            size: '400x400',
+            crop_size: '200x200',
+            crop_from: '0x0',
+            format: :png,
+            upsample: 'true',
+            sh: picture.security_token(
+              crop_size: '200x200',
+              crop_from: '0x0',
+              crop: true,
+              size: '400x400',
+              upsample: 'true'
+            )
+          expect(response.body[0x10..0x18].unpack('NN')).to eq [400, 400]
+        end
       end
 
-      it "raises missing file error" do
-        expect {
+      context "Requesting a picture that is not assigned with any page" do
+        it "should render the picture" do
           alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
-        }.to raise_error(Alchemy::MissingImageFileError)
+          expect(response.status).to eq(200)
+        end
       end
-    end
 
-    context "Requesting a picture with crop_from and crop_size parameters" do
-      let(:picture) do
-        create(:picture, image_file: fixture_file_upload(File.expand_path('../../fixtures/500x500.png', __FILE__), 'image/png'))
-      end
+      context "Requesting a picture that is assigned on restricted and non-restricted pages" do
+        before do
+          essence = element.contents.where(name: 'image').first.essence
+          essence.picture_id = picture.id
+          essence.save
 
-      it "renders the cropped picture" do
-        alchemy_get :show, id: picture.id, name: picture.urlname, crop: 'crop', size: '123x44', crop_size: '123x44',
-          crop_from: '0x0', format: :png,
-          sh: picture.security_token(crop_size: '123x44', crop_from: '0x0', crop: true, size: '123x44')
-        expect(response.body[0x10..0x18].unpack('NN')).to eq([123, 44])
-      end
-    end
+          essence = restricted_element.contents.where(name: 'image').first.essence
+          essence.picture_id = picture.id
+          essence.save
+        end
 
-    context "Requesting a picture with crop_from and crop_size parameters with different size param" do
-      let(:picture) do
-        create(:picture, image_file: fixture_file_upload(File.expand_path('../../fixtures/500x500.png', __FILE__), 'image/png'))
+        context "as guest user" do
+          it "should render the picture" do
+            alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
+            expect(response.status).to eq(200)
+          end
+        end
       end
 
-      it "renders the cropped picture" do
-        alchemy_get :show,
-          id: picture.id,
-          name: picture.urlname,
-          crop: 'crop',
-          size: '100x100',
-          crop_size: '200x200',
-          crop_from: '0x0',
-          format: :png,
-          sh: picture.security_token(
-            crop_size: '200x200',
-            crop_from: '0x0',
-            crop: true,
-            size: '100x100'
-          )
-       expect(response.body[0x10..0x18].unpack('NN')).to eq [100, 100]
-      end
-    end
+      context "Requesting a picture that is assigned with restricted pages only" do
+        before do
+          essence = restricted_element.contents.where(name: 'image').first.essence
+          essence.picture_id = picture.id
+          essence.save
+        end
 
-    context "Requesting a picture with crop_from and crop_size parameters with larger size param" do
-      let(:picture) do
-        create(:picture, image_file: fixture_file_upload(File.expand_path('../../fixtures/500x500.png', __FILE__), 'image/png'))
-      end
+        context "as guest user" do
+          it "should not render the picture, but redirect to login path" do
+            alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
+            expect(response.status).to eq(302)
+            expect(response).to redirect_to(Alchemy.login_path)
+          end
+        end
 
-      it "renders the cropped picture without upsampling" do
-        alchemy_get :show,
-          id: picture.id,
-          name: picture.urlname,
-          crop: 'crop',
-          size: '400x400',
-          crop_size: '200x200',
-          crop_from: '0x0',
-          format: :png,
-          sh: picture.security_token(
-            crop_size: '200x200',
-            crop_from: '0x0',
-            crop: true,
-            size: '400x400'
-          )
-        expect(response.body[0x10..0x18].unpack('NN')).to eq [200, 200]
+        context "as member user" do
+          before do
+            authorize_user(build(:alchemy_dummy_user))
+          end
+
+          it "should render the picture" do
+            alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
+            expect(response.status).to eq(200)
+          end
+        end
       end
     end
 
-    context "Requesting a picture with crop_from and crop_size parameters with larger size param and upsample set" do
+    describe '#thumbnail' do
       let(:picture) do
         create(:picture, image_file: fixture_file_upload(File.expand_path('../../fixtures/500x500.png', __FILE__), 'image/png'))
       end
 
