biovision 0.0.200518.1

data/app/assets/stylesheets/biovision/vars.scss

@@ -0,0 +1,53 @@
+@import "biovision/default";
+
+:root {
+  --font-size-xxxl: #{$font-size-xxxl};
+  --font-size-xxl: #{$font-size-xxl};
+  --font-size-xl: #{$font-size-xl};
+  --font-size-large: #{$font-size-large};
+  --font-size-increased: #{$font-size-increased};
+  --font-size-normal: #{$font-size-normal};
+  --font-size-decreased: #{$font-size-decreased};
+  --font-size-small: #{$font-size-small};
+  --font-size-xs: #{$font-size-xs};
+
+  --font-family-main: #{$font-family-main};
+  --font-family-heading: #{$font-family-heading};
+
+  --spacer-s: #{$spacer-s};
+  --spacer-xxxs: .2rem;
+  --spacer-xxs: calc(var(--spacer-s) / 4);
+  --spacer-xs: calc(var(--spacer-s) / 2);
+  --spacer-m: calc(var(--spacer-s) * 2);
+  --spacer-l: calc(var(--spacer-s) * 3);
+  --spacer-xl: calc(var(--spacer-s) * 4);
+  --spacer-xxl: calc(var(--spacer-s) * 6);
+
+  --text-color-primary: #{$text-color-primary};
+  --text-color-secondary: #{$text-color-secondary};
+  --text-color-heading: #{$text-color-heading};
+
+  --text-color-inverted-primary: #{$text-color-inverted-primary};
+  --text-color-inverted-secondary: #{$text-color-inverted-secondary};
+  --text-color-inverted-heading: #{$text-color-inverted-heading};
+
+  --border-color-primary: #{$border-color-primary};
+  --border-color-secondary: #{$border-color-secondary};
+  --border-primary: #{$border-primary};
+  --border-secondary: #{$border-secondary};
+
+  --block-shadow: #{$block-shadow};
+
+  --link-color: #{$link-color};
+  --link-color-visited: #{$link-color-visited};
+  --link-color-active: #{$link-color-active};
+  --link-color-hover: #{$link-color-hover};
+
+  --content-width: #{$content-width};
+  --content-width-min: #{$content-width-min};
+
+  --input-border: #{$input-border};
+  --input-border-focus: #{$input-border-focus};
+  --input-border-invalid: #{$input-border-invalid};
+  --input-border-invalid-focus: #{$input-border-invalid-focus};
+}

data/app/controllers/admin/agents_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# Administrative part of agents
+class Admin::AgentsController < AdminController
+  # get /admin/agents
+  def index
+    @collection = Agent.page_for_administration(current_page)
+  end
+
+  private
+
+  def component_class
+    Biovision::Components::TrackComponent
+  end
+end

