biovision 0.0.200518.1 → 0.1.210414.0

data/app/controllers/authentication_controller.rb

@@ -5,7 +5,6 @@ class AuthenticationController < ApplicationController
   include Authentication
 
   before_action :redirect_authenticated_user, except: %i[new destroy]
-  before_action :set_foreign_site, only: :auth_callback
 
   # get /login
   def new
@@ -13,7 +12,9 @@ class AuthenticationController < ApplicationController
 
   # post /login
   def create
-    handler = Biovision::Components::UsersComponent[find_user]
+    user = User[param_from_request(:login).downcase]
+
+    handler = Biovision::Components::UsersComponent[user]
     if handler.authenticate(params[:password], tracking_for_entity)
       auth_success(handler.user)
     else
@@ -28,52 +29,23 @@ class AuthenticationController < ApplicationController
     redirect_to root_path
   end
 
-  # get /auth/:provider/callback
-  def auth_callback
-    data = request.env['omniauth.auth']
-    user = @foreign_site.authenticate(data, tracking_for_entity)
-    create_token_for_user(user) unless user.banned?
-
-    redirect_to my_path
-  end
-
   private
 
   def component_class
     Biovision::Components::UsersComponent
   end
 
-  def set_foreign_site
-    @foreign_site = ForeignSite[params[:provider]]
-
-    handle_http_503('Cannot set foreign site') if @foreign_site.nil?
-  end
-
-  def find_user
-    login = param_from_request(:login).downcase
-    user  = User.find_by(slug: login)
-
-    # Try to authenticate by email, if login does not match anything
-    if user.nil? && login.index('@').to_i.positive?
-      user = User.with_email(login).first
-    end
-
-    user
-  end
-
   # @param [User] user
   def auth_success(user)
     create_token_for_user(user)
 
     from = param_from_request(:from)
     next_page = from =~ %r{\A/[^/]} ? from : my_path
-    render js: "document.location.href = '#{next_page}'"
+    render json: { links: { next: next_page } }
   end
 
   def auth_failed
-    @form_id = param_from_request(:form_id)
-    @error = t('authentication.create.failed')
-
-    render 'failed', formats: :js
+    response = { errors: [{ title: t('authentication.create.failed') }] }
+    render json: response, status: :unauthorized
   end
 end

data/app/controllers/concerns/authentication.rb

@@ -15,12 +15,7 @@ module Authentication
 
     token = user.tokens.create!(tracking_for_entity)
 
-    cookies['token'] = {
-      value: token.cookie_pair,
-      expires: 1.year.from_now,
-      domain: :all,
-      httponly: true
-    }
+    cookies['token'] = cookie_data(token.cookie_pair)
   end
 
   def deactivate_token
@@ -31,15 +26,20 @@ module Authentication
 
   def pop_token
     if cookies['pt']
-      cookies['token'] = {
-        value: cookies['pt'],
-        expires: 1.year.from_now,
-        domain: :all,
-        httponly: true
-      }
+      cookies['token'] = cookie_data(cookies['pt'])
       cookies.delete 'pt', domain: :all
     else
       cookies.delete 'token', domain: :all
     end
   end
+
+  # @param [String] value
+  def cookie_data(value)
+    {
+      value: value,
+      expires: 1.year.from_now,
+      domain: :all,
+      httponly: true
+    }
+  end
 end

