RubyGems - alchemy_cms - Versions diffs - 4.0.0.beta → 4.0.0.rc1 - Mend

alchemy_cms 4.0.0.beta → 4.0.0.rc1

Files changed (205) hide show

data/app/controllers/alchemy/admin/clipboard_controller.rb CHANGED

@@ -1,6 +1,10 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class ClipboardController < Alchemy::Admin::BaseController
+      REMARKABLE_TYPES = %w(elements pages)
       authorize_resource class: :alchemy_admin_clipboard
       before_action :set_clipboard
@@ -12,10 +16,10 @@ module Alchemy
       end
       def insert
-        @item = model_class.find(params[:remarkable_id])
-        unless @clipboard.detect { |item| item['id'] == params[:remarkable_id] }
+        @item = model_class.find(remarkable_params[:remarkable_id])
+        unless @clipboard.detect { |item| item['id'] == remarkable_params[:remarkable_id] }
           @clipboard << {
-            'id' => params[:remarkable_id],
+            'id' => remarkable_params[:remarkable_id],
             'action' => params[:remove] ? 'cut' : 'copy'
           }
         end
@@ -25,8 +29,8 @@ module Alchemy
       end
       def remove
-        @item = model_class.find(params[:remarkable_id])
-        @clipboard.delete_if { |item| item['id'] == params[:remarkable_id] }
+        @item = model_class.find(remarkable_params[:remarkable_id])
+        @clipboard.delete_if { |item| item['id'] == remarkable_params[:remarkable_id] }
         respond_to do |format|
           format.js
         end
@@ -39,11 +43,20 @@ module Alchemy
       private
       def set_clipboard
-        @clipboard = get_clipboard(params[:remarkable_type])
+        @clipboard = get_clipboard(remarkable_type)
       end
       def model_class
-        "alchemy/#{params[:remarkable_type]}".classify.constantize
+        raise ActionController::BadRequest unless remarkable_type
+        "alchemy/#{remarkable_type}".classify.constantize
+      end
+      def remarkable_params
+        params.permit(:remarkable_type, :remarkable_id)
+      end
+      def remarkable_type
+        remarkable_params.keep_if { |_k, type| type.in? REMARKABLE_TYPES }[:remarkable_type]
       end
     end
   end

data/app/controllers/alchemy/admin/contents_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class ContentsController < Alchemy::Admin::BaseController
@@ -7,23 +9,21 @@ module Alchemy
       def new
         @element = Element.find(params[:element_id])
-        @options = options_from_params
         @content = @element.contents.build
       end
       def create
         @element = Element.find(params[:content][:element_id])
         @content = Content.create_from_scratch(@element, content_params)
-        @options = options_from_params
         @html_options = params[:html_options] || {}
         if picture_gallery_editor?
           @content.update_essence(picture_id: params[:picture_id])
-          @options = options_for_picture_gallery
+          @gallery_pictures = @element.contents.gallery_pictures
+          options_from_params[:sortable] = @gallery_pictures.size > 1
           @content_dom_id = "#add_picture_#{@element.id}"
         else
           @content_dom_id = "#add_content_for_element_#{@element.id}"
         end
-        @locals = essence_editor_locals
       end
       def update
@@ -54,21 +54,7 @@ module Alchemy
       end
       def picture_gallery_editor?
-        params[:content][:essence_type] == 'Alchemy::EssencePicture' && @options[:grouped] == 'true'
-      end
-      def options_for_picture_gallery
-        @gallery_pictures = @element.contents.gallery_pictures
-        @dragable = @gallery_pictures.size > 1
-        @options.merge(dragable: @dragable)
-      end
-      def essence_editor_locals
-        {
-          content: @content,
-          options: @options.symbolize_keys,
-          html_options: @html_options.symbolize_keys
-        }
+        params[:content][:essence_type] == 'Alchemy::EssencePicture' && options_from_params[:grouped] == 'true'
       end
     end
   end

data/app/controllers/alchemy/admin/dashboard_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'net/http'
 require 'alchemy/version'
@@ -26,12 +28,12 @@ module Alchemy
       def update_check
         @alchemy_version = Alchemy.version
         if @alchemy_version < latest_alchemy_version
-          render text: 'true'
+          render plain: 'true'
         else
-          render text: 'false'
+          render plain: 'false'
         end
       rescue UpdateServiceUnavailable => e
-        render text: e, status: 503
+        render plain: e, status: 503
       end
       private