data/app/controllers/admin/components_controller.rb

@@ -0,0 +1,174 @@
+# frozen_string_literal: true
+
+# Handling components
+class Admin::ComponentsController < AdminController
+  before_action :set_handler, except: :index
+  skip_before_action :verify_authenticity_token, only: :ckeditor
+
+  # get /admin/components
+  def index
+    @collection = BiovisionComponent.list_for_administration
+  end
+
+  # get /admin/components/:slug
+  def show
+    error = 'Viewing component is not allowed'
+    handle_http_401(error) unless @handler.allow?
+  end
+
+  # get /admin/components/:slug/settings
+  def settings
+    error = 'Viewing settings is not allowed'
+    handle_http_401(error) unless @handler.allow?('settings')
+  end
+
+  # patch /admin/components/:slug/settings
+  def update_settings
+    if @handler.allow?('settings')
+      new_settings = params.dig(:component, :settings).permit!
+      @handler.settings = new_settings.to_h
+      flash[:success] = t('.success')
+      redirect_to(admin_component_settings_path(slug: params[:slug]))
+    else
+      handle_http_401('Changing settings is not allowed')
+    end
+  end
+
+  # patch /admin/components/:slug/parameters
+  def update_parameter
+    if @handler.allow?('settings')
+      slug = param_from_request(:key, :slug).downcase
+      value = param_from_request(:key, :value)
+
+      @handler[slug] = value
+    end
+
+    head :no_content
+  end
+
+  # delete /admin/components/:slug/parameters/:parameter_slug
+  def delete_parameter
+    if @handler.allow?('settings')
+      @handler.component.parameters.delete(params[:parameter_slug])
+      @handler.component.save
+    end
+
+    head :no_content
+  end
+
+  # get /admin/components/:slug/privileges
+  def privileges
+    error = 'Viewing privileges is not allowed'
+    handle_http_401(error) unless @handler.administrator?
+  end
+
+  # patch /admin/components/:slug/privileges
+  def update_privileges
+    if @handler.administrator?
+      user = User.find_by(id: params[:user_id])
+
+      if user.nil?
+        handle_http_404('Cannot find user') if user.nil?
+      else
+        @entity = @handler.user_link!(true)
+      end
+    else
+      handle_http_401('Updating privileges is not allowed')
+    end
+  end
+
+  # put /admin/components/:slug/administrators/:user_id
+  def add_administrator
+    if @handler.administrator?
+      @handler.user = User.find_by(id: params[:user_id])
+      @handler.privilege_handler.administrator!
+    end
+
+    head :no_content
+  end
+
+  # put /admin/components/:slug/administrators/:user_id
+  def remove_administrator
+    if @handler.administrator?
+      @handler.user = User.find_by(id: params[:user_id])
+      @handler.privilege_handler.not_administrator!
+    end
+
+    head :no_content
+  end
+
+  # put /admin/components/:slug/users/:user_id/privileges/:privilege_slug
+  def add_privilege
+    if @handler.administrator?
+      @handler.user = User.find_by(id: params[:user_id])
+      @handler.privilege_handler.add_privilege(params[:privilege_slug])
+    end
+
+    head :no_content
+  end
+
+  # put /admin/components/:slug/users/:user_id/privileges/:privilege_slug
+  def remove_privilege
+    if @handler.administrator?
+      @handler.user = User.find_by(id: params[:user_id])
+      @handler.privilege_handler.remove_privilege(params[:privilege_slug])
+    end
+
+    head :no_content
+  end
+
+  # get /admin/components/:slug/images
+  def images
+    list = SimpleImage.in_component(@handler.component).list_for_administration
+    @collection = @handler.allow? ? list.page(current_page) : []
+  end
+
+  def create_image
+    if @handler.allow?
+      @entity = @handler.component.simple_images.new(image_parameters)
+      if @entity.save
+        render 'image', formats: :json
+      else
+        form_processed_with_error(:new_image)
+      end
+    else
+      handle_http_401('Uploading images is not allowed for current user')
+    end
+  end
+
+  # post /admin/components/:slug/ckeditor
+  def ckeditor
+    parameters = {
+      image: params[:upload],
+      biovision_component: @handler.component
+    }.merge(owner_for_entity(true))
+
+    @entity = SimpleImage.create!(parameters)
+
+    render json: {
+      uploaded: 1,
+      fileName: File.basename(@entity.image.path),
+      url: @entity.image.medium_url
+    }
+  end
+
+  private
+
+  def set_handler
+    slug = params[:slug]
+    @handler = Biovision::Components::BaseComponent.handler(slug, current_user)
+  end
+
+  def restrict_access
+    return if current_user&.super_user?
+
+    links_exist = BiovisionComponentUser.where(user: current_user).exists?
+    handle_http_401('User has no component privileges') unless links_exist
+  end
+
+  def image_parameters
+    permitted = SimpleImage.entity_parameters
+    params.require(:simple_image).permit(permitted)
+    permitted.merge(owner_for_entity(true))
+  end
+end

