alchemy_cms 5.2.0 → 6.0.0.b3

data/app/views/alchemy/ingredients/_richtext_editor.html.erb

@@ -0,0 +1,12 @@
+<%= content_tag :div,
+  class: richtext_editor.css_classes,
+  data: richtext_editor.data_attributes do %>
+  <%= element_form.fields_for(:ingredients, richtext_editor.ingredient) do |f| %>
+    <%= ingredient_label(richtext_editor) %>
+    <div class="tinymce_container">
+      <%= f.text_area :value,
+        class: richtext_editor.tinymce_class_name,
+        id: "tinymce_#{richtext_editor.id}" %>
+    </div>
+  <% end %>
+<% end %>

data/app/views/alchemy/ingredients/_richtext_view.html.erb

@@ -0,0 +1,3 @@
+<%- options = local_assigns.fetch(:options, {}) -%>
+<%- plain_text = !!richtext_view.settings_value(:plain_text, options) -%>
+<%= raw richtext_view.public_send(plain_text ? :stripped_body : :value) -%>

data/app/views/alchemy/ingredients/_select_editor.html.erb

@@ -0,0 +1,30 @@
+<% select_values = select_editor.settings[:select_values] %>
+
+<%= content_tag :div,
+  class: [
+    select_editor.css_classes,
+    select_editor.settings[:display_inline] ? 'display_inline' : ''
+  ], data: select_editor.data_attributes do %>
+  <%= element_form.fields_for(:ingredients, select_editor.ingredient) do |f| %>
+    <%= ingredient_label(select_editor) %>
+
+    <% if select_values.nil? %>
+      <%= warning(':select_values is nil',
+      "<strong>No select values given.</strong>
+      <br>Please provide <code>select_values</code> on the
+      content definition <code>settings</code> in
+      <code>elements.yml</code>.") %>
+    <% else %>
+      <%
+      if select_values.is_a?(Hash)
+        options_tags = grouped_options_for_select(select_values, select_editor.value)
+      else
+        options_tags = options_for_select(select_values, select_editor.value)
+      end %>
+      <%= f.select :value, options_tags, {}, {
+        id: nil,
+        class: ["alchemy_selectbox", "ingredient-editor-select"]
+      } %>
+    <% end %>
+  <% end %>
+<% end %>

data/app/views/alchemy/ingredients/_select_view.html.erb

@@ -0,0 +1 @@
+<%= select_view.value %>

data/app/views/alchemy/ingredients/_text_editor.html.erb

@@ -0,0 +1,20 @@
+<%= content_tag :div,
+  class: [
+    text_editor.css_classes,
+    text_editor.settings[:display_inline] ? "display_inline" : ""
+  ], data: text_editor.data_attributes do %>
+  <%= element_form.fields_for(:ingredients, text_editor.ingredient) do |f| %>
+    <%= ingredient_label(text_editor) %>
+    <%= f.text_field :value,
+      class: text_editor.settings[:linkable] ? "text_with_icon" : "",
+      id: nil,
+      type: text_editor.settings[:input_type] || "text" %>
+    <% if text_editor.settings[:linkable] %>
+      <%= f.hidden_field :link, "data-link-value": true, id: nil %>
+      <%= f.hidden_field :link_title, "data-link-title": true, id: nil %>
+      <%= f.hidden_field :link_class_name, "data-link-class": true, id: nil %>
+      <%= f.hidden_field :link_target, "data-link-target": true, id: nil %>
+      <%= render "alchemy/ingredients/shared/link_tools", ingredient_editor: text_editor %>
+    <% end %>
+  <% end %>
+<% end %>

data/app/views/alchemy/ingredients/_text_view.html.erb

@@ -0,0 +1,16 @@
+<%- options = local_assigns.fetch(:options, {}) -%>
+<%- html_options = local_assigns.fetch(:html_options, {}) -%>
+<%- if text_view.link.blank? ||
+    text_view.settings_value(:disable_link, options) -%>
+<%= text_view.value -%>
+<%- else -%>
+  <%= link_to(
+    text_view.value,
+    url_for(text_view.link),
+    {
+      title: text_view.link_title,
+      target: (text_view.link_target == "blank" ? "_blank" : nil),
+      'data-link-target' => text_view.link_target
+    }.merge(html_options)
+) -%>
+<%- end -%>