data/app/controllers/alchemy/admin/elements_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class ElementsController < Alchemy::Admin::BaseController
@@ -39,7 +41,7 @@ module Alchemy
             @element = paste_element_from_clipboard
             @cell = @element.cell
           else
-            @element = Element.new_from_scratch(params[:element])
+            @element = Element.new_from_scratch(create_element_params)
             if @page.can_have_cells?
               @cell = find_or_create_cell
               @element.cell = @cell
@@ -173,6 +175,10 @@ module Alchemy
           params.fetch(:element, {})
         end
       end
+      def create_element_params
+        params.require(:element).permit(:name, :page_id, :parent_element_id)
+      end
     end
   end
 end

data/app/controllers/alchemy/admin/essence_files_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class EssenceFilesController < Alchemy::Admin::BaseController
@@ -9,7 +11,6 @@ module Alchemy
       def edit
         @content = @essence_file.content
-        @options = options_from_params
       end
       def update
@@ -24,7 +25,6 @@ module Alchemy
         @content = Content.find_by(id: params[:content_id])
         @attachment = Attachment.find_by(id: params[:attachment_id])
         @content.essence.attachment = @attachment
-        @options = options_from_params
         # We need to update timestamp here because we don't save yet,
         # but the cache needs to be get invalid.

data/app/controllers/alchemy/admin/essence_pictures_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class EssencePicturesController < Alchemy::Admin::BaseController
@@ -6,7 +8,6 @@ module Alchemy
       before_action :load_essence_picture, only: [:edit, :crop, :update]
       before_action :load_content, only: [:edit, :update, :assign]
-      before_action :load_options
       helper 'alchemy/admin/contents'
       helper 'alchemy/admin/essences'
@@ -18,7 +19,7 @@ module Alchemy
       def crop
         if @picture = @essence_picture.picture
           @content = @essence_picture.content
-          @options[:format] ||= (configuration(:image_store_format) || 'png')
+          options_from_params[:format] ||= (configuration(:image_store_format) || 'png')
           @min_size = sizes_from_essence_or_params
           @ratio = ratio_from_size_or_params
@@ -35,7 +36,7 @@ module Alchemy
         @essence_picture.update(essence_picture_params)
       end
-      # Assigns picture, but does not saves it.
+      # Assigns picture, but does not save it.
       #
       # When the user saves the element the content gets updated as well.
       #
@@ -43,8 +44,6 @@ module Alchemy
         @picture = Picture.find_by(id: params[:picture_id])
         @content.essence.picture = @picture
         @element = @content.element
-        @dragable = @options[:grouped]
-        @options = @options.merge(dragable: @dragable)
         # We need to update timestamp here because we don't save yet,
         # but the cache needs to be get invalid.
@@ -63,10 +62,6 @@ module Alchemy
       private
-      def load_options
-        @options = options_from_params
-      end
       def load_essence_picture
         @essence_picture = EssencePicture.find(params[:id])
       end
@@ -82,8 +77,8 @@ module Alchemy
       def sizes_from_essence_or_params
         if @essence_picture.render_size?
           @essence_picture.sizes_from_string(@essence_picture.render_size)
-        elsif @options[:size]
-          @essence_picture.sizes_from_string(@options[:size])
+        elsif options_from_params[:size]
+          @essence_picture.sizes_from_string(options_from_params[:size])
         else
           { width: 0, height: 0 }
         end
@@ -93,8 +88,8 @@ module Alchemy
       # aspect ratio, don't specify a size or only width or height.
       #
       def ratio_from_size_or_params
-        if @min_size.value?(0) && @options[:fixed_ratio].to_s =~ FLOAT_REGEX
-          @options[:fixed_ratio].to_f
+        if @min_size.value?(0) && options_from_params[:fixed_ratio].to_s =~ FLOAT_REGEX
+          options_from_params[:fixed_ratio].to_f
         elsif !@min_size[:width].zero? && !@min_size[:height].zero?
           @min_size[:width].to_f / @min_size[:height].to_f
         else

data/app/controllers/alchemy/admin/languages_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class LanguagesController < ResourcesController

data/app/controllers/alchemy/admin/layoutpages_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class LayoutpagesController < Alchemy::Admin::BaseController

data/app/controllers/alchemy/admin/legacy_page_urls_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   class Admin::LegacyPageUrlsController < Alchemy::Admin::ResourcesController
     before_action :load_page

data/app/controllers/alchemy/admin/pages_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class PagesController < Alchemy::Admin::BaseController
@@ -187,7 +189,7 @@ module Alchemy
         # fetching page via before filter
         @page.publish!
         flash[:notice] = Alchemy.t(:page_published, name: @page.name)
-        redirect_back_or_to_default(admin_pages_path)
+        redirect_back(fallback_location: admin_pages_path)
       end
       def copy_language_tree