data/app/controllers/admin/index_controller.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+# Administrative home page
+class Admin::IndexController < AdminController
+  # get /admin
+  def index
+    return if Biovision::Components::BaseComponent.privileged?(current_user)
+
+    handle_http_401
+  end
+end

data/app/controllers/admin/ip_addresses_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# Administrative part of ip_addresses
+class Admin::IpAddressesController < AdminController
+  # get /admin/ip_addresses
+  def index
+    @collection = IpAddress.page_for_administration(current_page)
+  end
+
+  private
+
+  def component_class
+    Biovision::Components::TrackComponent
+  end
+end

data/app/controllers/admin_controller.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# Common administrative controller
+class AdminController < ApplicationController
+  before_action :restrict_access
+
+  protected
+
+  def restrict_access
+    error = t('admin.errors.unauthorized.message')
+
+    handle_http_401(error) unless component_handler.allow?
+  end
+end

data/app/controllers/authentication_controller.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+# Authentication with form and OAuth
+class AuthenticationController < ApplicationController
+  include Authentication
+
+  before_action :redirect_authenticated_user, except: %i[new destroy]
+  before_action :set_foreign_site, only: :auth_callback
+
+  # get /login
+  def new
+  end
+
+  # post /login
+  def create
+    handler = Biovision::Components::UsersComponent[find_user]
+    if handler.authenticate(params[:password], tracking_for_entity)
+      auth_success(handler.user)
+    else
+      auth_failed
+    end
+  end
+
+  # delete /logout
+  def destroy
+    deactivate_token if current_user
+
+    redirect_to root_path
+  end
+
+  # get /auth/:provider/callback
+  def auth_callback
+    data = request.env['omniauth.auth']
+    user = @foreign_site.authenticate(data, tracking_for_entity)
+    create_token_for_user(user) unless user.banned?
+
+    redirect_to my_path
+  end
+
+  private
+
+  def component_class
+    Biovision::Components::UsersComponent
+  end
+
+  def set_foreign_site
+    @foreign_site = ForeignSite[params[:provider]]
+
+    handle_http_503('Cannot set foreign site') if @foreign_site.nil?
+  end
+
+  def find_user
+    login = param_from_request(:login).downcase
+    user  = User.find_by(slug: login)
+
+    # Try to authenticate by email, if login does not match anything
+    if user.nil? && login.index('@').to_i.positive?
+      user = User.with_email(login).first
+    end
+
+    user
+  end
+
+  # @param [User] user
+  def auth_success(user)
+    create_token_for_user(user)
+
+    from = param_from_request(:from)
+    next_page = from =~ %r{\A/[^/]} ? from : my_path
+    render js: "document.location.href = '#{next_page}'"
+  end
+
+  def auth_failed
+    @form_id = param_from_request(:form_id)
+    @error = t('authentication.create.failed')
+
+    render 'failed', formats: :js
+  end
+end

data/app/controllers/concerns/authentication.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+# Adds methods for user authentication
+module Authentication
+  extend ActiveSupport::Concern
+
+  def redirect_authenticated_user
+    redirect_to my_path unless current_user.nil?
+  end
+
+  # @param [User] user
+  def create_token_for_user(user)
+    forced_user = User.find_by(id: user.primary_id)
+    user = forced_user unless forced_user.nil?
+
+    token = user.tokens.create!(tracking_for_entity)
+
+    cookies['token'] = {
+      value: token.cookie_pair,
+      expires: 1.year.from_now,
+      domain: :all,
+      httponly: true
+    }
+  end
+
+  def deactivate_token
+    token = Token.find_by(token: cookies['token'].split(':').last)
+    token&.update(active: false)
+    pop_token
+  end
+
+  def pop_token
+    if cookies['pt']
+      cookies['token'] = {
+        value: cookies['pt'],
+        expires: 1.year.from_now,
+        domain: :all,
+        httponly: true
+      }
+      cookies.delete 'pt', domain: :all
+    else
+      cookies.delete 'token', domain: :all
+    end
+  end
+end