data/app/views/alchemy/ingredients/_video_editor.html.erb

@@ -0,0 +1,5 @@
+<%= render(
+  "alchemy/ingredients/file_editor",
+  element_form: element_form,
+  file_editor: video_editor,
+) %>

data/app/views/alchemy/ingredients/_video_view.html.erb

@@ -0,0 +1,17 @@
+<%- if video_view.attachment -%>
+  <%= content_tag :video,
+    controls: video_view.controls,
+    autoplay: video_view.autoplay,
+    loop: video_view.loop,
+    muted: video_view.muted,
+    preload: video_view.preload.presence,
+    width: video_view.width.presence,
+    height: video_view.height.presence do %>
+    <%= tag :source,
+      src: alchemy.show_attachment_path(
+        video_view.attachment,
+        format: video_view.attachment.suffix
+      ),
+      type: video_view.attachment.file_mime_type %>
+  <% end %>
+<%- end -%>

data/app/views/alchemy/ingredients/shared/_link_tools.html.erb

@@ -0,0 +1,20 @@
+<span class="linkable_essence_tools">
+  <%= link_to(
+    render_icon(:link),
+    '#',
+    onclick: 'new Alchemy.LinkDialog(this).open(); return false;',
+    class: "icon_button#{ingredient_editor.linked? ? ' linked' : ''} link-essence",
+    "data-parent-selector": "[data-ingredient-id='#{ingredient_editor.id}']",
+    title: Alchemy.t(:place_link),
+    id: "edit_link_#{ingredient_editor.id}"
+  ) %>
+  <%= link_to(
+    render_icon(:unlink),
+    '#',
+    onclick: "return Alchemy.LinkDialog.removeLink(this, '[data-ingredient-id=\"#{ingredient_editor.id}\"]')",
+    class: "icon_button unlink-essence #{ingredient_editor.linked? ? 'linked' : 'disabled'}",
+    tabindex: ingredient_editor.linked? ? nil : '-1',
+    'data-ingredient-id' => ingredient_editor.id,
+    title: Alchemy.t(:unlink)
+  ) %>
+</span>

data/app/views/alchemy/ingredients/shared/_picture_tools.html.erb

@@ -0,0 +1,57 @@
+<% linkable = picture_editor.settings[:linkable] != false %>
+<% croppable = picture_editor.allow_image_cropping? %>
+
+<%= link_to_dialog render_icon(:crop),
+  alchemy.crop_admin_ingredient_path(picture_editor.ingredient, {
+    crop_from_form_field_id: picture_editor.form_field_id(:crop_from),
+    crop_size_form_field_id: picture_editor.form_field_id(:crop_size),
+    picture_id: picture_editor.picture&.id
+  }), {
+    size: "1080x615",
+    title: Alchemy.t("Edit Picturemask"),
+    image_loader: false,
+    padding: false
+  }, {
+    title: Alchemy.t("Edit Picturemask"),
+    class: croppable ? "crop_link" : "disabled crop_link",
+    tabindex: croppable ? nil : "-1",
+    onclick: "return false"
+  } %>
+
+<%= link_to_dialog render_icon("file-image", style: "regular"),
+  alchemy.admin_pictures_path(
+    form_field_id: picture_editor.form_field_id(:picture_id)
+  ),
+  {
+    title: (picture_editor.picture ? Alchemy.t(:swap_image) : Alchemy.t(:insert_image)),
+    size: "790x590",
+    padding: false
+  },
+  title: (picture_editor.picture ? Alchemy.t(:swap_image) : Alchemy.t(:insert_image)) %>
+
+<%= link_to_if linkable, render_icon(:link), "", {
+  onclick: "new Alchemy.LinkDialog(this).open(); return false;",
+  class: picture_editor.linked? ? "linked" : nil,
+  title: Alchemy.t(:link_image),
+  "data-parent-selector": "[data-ingredient-id='#{picture_editor.id}']",
+  id: "edit_link_#{picture_editor.id}"
+} do %>
+  <span class="disabled" tabindex="-1"><%= render_icon(:link) %></span>
+<% end %>
+
+<%= link_to_if linkable, render_icon(:unlink), "", {
+  onclick: "return Alchemy.LinkDialog.removeLink(this, '[data-ingredient-id=\"#{picture_editor.id}\"]')",
+  class: picture_editor.linked? ? "linked" : "disabled",
+  tabindex: picture_editor.linked? ? nil : "-1",
+  title: Alchemy.t(:unlink)
+} do %>
+  <span class="disabled" tabindex="-1"><%= render_icon(:unlink) %></span>
+<% end %>
+
+<%= link_to_dialog render_icon(:edit),
+  alchemy.edit_admin_ingredient_path(id: picture_editor.id),
+  {
+    title: Alchemy.t(:edit_image_properties),
+    size: "380x255"
+  },
+  title: Alchemy.t(:edit_image_properties) %>

