boxroom 0.0.1

data/app/controllers/boxroom/search_controller.rb

@@ -0,0 +1,21 @@
+module Boxroom
+  class SearchController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    def show
+      @folder = get_folder_or_redirect(params[:folder_id])
+      @term = params[:term]
+      result = Search::FilesAndFolders.(params: {term: @term, folder_id: @folder.id})
+      if result.success?
+        @folders = result['folders']
+        @files = result['files']
+      else
+        @folders = []
+        @files = []
+        if result['contract.default'].errors.present?
+          flash[:alert] = result['contract.default'].errors.full_messages.uniq.join(', ')
+        end
+      end
+    end
+  end
+end

data/app/controllers/boxroom/sessions_controller.rb

@@ -0,0 +1,48 @@
+module Boxroom
+  class SessionsController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    skip_before_action :require_login
+
+    def new
+    end
+
+    def create
+      user = User.authenticate(params[:username], params[:password])
+
+      unless user.nil?
+        if params[:remember_me] == 'true'
+          user.refresh_remember_token
+          cookies[:auth_token] = {:value => user.remember_token, :expires => 2.weeks.from_now}
+        end
+
+        session[:user_id] = user.id
+        redirect_url = session.delete(:return_to) || folders_url
+        redirect_to redirect_url, :only_path => true
+      else
+        log_failed_sign_in_attempt(Time.now, params[:username], request.remote_ip)
+        redirect_to new_session_url, :alert => t(:credentials_incorrect)
+      end
+    end
+
+    def destroy
+      current_user.forget_me
+      cookies.delete :auth_token
+      reset_session
+      session[:user_id] = nil
+      redirect_to Boxroom.configuration.sign_out_path ? Boxroom.configuration.sign_out_path : new_session_url
+    end
+
+    private
+
+    def log_failed_sign_in_attempt(date, username, ip)
+      Rails.logger.error(
+          "\nFAILED SIGN IN ATTEMPT:\n" +
+              "=======================\n" +
+              " Date: #{date}\n" +
+              " Username: #{username}\n" +
+              " IP address: #{ip}\n\n"
+      )
+    end
+  end
+end

data/app/controllers/boxroom/share_links_controller.rb

@@ -0,0 +1,67 @@
+module Boxroom
+  class ShareLinksController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    before_action :require_admin, :only => [:index, :destroy]
+    before_action :require_existing_file, :except => [:index, :destroy]
+    before_action :require_existing_share_link, :only => :destroy
+    before_action :require_read_permission, :only => [:new, :create]
+    skip_before_action :require_login, :only => :show
+
+    rescue_from ActiveRecord::RecordNotFound, NoMethodError, RuntimeError, :with => :redirect_to_root_or_signin_and_show_alert
+
+    def index
+      @share_links = ShareLink.active_share_links
+    end
+
+    # Note: @file is set in require_existing_file
+    def show
+      send_file @file.attachment.path, :filename => @file.attachment_file_name unless @file.nil?
+    end
+
+    # Note: @file is set in require_existing_file
+    def new
+      @share_link = @file.share_links.build
+    end
+
+    # Note: @file and @folder are set in require_existing_file
+    def create
+      @share_link = @file.share_links.build(permitted_params.share_link)
+      @share_link.user = current_user
+
+      if @share_link.save
+        UserMailer.share_link_email(@share_link).deliver_now
+        redirect_to @folder, :notice => t(:shared_successfully)
+      else
+        render :action => 'new'
+      end
+    end
+
+    # Note: @share_link is set in require_existing_share_link
+    def destroy
+      @share_link.destroy
+      redirect_to share_links_url
+    end
+
+    private
+
+    def require_existing_file
+      @file = params[:file_id].blank? ? ShareLink.file_for_token(params[:id]) : UserFile.find(params[:file_id])
+      @folder = @file.folder
+    end
+
+    def require_existing_share_link
+      @share_link = ShareLink.find(params[:id])
+    rescue ActiveRecord::RecordNotFound
+      redirect_to share_links_url, :alert => t(:already_deleted, :type => t(:this_share_link))
+    end
+
+    def redirect_to_root_or_signin_and_show_alert
+      if signed_in?
+        redirect_to Folder.root, :alert => t(:already_deleted, :type => t(:this_file))
+      else
+        redirect_to signin_url, :alert => t(:already_deleted, :type => t(:this_file))
+      end
+    end
+  end
+end

