boxroom 0.0.1

data/app/concepts/boxroom/search/contract/files_and_folders.rb

@@ -0,0 +1,9 @@
+module Boxroom::Search::Contract
+  class FilesAndFolders < Reform::Form
+    property :term, virtual: true
+    property :folder_id, virtual: true
+
+    validates :folder_id, presence: true
+    validates :term, length: {minimum: 3}
+  end
+end

data/app/concepts/boxroom/search/operations/files_and_folders.rb

@@ -0,0 +1,21 @@
+module Boxroom::Search
+  class FilesAndFolders < ::Trailblazer::Operation
+    step Trailblazer::Operation::Contract::Build(constant: Boxroom::Search::Contract::FilesAndFolders)
+    step Trailblazer::Operation::Contract::Validate()
+    step :search_tree
+
+    def search_tree(options, params:, **)
+      options['files'], options['folders'] = [], []
+      folder = Boxroom::Folder.find(params[:folder_id])
+      search_folder(params[:term], folder, options)
+    end
+
+    def search_folder(term, folder, options)
+      options['folders'] << folder if folder.name.downcase.include? term.downcase
+      options['files'] += folder.user_files.where("lower(attachment_file_name) LIKE ?", "%#{term.downcase}%").all.to_a
+      folder.children.each do |f|
+        search_folder(term, f, options)
+      end
+    end
+  end
+end

data/app/controllers/boxroom/admins_controller.rb

@@ -0,0 +1,30 @@
+module Boxroom
+  class AdminsController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    skip_before_action :require_admin_in_system, :require_login
+    before_action :require_no_admin
+
+    def new
+      @user = User.new
+    end
+
+    def create
+      @user = User.new(permitted_params.user)
+      @user.password_required = true
+      @user.is_admin = true
+
+      if @user.save
+        redirect_to new_session_url, :notice => t(:admin_user_created_successfully)
+      else
+        render :action => 'new'
+      end
+    end
+
+    private
+
+    def require_no_admin
+      redirect_to new_session_url unless User.no_admin_yet?
+    end
+  end
+end

data/app/controllers/boxroom/application_controller.rb

@@ -0,0 +1,5 @@
+module Boxroom
+  class ApplicationController < ActionController::Base
+    protect_from_forgery
+  end
+end

data/app/controllers/boxroom/clipboard_controller.rb

@@ -0,0 +1,87 @@
+module Boxroom
+  class ClipboardController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    before_action :require_existing_item, :except => :reset
+    before_action :require_existing_target_folder, :only => [:copy, :move]
+    before_action :require_target_is_not_child, :only => :move
+    before_action :require_create_permission, :only => [:copy, :move]
+    before_action :require_read_permission, :only => [:create, :copy, :move]
+    before_action :require_delete_permission, :only => :move
+
+    # @item is set in require_existing_item
+    def create
+      cl = clipboard
+      cl.add(@item)
+      session[:clipboard] = cl
+      redirect_to folder_url(params[:folder_id]), :notice => t(:added_to_clipboard)
+    end
+
+    # @item is set in require_existing_item
+    def destroy
+      cl = clipboard
+      cl.remove(@item)
+      session[:clipboard] = cl
+      redirect_to folder_url(params[:folder_id])
+    end
+
+    def reset
+      cl = clipboard
+      cl.reset
+      session[:clipboard] = cl
+      redirect_to folder_url(params[:folder_id])
+    end
+
+    def copy
+      paste :copy
+    end
+
+    def move
+      paste :move
+    end
+
+    private
+
+    # @item is set in require_existing_item
+    # @target_folder is set in require_existing_target_folder
+    def paste(action)
+      @item.send(action, @target_folder)
+      cl = clipboard
+      cl.remove(@item)
+      session[:clipboard] = cl
+      redirect_to folder_url(params[:folder_id])
+    rescue ActiveRecord::RecordInvalid
+      redirect_to folder_url(params[:folder_id]), :alert => t("could_not_#{action}", :type => t(params[:type]))
+    end
+
+    def require_existing_item
+      if params[:type] == 'folder'
+        @item = @folder = Folder.find(params[:id])
+      else
+        @item = UserFile.find(params[:id])
+        @folder = @item.folder
+      end
+    rescue ActiveRecord::RecordNotFound
+      redirect_to folder_url(params[:folder_id]), :alert => t(:already_deleted, :type => t("this_#{params[:type]}"))
+    end
+
+    def require_target_is_not_child
+      if params[:type] == 'folder'
+        if @folder == @target_folder || @folder.parent_of?(@target_folder)
+          redirect_to folder_url(params[:folder_id]), :alert => t(:cannot_move_to_own_subfolder)
+        end
+      end
+    end
+
+    # Overrides require_#{method}_permission in ApplicationController.
+    # Check if @folder can be read or deleted and redirects to the
+    # current folder (identified by params[:folder_id]) if not.
+    %w{read delete}.each do |method|
+      define_method "require_#{method}_permission" do
+        unless current_user.send("can_#{method}", @folder)
+          redirect_to folder_url(params[:folder_id]), :alert => t(:no_permissions_for_this_type, :method => t(method), :type => t("this_#{params[:type]}"))
+        end
+      end
+    end
+  end
+end