data/config/brakeman.ignore

@@ -3,19 +3,19 @@
     {
       "warning_type": "Cross-Site Scripting",
       "warning_code": 2,
-      "fingerprint": "0551e3f9180b85fca4b17fe3c7cbbac1611d2ef8d385f77e9445c562c471d688",
+      "fingerprint": "068b12d24047e2ece633115ba065ce46fc8c8a26827be7de2565ab721e1c2e82",
       "check_name": "CrossSiteScripting",
       "message": "Unescaped parameter value",
       "file": "app/views/alchemy/admin/elements/update.js.erb",
-      "line": 18,
+      "line": 21,
       "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
-      "code": "j(Element.find(params[:id]).essence_error_messages.join(\"</li><li>\"))",
+      "code": "Element.find(params[:id]).ingredients_with_errors.map do\n \"[data-ingredient-id=\\\"#{ingredient.id}\\\"]\"\n end.join(\", \")",
       "render_path": [
         {
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "update",
-          "line": 55,
+          "line": 61,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/update",
@@ -38,7 +38,7 @@
       "check_name": "SendFile",
       "message": "Parameter value used in file name",
       "file": "app/controllers/alchemy/admin/attachments_controller.rb",
-      "line": 65,
+      "line": 69,
       "link": "https://brakemanscanner.org/docs/warning_types/file_access/",
       "code": "send_file(Attachment.find(params[:id]).file.path, :filename => Attachment.find(params[:id]).file_name, :type => Attachment.find(params[:id]).file_mime_type)",
       "render_path": null,
@@ -71,130 +71,6 @@
       "confidence": "Medium",
       "note": "Because we actually can't know all attributes each inheriting controller supports, we permit all resource model params. It is adviced that all inheriting controllers implement this method and provide its own set of permitted attributes. As this all happens inside the password protected /admin namespace this can be considered a false positive."
     },
-    {
-      "warning_type": "Cross-Site Scripting",
-      "warning_code": 2,
-      "fingerprint": "293a6f5581ba3f0e7aa4f81b38d68baf21f1219c8f3bae3eca6b3e1776b734df",
-      "check_name": "CrossSiteScripting",
-      "message": "Unescaped parameter value",
-      "file": "app/views/alchemy/admin/elements/order.js.erb",
-      "line": 17,
-      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
-      "code": "Element.trashed.where(:id => params[:element_ids]).pluck(:id).collect do\n \"#element_area [data-element-id=\\\"#{id}\\\"]\"\n end.join(\", \")",
-      "render_path": [
-        {
-          "type": "controller",
-          "class": "Alchemy::Admin::ElementsController",
-          "method": "order",
-          "line": 78,
-          "file": "app/controllers/alchemy/admin/elements_controller.rb",
-          "rendered": {
-            "name": "alchemy/admin/elements/order",
-            "file": "app/views/alchemy/admin/elements/order.js.erb"
-          }
-        }
-      ],
-      "location": {
-        "type": "template",
-        "template": "alchemy/admin/elements/order"
-      },
-      "user_input": "params[:element_ids]",
-      "confidence": "Weak",
-      "note": ""
-    },
-    {
-      "warning_type": "Dynamic Render Path",
-      "warning_code": 15,
-      "fingerprint": "2eb67abb2b025c3446afa2f9b8d48c6b6a05379234a9228c9af4c25b7e672b00",
-      "check_name": "Render",
-      "message": "Render path contains parameter value",
-      "file": "app/views/alchemy/admin/elements/index.html.erb",
-      "line": 18,
-      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
-      "code": "render(action => Page.find(params[:page_id]).all_elements.not_nested.unfixed.not_trashed.includes(*element_includes).map do\n Alchemy::ElementEditor.new(element)\n end, {})",
-      "render_path": [
-        {
-          "type": "controller",
-          "class": "Alchemy::Admin::ElementsController",
-          "method": "index",
-          "line": 13,
-          "file": "app/controllers/alchemy/admin/elements_controller.rb",
-          "rendered": {
-            "name": "alchemy/admin/elements/index",
-            "file": "app/views/alchemy/admin/elements/index.html.erb"
-          }
-        }