data/app/controllers/concerns/crud_entities.rb

@@ -0,0 +1,132 @@
+# frozen_string_literal: true
+
+# Adds method for CRUD
+module CrudEntities
+  extend ActiveSupport::Concern
+
+  # get [scope]/[table_name]
+  def index
+    @collection = if paginate_entities?
+                    model_class.page_for_administration(current_page)
+                  else
+                    model_class.list_for_administration
+                  end
+  end
+
+  # get [scope]/[table_name]/:id
+  def show
+  end
+
+  # post [scope]/[table_name]/check
+  def check
+    @entity = model_class.instance_for_check(params[:entity_id], entity_parameters)
+
+    render 'shared/forms/check'
+  end
+
+  # get [scope]/[table_name]/new
+  def new
+    @entity = model_class.new
+    render view_for_new
+  end
+
+  # post [scope]/[table_name]
+  def create
+    @entity = model_class.new(creation_parameters)
+    apply_meta if @entity.respond_to?(:meta=)
+    if @entity.save
+      form_processed_ok(path_after_save)
+    else
+      form_processed_with_error(view_for_new)
+    end
+  end
+
+  # get [scope]/[table_name]/:id/edit
+  def edit
+    render view_for_edit
+  end
+
+  # patch [scope]/[table_name]/:id
+  def update
+    apply_meta if @entity.respond_to?(:meta=)
+
+    if @entity.update(entity_parameters)
+      form_processed_ok(path_after_save)
+    else
+      form_processed_with_error(view_for_edit)
+    end
+  end
+
+  # delete [scope]/[table_name]/:id
+  def destroy
+    flash[:notice] = t('.success') if @entity.destroy
+    redirect_to path_after_destroy
+  end
+
+  private
+
+  def view_for_new
+    default_view = "#{controller_path}/new"
+    lookup_context.exists?(default_view) ? default_view : 'shared/entity/new'
+  end
+
+  def view_for_edit
+    default_view = "#{controller_path}/edit"
+    lookup_context.exists?(default_view) ? default_view : 'shared/entity/edit'
+  end
+
+  def model_class
+    @model_class ||= controller_name.classify.constantize
+  end
+
+  def model_key
+    model_class.model_name.to_s.underscore
+  end
+
+  def path_after_save
+    scope = self.class.module_parent.to_s.downcase
+    prefix = scope.blank? ? '' : "/#{scope}"
+    "#{prefix}/#{model_class.table_name}/#{@entity.id}"
+  end
+
+  def path_after_destroy
+    scope = self.class.module_parent.to_s.downcase
+    prefix = scope.blank? ? '' : "/#{scope}"
+    "#{prefix}/#{model_class.table_name}"
+  end
+
+  def paginate_entities?
+    model_class.respond_to?(:page_for_administration)
+  end
+
+  def set_entity
+    @entity = model_class.find_by(id: params[:id])
+    handle_http_404("Cannot find #{model_class.model_name}") if @entity.nil?
+  end
+
+  def creation_parameters
+    if model_class.respond_to?(:creation_parameters)
+      explicit_creation_parameters
+    else
+      entity_parameters
+    end
+  end
+
+  def explicit_creation_parameters
+    permitted = model_class.creation_parameters(current_user)
+    parameters = params.require(model_key).permit(permitted)
+    parameters.merge!(tracking_for_entity) if model_class.include?(HasTrack)
+    parameters.merge!(owner_for_entity) if model_class.include?(HasOwner)
+    parameters
+  end
+
+  def entity_parameters
+    permitted = model_class.entity_parameters(current_user)
+    params.require(model_key).permit(permitted)
+  end
+
+  def apply_meta
+    new_data = params[:meta].permit!
+    @entity.meta = new_data
+  end
+end

data/app/controllers/concerns/entity_priority.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# Adds method for changing entity priority
+module EntityPriority
+  extend ActiveSupport::Concern
+
+  def priority
+    render json: { data: @entity.change_priority(params[:delta].to_s.to_i) }
+  end
+end

data/app/controllers/concerns/toggleable_entity.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+# Adds method for toggling entity flags
+module ToggleableEntity
+  extend ActiveSupport::Concern
+
+  # Toggle entity flag when allowed
+  def toggle
+    if entity_is_locked?
+      render json: { errors: { locked: true } }, status: :forbidden
+    elsif entity_is_editable?
+      render json: { data: @entity.toggle_parameter(params[:parameter].to_s) }
+    else
+      head :unauthorized
+    end
+  end
+
+  private
+
+  def entity_is_editable?
+    if @entity.respond_to?(:editable_by?)
+      @entity.editable_by?(current_user)
+    else
+      true
+    end
+  end
+
+  def entity_is_locked?
+    @entity.respond_to?(:locked?) ? @entity.locked? : false
+  end
+end