data/app/controllers/index_controller.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# Front page
+class IndexController < ApplicationController
+  # get /
+  def index
+  end
+end

data/app/controllers/my/confirmations_controller.rb

@@ -0,0 +1,2 @@
+class My::ConfirmationsController < ApplicationController
+end

data/app/controllers/my/index_controller.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# Main page for user
+class My::IndexController < ApplicationController
+  # get /my
+  def index
+  end
+end

data/app/controllers/my/profiles_controller.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+# Managing profile for current user
+class My::ProfilesController < ApplicationController
+  include Authentication
+
+  before_action :redirect_authorized_user, only: %i[new create]
+  before_action :restrict_anonymous_access, except: %i[check new create]
+
+  # post /my/profile/check
+  def check
+    @entity = User.new(creation_parameters)
+  end
+
+  # get /my/profile/new
+  def new
+    @entity = User.new
+
+    render :closed unless component_handler.settings['registration_open']
+  end
+
+  # post /my/profile
+  def create
+    if params[:agree]
+      redirect_to root_path, alert: t('.are_you_bot')
+    else
+      create_user
+    end
+  end
+
+  # get /my/profile
+  def show
+  end
+
+  # get /my/profile/edit
+  def edit
+  end
+
+  # patch /my/profile
+  def update
+    @entity = current_user
+    if @entity.update(user_parameters)
+      flash[:notice] = t('.success')
+      form_processed_ok(my_path)
+    else
+      form_processed_with_error(:edit)
+    end
+  end
+
+  protected
+
+  def component_class
+    Biovision::Components::UsersComponent
+  end
+
+  def redirect_authorized_user
+    redirect_to my_path if current_user.is_a?(User)
+  end
+
+  def create_user
+    code = Code.active.find_by(body: param_from_request(:code))
+    @entity = component_handler.register_user(creation_parameters, code)
+
+    if @entity.persisted?
+      create_token_for_user(@entity)
+      cookies.delete('r', domain: :all)
+
+      redirect_after_creation
+    else
+      form_processed_with_error(:new)
+    end
+  end
+
+  def creation_parameters
+    parameters = params.require(:user).permit(User.new_profile_parameters)
+    parameters.merge!(tracking_for_entity)
+    if cookies['r']
+      parameters[:inviter] = User.find_by(referral_link: cookies['r'])
+    end
+
+    parameters
+  end
+
+  def user_parameters
+    sensitive = sensitive_parameters
+    editable = User.profile_parameters + sensitive
+    parameters = params.require(:user).permit(editable)
+    new_data = @entity.data.merge(profile: profile_parameters)
+
+    filter_parameters(parameters.merge(data: new_data), sensitive)
+  end
+
+  def sensitive_parameters
+    if current_user.authenticate params[:password].to_s
+      User.sensitive_parameters
+    else
+      []
+    end
+  end
+
+  def profile_parameters
+    permitted = UserProfileHandler.allowed_parameters
+    dirty = params.require(:user_profile).permit(permitted)
+    UserProfileHandler.clean_parameters(dirty)
+  end
+
+  # @param [Hash] parameters
+  # @param [Array] sensitive
+  def filter_parameters(parameters, sensitive)
+    sensitive.each { |sp| parameters.except! sp if sp.blank? }
+    if parameters.key?(:email) && parameters[:email] != current_user.email
+      parameters[:email_confirmed] = false
+    end
+    if parameters.key?(:phone) && parameters[:phone] != current_user.phone
+      parameters[:phone_confirmed] = false
+    end
+
+    parameters
+  end
+
+  def redirect_after_creation
+    return_path = cookies['return_path'].to_s
+    return_path = my_profile_path unless return_path[0] == '/'
+    cookies.delete 'return_path', domain: :all
+
+    form_processed_ok(return_path)
+  end
+end