-      ],
-      "location": {
-        "type": "template",
-        "template": "alchemy/admin/elements/index"
-      },
-      "user_input": "params[:page_id]",
-      "confidence": "Weak",
-      "note": ""
-    },
-    {
-      "warning_type": "Dynamic Render Path",
-      "warning_code": 15,
-      "fingerprint": "2eb67abb2b025c3446afa2f9b8d48c6b6a05379234a9228c9af4c25b7e672b00",
-      "check_name": "Render",
-      "message": "Render path contains parameter value",
-      "file": "app/views/alchemy/admin/elements/index.html.erb",
-      "line": 31,
-      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
-      "code": "render(action => Page.find(params[:page_id]).all_elements.not_nested.unfixed.not_trashed.includes(*element_includes).map do\n Alchemy::ElementEditor.new(element)\n end, {})",
-      "render_path": [
-        {
-          "type": "controller",
-          "class": "Alchemy::Admin::ElementsController",
-          "method": "index",
-          "line": 13,
-          "file": "app/controllers/alchemy/admin/elements_controller.rb",
-          "rendered": {
-            "name": "alchemy/admin/elements/index",
-            "file": "app/views/alchemy/admin/elements/index.html.erb"
-          }
-        }
-      ],
-      "location": {
-        "type": "template",
-        "template": "alchemy/admin/elements/index"
-      },
-      "user_input": "params[:page_id]",
-      "confidence": "Weak",
-      "note": ""
-    },
-    {
-      "warning_type": "Dynamic Render Path",
-      "warning_code": 15,
-      "fingerprint": "2fa9bf5c73b4e6e3c272f0b14635f96efbd763e9a2c5b785caefffe3589ac461",
-      "check_name": "Render",
-      "message": "Render path contains parameter value",
-      "file": "app/views/alchemy/admin/essence_pictures/assign.js.erb",
-      "line": 2,
-      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
-      "code": "render(action => Alchemy::ContentEditor.new(Content.find(params[:content_id])), {})",
-      "render_path": [
-        {
-          "type": "controller",
-          "class": "Alchemy::Admin::EssencePicturesController",
-          "method": "assign",
-          "line": 49,
-          "file": "app/controllers/alchemy/admin/essence_pictures_controller.rb",
-          "rendered": {
-            "name": "alchemy/admin/essence_pictures/assign",
-            "file": "app/views/alchemy/admin/essence_pictures/assign.js.erb"
-          }
-        }
-      ],
-      "location": {
-        "type": "template",
-        "template": "alchemy/admin/essence_pictures/assign"
-      },
-      "user_input": "params[:content_id]",
-      "confidence": "Weak",
-      "note": ""
-    },
     {
       "warning_type": "Dynamic Render Path",
       "warning_code": 15,
@@ -210,7 +86,7 @@
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "fold",
-          "line": 95,
+          "line": 97,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/fold",
@@ -233,7 +109,7 @@
       "check_name": "MassAssignment",
       "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
       "file": "app/controllers/alchemy/admin/elements_controller.rb",
-      "line": 146,
+      "line": 150,
       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
       "code": "params.fetch(:contents, {}).permit!",
       "render_path": null,
@@ -297,57 +173,88 @@
       "note": ""
     },
     {
-      "warning_type": "File Access",
-      "warning_code": 16,
-      "fingerprint": "a1197cfa89e3a66e6d10ee060cd87af97d5e978d6d93b5936eb987288f1c02e6",
-      "check_name": "SendFile",
-      "message": "Parameter value used in file name",
-      "file": "app/controllers/alchemy/attachments_controller.rb",
-      "line": 12,
-      "link": "https://brakemanscanner.org/docs/warning_types/file_access/",
-      "code": "send_file(Attachment.find(params[:id]).file.path, :filename => Attachment.find(params[:id]).file_name, :type => Attachment.find(params[:id]).file_mime_type, :disposition => \"inline\")",
-      "render_path": null,
+      "warning_type": "Dynamic Render Path",
+      "warning_code": 15,
+      "fingerprint": "80b9b11d658cd393c549d568b3655c62566862f55b2fa16ed688de7c2e9343ac",