data/app/controllers/boxroom/files_controller.rb

@@ -0,0 +1,78 @@
+module Boxroom
+  class FilesController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    before_action :require_existing_file, :only => [:show, :edit, :update, :destroy]
+    before_action :require_existing_target_folder, :only => [:new, :create]
+
+    before_action :require_create_permission, :only => [:new, :create]
+    before_action :require_read_permission, :only => :show
+    before_action :require_update_permission, :only => [:edit, :update]
+    before_action :require_delete_permission, :only => :destroy
+
+    # @file and @folder are set in require_existing_file
+    def show
+      send_file @file.attachment.path, :filename => @file.attachment_file_name
+    end
+
+    # @target_folder is set in require_existing_target_folder
+    def new
+      @file = @target_folder.user_files.build
+    end
+
+    # @target_folder is set in require_existing_target_folder
+    def create
+      existing_file = UserFile.where(
+          attachment_file_name: permitted_params.user_file["attachment"].original_filename,
+          attachment_content_type: permitted_params.user_file["attachment"].content_type,
+          folder_id: params[:target_folder_id]
+      ).first
+
+      if existing_file # Resume upload
+        existing_file.update_attribute(:attachment_file_size, existing_file.attachment_file_size + permitted_params.user_file["attachment"].size)
+        File.open("#{Rails.root}/#{Boxroom.configuration.uploads_path}/#{Rails.env}/#{existing_file.id}/original/#{existing_file.id}", "ab") {|f| f.write(permitted_params.user_file["attachment"].read)}
+      else
+        @file = @target_folder.user_files.create(permitted_params.user_file)
+      end
+
+      head :ok
+    end
+
+    # @file and @folder are set in require_existing_file
+    def edit
+    end
+
+    # @file and @folder are set in require_existing_file
+    def update
+      if @file.update_attributes(permitted_params.user_file)
+        redirect_to edit_file_url(@file), :notice => t(:your_changes_were_saved)
+      else
+        render :action => 'edit'
+      end
+    end
+
+    # @file and @folder are set in require_existing_file
+    def destroy
+      @file.destroy
+      redirect_to @folder
+    end
+
+    def exists
+      @folder = Folder.find(params[:folder])
+
+      if current_user.can_read(@folder) || current_user.can_write(@folder)
+        @file = @folder.user_files.build(:attachment_file_name => params[:name].gsub(Boxroom::RESTRICTED_CHARACTERS, '_'))
+        render :json => !@file.valid?
+      end
+    end
+
+    private
+
+    def require_existing_file
+      @file = UserFile.find(params[:id])
+      @folder = @file.folder
+    rescue ActiveRecord::RecordNotFound
+      redirect_to Folder.root, :alert => t(:already_deleted, :type => t(:this_file))
+    end
+  end
+end

data/app/controllers/boxroom/folders_controller.rb

@@ -0,0 +1,91 @@
+module Boxroom
+  class FoldersController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    before_action :require_existing_folder, :only => [:show, :edit, :update, :destroy]
+    before_action :require_existing_target_folder, :only => [:new, :create]
+    before_action :require_folder_isnt_root_folder, :only => [:edit, :update, :destroy]
+
+    before_action :require_create_permission, :only => [:new, :create]
+    before_action :require_read_permission, :only => :show
+    before_action :require_update_permission, :only => [:edit, :update]
+    before_action :require_delete_permission, :only => :destroy
+
+    def index
+      redirect_to Folder.root
+    end
+
+    # Note: @folder is set in require_existing_folder
+    def show
+    end
+
+    # Note: @target_folder is set in require_existing_target_folder
+    def new
+      @folder = @target_folder.children.build
+    end
+
+    # Note: @target_folder is set in require_existing_target_folder
+    def create
+      @folder = @target_folder.children.build(permitted_params.folder)
+
+      if @folder.save
+        redirect_to @target_folder
+      else
+        render :action => 'new'
+      end
+    end
+
+    # Note: @folder is set in require_existing_folder
+    def edit
+    end
+
+    # Note: @folder is set in require_existing_folder
+    def update
+      if @folder.update_attributes(permitted_params.folder)
+        redirect_to edit_folder_url(@folder), :notice => t(:your_changes_were_saved)
+      else
+        render :action => 'edit'
+      end
+    end
+
+    # Note: @folder is set in require_existing_folder
+    def destroy
+      target_folder = @folder.parent
+      @folder.destroy
+      redirect_to target_folder
+    end
+
+    private
+
+    # get_folder_or_redirect is defined in ApplicationController
+    def require_existing_folder
+      @folder = get_folder_or_redirect(params[:id])
+    end
+
+    def require_folder_isnt_root_folder
+      if @folder.is_root?
+        redirect_to Folder.root, :alert => t(:cannot_delete_root_folder)
+      end
+    end
+
+    # Overrides require_delete_permission in ApplicationController
+    def require_delete_permission
+      unless @folder.is_root? || current_user.can_delete(@folder)
+        redirect_to @folder.parent, :alert => t(:no_permissions_for_this_type, :method => t(:delete), :type => t(:this_folder))
+      else
+        require_delete_permissions_for(@folder.children)
+      end
+    end
+
+    def require_delete_permissions_for(folders)
+      folders.each do |folder|
+        unless current_user.can_delete(folder)
+          redirect_to @folder.parent, :alert => t(:no_delete_permissions_for_subfolder)
+        else
+          # Recursive...
+          require_delete_permissions_for(folder.children)
+        end
+      end
+    end
+  end
+end