-      it "renders the cropped picture with upsampling" do
-        alchemy_get :show,
-          id: picture.id,
-          name: picture.urlname,
-          crop: 'crop',
-          size: '400x400',
-          crop_size: '200x200',
-          crop_from: '0x0',
-          format: :png,
-          upsample: 'true',
-          sh: picture.security_token(
-            crop_size: '200x200',
-            crop_from: '0x0',
-            crop: true,
-            size: '400x400',
-            upsample: 'true'
-          )
-        expect(response.body[0x10..0x18].unpack('NN')).to eq [400, 400]
-      end
-    end
-
-    context "Requesting a picture that is not assigned with any page" do
-      it "should render the picture" do
-        alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
-        expect(response.status).to eq(200)
+      context 'with size param set to small' do
+        it "resizes the image to 80x60 while maintaining aspect ratio" do
+          alchemy_get :thumbnail, id: picture.id, name: picture.urlname, size: 'small', format: :png, sh: picture.security_token(size: 'small')
+          expect(response.body[0x10..0x18].unpack('NN')).to eq([60, 60])
+        end
       end
-    end
 
-    context "Requesting a picture that is assigned on restricted and non-restricted pages" do
-      before do
-        essence = element.contents.where(name: 'image').first.essence
-        essence.picture_id = picture.id
-        essence.save
-
-        essence = restricted_element.contents.where(name: 'image').first.essence
-        essence.picture_id = picture.id
-        essence.save
+      context 'with size param set to medium' do
+        it "resizes the image to 160x120 while maintaining aspect ratio" do
+          alchemy_get :thumbnail, id: picture.id, name: picture.urlname, size: 'medium', format: :png, sh: picture.security_token(size: 'medium')
+          expect(response.body[0x10..0x18].unpack('NN')).to eq([120, 120])
+        end
       end
 
-      context "as guest user" do
-        it "should render the picture" do
-          alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
-          expect(response.status).to eq(200)
+      context 'with size param set to large' do
+        it "resizes the image to 240x180 while maintaining aspect ratio" do
+          alchemy_get :thumbnail, id: picture.id, name: picture.urlname, size: 'large', format: :png, sh: picture.security_token(size: 'large')
+          expect(response.body[0x10..0x18].unpack('NN')).to eq([180, 180])
         end
       end
-    end
 
-    context "Requesting a picture that is assigned with restricted pages only" do
-      before do
-        essence = restricted_element.contents.where(name: 'image').first.essence
-        essence.picture_id = picture.id
-        essence.save
+      context 'with size param set to nil' do
+        it "resizes the image to 111x93 while maintaining aspect ratio" do
+          alchemy_get :thumbnail, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
+          expect(response.body[0x10..0x18].unpack('NN')).to eq([93, 93])
+        end
       end
 
-      context "as guest user" do
-        it "should not render the picture, but redirect to login path" do
-          alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
-          expect(response.status).to eq(302)
-          expect(response).to redirect_to(Alchemy.login_path)
+      context 'with size param set to another value' do
+        it "resizes the image to the given size while maintaining aspect ratio" do
+          alchemy_get :thumbnail, id: picture.id, name: picture.urlname, size: '33x33', format: :png, sh: picture.security_token(size: '33x33')
+          expect(response.body[0x10..0x18].unpack('NN')).to eq([33, 33])
         end
       end
 
-      context "as member user" do
+      context "Requesting a picture that is assigned with restricted pages only" do
         before do
-          sign_in(member_user)
+          essence = restricted_element.contents.where(name: 'image').first.essence
+          essence.picture_id = picture.id
+          essence.save
         end
 
-        it "should render the picture" do
-          alchemy_get :show, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
-          expect(response.status).to eq(200)
+        context "as guest user" do
+          it "should not render the picture, but redirect to login path" do
+            alchemy_get :thumbnail, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
+            expect(response.status).to eq(302)
+            expect(response).to redirect_to(Alchemy.login_path)
+          end
+        end
+
+        context "as member user" do
+          before do
+            authorize_user(build(:alchemy_dummy_user))
+          end
+
+          it "should render the picture" do
+            alchemy_get :thumbnail, id: picture.id, name: picture.urlname, format: :png, sh: picture.security_token
+            expect(response.status).to eq(200)
+          end
         end
       end
     end