+      "check_name": "Render",
+      "message": "Render path contains parameter value",
+      "file": "app/views/alchemy/admin/elements/index.html.erb",
+      "line": 18,
+      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
+      "code": "render(action => PageVersion.find(params[:page_version_id]).elements.order(:position).includes(*element_includes).not_nested.unfixed.map do\n Alchemy::ElementEditor.new(element)\n end, {})",
+      "render_path": [
+        {
+          "type": "controller",
+          "class": "Alchemy::Admin::ElementsController",
+          "method": "index",
+          "line": 15,
+          "file": "app/controllers/alchemy/admin/elements_controller.rb",
+          "rendered": {
+            "name": "alchemy/admin/elements/index",
+            "file": "app/views/alchemy/admin/elements/index.html.erb"
+          }
+        }
+      ],
       "location": {
-        "type": "method",
-        "class": "Alchemy::AttachmentsController",
-        "method": "show"
+        "type": "template",
+        "template": "alchemy/admin/elements/index"
       },
-      "user_input": "params[:id]",
+      "user_input": "params[:page_version_id]",
       "confidence": "Weak",
       "note": ""
     },
     {
       "warning_type": "Dynamic Render Path",
       "warning_code": 15,
-      "fingerprint": "b9f63fd46d0ebd6684b649ab260f27df8a6422d44fed4769273d8e6a6a30397c",
+      "fingerprint": "80b9b11d658cd393c549d568b3655c62566862f55b2fa16ed688de7c2e9343ac",
       "check_name": "Render",
       "message": "Render path contains parameter value",
-      "file": "app/views/alchemy/admin/essence_files/assign.js.erb",
-      "line": 1,
+      "file": "app/views/alchemy/admin/elements/index.html.erb",
+      "line": 31,
       "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
-      "code": "render(action => Alchemy::ContentEditor.new(Content.find_by(:id => params[:content_id])), {})",
+      "code": "render(action => PageVersion.find(params[:page_version_id]).elements.order(:position).includes(*element_includes).not_nested.unfixed.map do\n Alchemy::ElementEditor.new(element)\n end, {})",
       "render_path": [
         {
           "type": "controller",
-          "class": "Alchemy::Admin::EssenceFilesController",
-          "method": "assign",
-          "line": 32,
-          "file": "app/controllers/alchemy/admin/essence_files_controller.rb",
+          "class": "Alchemy::Admin::ElementsController",
+          "method": "index",
+          "line": 15,
+          "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
-            "name": "alchemy/admin/essence_files/assign",
-            "file": "app/views/alchemy/admin/essence_files/assign.js.erb"
+            "name": "alchemy/admin/elements/index",
+            "file": "app/views/alchemy/admin/elements/index.html.erb"
           }
         }
       ],
       "location": {
         "type": "template",
-        "template": "alchemy/admin/essence_files/assign"
+        "template": "alchemy/admin/elements/index"
       },
-      "user_input": "params[:content_id]",
+      "user_input": "params[:page_version_id]",
+      "confidence": "Weak",
+      "note": ""
+    },
+    {
+      "warning_type": "File Access",
+      "warning_code": 16,
+      "fingerprint": "a1197cfa89e3a66e6d10ee060cd87af97d5e978d6d93b5936eb987288f1c02e6",
+      "check_name": "SendFile",
+      "message": "Parameter value used in file name",
+      "file": "app/controllers/alchemy/attachments_controller.rb",
+      "line": 12,
+      "link": "https://brakemanscanner.org/docs/warning_types/file_access/",
+      "code": "send_file(Attachment.find(params[:id]).file.path, :filename => Attachment.find(params[:id]).file_name, :type => Attachment.find(params[:id]).file_mime_type, :disposition => \"inline\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Alchemy::AttachmentsController",
+        "method": "show"
+      },
+      "user_input": "params[:id]",
       "confidence": "Weak",
       "note": ""
     }
   ],
-  "updated": "2021-01-04 16:29:42 +0100",
-  "brakeman_version": "4.10.1"
+  "updated": "2021-06-29 20:56:10 +0200",
+  "brakeman_version": "5.0.1"
 }