data/app/controllers/boxroom/groups_controller.rb

@@ -0,0 +1,60 @@
+module Boxroom
+  class GroupsController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    before_action :require_admin
+    before_action :require_existing_group, :only => [:edit, :update, :destroy]
+    before_action :require_group_isnt_admins_group, :only => [:edit, :update, :destroy]
+
+    def index
+      @groups = Group.order(:name)
+    end
+
+    def new
+      @group = Group.new
+    end
+
+    def create
+      @group = Group.new(permitted_params.group)
+
+      if @group.save
+        redirect_to groups_url
+      else
+        render :action => 'new'
+      end
+    end
+
+    # Note: @group is set in require_existing_group
+    def edit
+    end
+
+    # Note: @group is set in require_existing_group
+    def update
+      if @group.update_attributes(permitted_params.group)
+        redirect_to edit_group_url(@group), :notice => t(:your_changes_were_saved)
+      else
+        render :action => 'edit'
+      end
+    end
+
+    # Note: @group is set in require_existing_group
+    def destroy
+      @group.destroy
+      redirect_to groups_url
+    end
+
+    private
+
+    def require_existing_group
+      @group = Group.find(params[:id])
+    rescue ActiveRecord::RecordNotFound
+      redirect_to groups_url, :alert => t(:group_already_deleted)
+    end
+
+    def require_group_isnt_admins_group
+      if @group.admins_group?
+        redirect_to groups_url, :alert => t(:admins_group_cannot_be_deleted)
+      end
+    end
+  end
+end

data/app/controllers/boxroom/permissions_controller.rb

@@ -0,0 +1,19 @@
+module Boxroom
+  class PermissionsController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    before_action :require_admin
+
+    def update_multiple
+      if params[:permissions]
+        permissions = Permission.update(params[:permissions].keys, params[:permissions].values)
+        folder = permissions.first.folder
+        folder.copy_permissions_to_children(permissions) if params[:recursive] && folder.has_children?
+      end
+
+      redirect_back fallback_location: root_path
+    rescue ActiveRecord::RecordNotFound # Folder was deleted, so permissions are gone too
+      redirect_to Folder.root, :alert => t(:already_deleted, :type => t(:this_folder))
+    end
+  end
+end

data/app/controllers/boxroom/reset_password_controller.rb

@@ -0,0 +1,45 @@
+module Boxroom
+  class ResetPasswordController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    before_action :require_valid_token, :only => [:edit, :update]
+    skip_before_action :require_login
+
+    def new
+    end
+
+    def create
+      user = User.find_by_email(params[:email])
+
+      unless user.nil?
+        user.refresh_reset_password_token
+        UserMailer.reset_password_email(user).deliver_now
+      end
+
+      redirect_to new_reset_password_url, :notice => t(:instruction_email_sent, :email => params[:email])
+    end
+
+    # Note: @user is set in require_valid_token
+    def edit
+    end
+
+    # Note: @user is set in require_valid_token
+    def update
+      if @user.update_attributes(permitted_params.user.merge({:password_required => true}))
+        redirect_to new_session_url, :notice => t(:password_reset_successfully)
+      else
+        render :action => 'edit'
+      end
+    end
+
+    private
+
+    def require_valid_token
+      @user = User.find_by_reset_password_token(params[:id])
+
+      if @user.nil? || @user.reset_password_token_expires_at < Time.now
+        redirect_to new_reset_password_url, :alert => t(:reset_url_expired)
+      end
+    end
+  end
+end