data/app/controllers/alchemy/admin/pictures_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class PicturesController < Alchemy::Admin::ResourcesController
@@ -127,7 +129,6 @@ module Alchemy
       def archive_overlay
         @content = Content.select('id').find_by(id: params[:content_id])
         @element = Element.select('id').find_by(id: params[:element_id])
-        @options = options_from_params
         respond_to do |format|
           format.html { render partial: 'archive_overlay' }
@@ -136,16 +137,17 @@ module Alchemy
       end
       def redirect_to_index
-        do_redirect_to admin_pictures_path(search_params)
+        do_redirect_to admin_pictures_path(search_filter_params)
       end
-      def search_params
-        params.except(:id, :picture_ids).permit(
-          :filter,
-          :page,
-          {q: resource_handler.search_field_name},
-          :size,
-          :tagged_with
+      def search_filter_params
+        params.except(*COMMON_SEARCH_FILTER_EXCLUDES + [:picture_ids]).permit(
+          *common_search_filter_includes + [
+            :size,
+            :element_id,
+            :swap,
+            :content_id
+          ]
         )
       end

data/app/controllers/alchemy/admin/resources_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'csv'
 require 'alchemy/resource'
 require 'alchemy/resources_helper'
@@ -5,17 +7,17 @@ require 'alchemy/resources_helper'
 module Alchemy
   module Admin
     class ResourcesController < Alchemy::Admin::BaseController
+      COMMON_SEARCH_FILTER_EXCLUDES = [:id, :utf8, :_method, :_].freeze
       include Alchemy::ResourcesHelper
       helper Alchemy::ResourcesHelper, TagsHelper
-      helper_method :resource_handler
+      helper_method :resource_handler, :search_filter_params
       before_action :load_resource,
         only: [:show, :edit, :update, :destroy]
-      before_action do
-        authorize!(action_name.to_sym, resource_instance_variable || resource_handler.model)
-      end
+      before_action :authorize_resource
       def index
         @query = resource_handler.model.ransack(params[:q])
@@ -112,6 +114,10 @@ module Alchemy
         instance_variable_set("@#{resource_handler.resource_name}", resource_handler.model.find(params[:id]))
       end
+      def authorize_resource
+        authorize!(action_name.to_sym, resource_instance_variable || resource_handler.model)
+      end
       # Permits all parameters as default!
       #
       # THIS IS INSECURE! Although only signed in admin users can send requests anyway, but we should change this.
@@ -129,6 +135,21 @@ module Alchemy
           filter == params[:filter]
         end || :all
       end
+      def search_filter_params
+        params.except(*COMMON_SEARCH_FILTER_EXCLUDES).permit(*common_search_filter_includes)
+      end
+      def common_search_filter_includes
+        [
+          # contrary to Rails' documentation passing an empty hash to permit all keys does not work
+          {options: options_from_params.keys},
+          {q: resource_handler.search_field_name},
+          :tagged_with,
+          :filter,
+          :page
+        ].freeze
+      end
     end
   end
 end

data/app/controllers/alchemy/admin/sites_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class SitesController < ResourcesController

data/app/controllers/alchemy/admin/tags_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class TagsController < ResourcesController

data/app/controllers/alchemy/admin/trash_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     class TrashController < Alchemy::Admin::BaseController

data/app/controllers/alchemy/api/base_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   class Api::BaseController < Alchemy::BaseController
     layout false

data/app/controllers/alchemy/api/contents_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   class Api::ContentsController < Api::BaseController
     # Returns all contents as json object

data/app/controllers/alchemy/api/elements_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   class Api::ElementsController < Api::BaseController
     # Returns all elements as json object

data/app/controllers/alchemy/api/pages_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   class Api::PagesController < Api::BaseController
     before_action :load_page, only: [:show]

data/app/controllers/alchemy/attachments_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   class AttachmentsController < BaseController
     before_action :load_attachment

data/app/controllers/alchemy/base_controller.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # This is the main Alchemy controller all other controllers inherit from.
 #
 module Alchemy
@@ -76,7 +78,7 @@ module Alchemy
       if request.xhr?
         respond_to do |format|
           format.js do
-            render text: flash.discard(:warning), status: 403
+            render plain: flash.discard(:warning), status: 403
           end
           format.html do
             render partial: 'alchemy/admin/partials/flash',