data/app/controllers/contact_controller.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# Contact and feedback
+class ContactController < ApplicationController
+  # get /contact
+  def index
+    @dynamic_page = DynamicPage['contact']
+  end
+
+  # get /contact/feedback
+  def feedback
+    @dynamic_page = DynamicPage['feedback']
+  end
+
+  # post /contact/feedback_messages
+  def create_feedback_message
+    @entity = FeedbackMessage.new(creation_parameters)
+    if params[:agree]
+      show_result
+    else
+      save_entity
+    end
+  end
+
+  private
+
+  def save_entity
+    if @entity.save
+      show_result
+      # FeedbackMailer.new_feedback_request(@entity.id).deliver_later
+    else
+      redirect_to root_path
+    end
+  end
+
+  def show_result
+    respond_to do |format|
+      format.html { redirect_to root_path }
+      format.json { head :no_content }
+      format.js
+    end
+  end
+
+  def creation_parameters
+    permitted = FeedbackMessage.entity_parameters
+    parameters = params.require(:feedback_message).permit(permitted)
+    parameters.merge(owner_for_entity(true))
+  end
+end

data/app/controllers/fallback_controller.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+# Fallback controller for URL outside router
+class FallbackController < ApplicationController
+  # get (:slug)
+  def show
+    url = params[:slug]
+
+    @dynamic_page = DynamicPage.find_by(url: "/#{url}")
+    handle_http_404 if @dynamic_page.nil?
+  end
+end

data/app/controllers/index_controller.rb

@@ -4,5 +4,6 @@
 class IndexController < ApplicationController
   # get /
   def index
+    @dynamic_page = DynamicPage['frontpage']
   end
 end

data/app/controllers/legal_controller.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# Legal information
+class LegalController < ApplicationController
+  # get /tos
+  def tos
+    @dynamic_page = DynamicPage['tos']
+  end
+
+  # get /privacy
+  def privacy
+    @dynamic_page = DynamicPage['privacy']
+  end
+end

data/app/controllers/my/components_controller.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+# User-side component handling
+class My::ComponentsController < ProfileController
+end

data/app/controllers/my/confirmations_controller.rb

@@ -1,2 +1,46 @@
+# frozen_string_literal: true
+
+# Sending and checking email confirmation codes
 class My::ConfirmationsController < ApplicationController
+  include Authentication
+
+  before_action :redirect_confirmed_user, only: %i[create update]
+
+  # get /my/confirmation
+  def show
+  end
+
+  # post /my/confirmation
+  def create
+    if current_user.email.blank?
+      redirect_to edit_my_profile_path, notice: t('.set_email')
+    else
+      component_handler.send_email_confirmation(current_user)
+
+      redirect_to my_confirmation_path, notice: t('.success')
+    end
+  end
+
+  # patch /my/confirmation
+  def update
+    code = Code.find_by(body: param_from_request(:code))
+    if component_handler.valid_email_confirmation?(code)
+      component_handler.activate_email_confirmation(code)
+      create_token_for_user(code.user)
+      redirect_to my_path
+    else
+      flash[:error] = t('.invalid_code')
+      redirect_to my_confirmation_path
+    end
+  end
+
+  protected
+
+  def component_class
+    Biovision::Components::UsersComponent
+  end
+
+  def redirect_confirmed_user
+    redirect_to(my_path) if current_user&.email_confirmed?
+  end
 end

data/app/controllers/my/index_controller.rb

@@ -2,7 +2,15 @@
 
 # Main page for user
 class My::IndexController < ApplicationController
+  before_action :restrict_anonymous_access
+
   # get /my
   def index
   end
+
+  private
+
+  def component_class
+    Biovision::Components::UsersComponent
+  end
 end