data/app/controllers/boxroom/signup_controller.rb

@@ -0,0 +1,31 @@
+module Boxroom
+  class SignupController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    before_action :require_valid_token, :only => [:edit, :update]
+    skip_before_action :require_login
+
+    # Note: @user is set in require_valid_token
+    def edit
+    end
+
+    # Note: @user is set in require_valid_token
+    def update
+      if @user.update_attributes(permitted_params.user.merge({:password_required => true}))
+        redirect_to new_session_url, :notice => t(:signed_up_successfully)
+      else
+        render :action => 'edit'
+      end
+    end
+
+    private
+
+    def require_valid_token
+      @user = User.find_by_signup_token(params[:id])
+
+      if @user.nil? || @user.signup_token_expires_at < Time.now
+        redirect_to new_session_url, :alert => t(:sign_url_expired)
+      end
+    end
+  end
+end

data/app/controllers/boxroom/users_controller.rb

@@ -0,0 +1,75 @@
+module Boxroom
+  class UsersController < Boxroom::ApplicationController
+    include Boxroom::BaseController
+
+    before_action :require_admin, :except => [:edit, :update]
+    before_action :require_existing_user, :only => [:edit, :update, :destroy, :extend]
+    before_action :require_deleted_user_isnt_admin, :only => :destroy
+
+    def index
+      @users = User.where.not(:name => nil).order('name')
+      @new_users = User.where(:name => nil).order('email')
+    end
+
+    def new
+      @user = User.new
+    end
+
+    def create
+      @user = User.new(permitted_params.user)
+
+      if @user.save
+        UserMailer.signup_email(@user).deliver_now
+        redirect_to users_url
+      else
+        render :action => 'new'
+      end
+    end
+
+    # Note: @user is set in require_existing_user
+    def edit
+    end
+
+    # Note: @user is set in require_existing_user
+    def update
+      if @user.update_attributes(permitted_params.user.merge({:password_required => false}))
+        redirect_to edit_user_url(@user), :notice => t(:your_changes_were_saved)
+      else
+        render :action => 'edit'
+      end
+    end
+
+    # Note: @user is set in require_existing_user
+    def extend
+      @user.signup_token_expires_at = @user.signup_token_expires_at + 2.weeks
+      @user.save(:validate => false)
+      redirect_to users_url
+    end
+
+    # Note: @user is set in require_existing_user
+    def destroy
+      @user.destroy
+      redirect_to users_url
+    end
+
+    private
+
+    def require_existing_user
+      if current_user.member_of_admins? && params[:id] != current_user.id.to_s
+        @title = t(:edit_user)
+        @user = User.find(params[:id])
+      else
+        @title = t(:account_settings)
+        @user = current_user
+      end
+    rescue ActiveRecord::RecordNotFound
+      redirect_to users_url, :alert => t(:user_already_deleted)
+    end
+
+    def require_deleted_user_isnt_admin
+      if @user.is_admin
+        redirect_to users_url, :alert => t(:admin_user_cannot_be_deleted)
+      end
+    end
+  end
+end

data/app/controllers/concerns/boxroom/base_controller.rb

@@ -0,0 +1,92 @@
+module Boxroom
+  module BaseController
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :require_admin_in_system
+      before_action :require_login
+
+      helper_method :clipboard, :current_user, :signed_in?, :permitted_params
+
+      %w{read update delete}.each do |method|
+        define_method "require_#{method}_permission" do
+          unless (method == 'read' && @folder.is_root?) || current_user.send("can_#{method}", @folder)
+            redirect_folder = @folder.parent.nil? ? Folder.root : @folder.parent
+            redirect_to redirect_folder, :alert => t(:no_permissions_for_this_type, :method => t(:create), :type => t(:this_folder))
+          end
+        end
+      end
+    end
+
+    protected
+
+    def clipboard
+      cl = session[:clipboard]
+      cl = Clipboard.new if cl.nil?
+      if cl.kind_of? Hash # Init clipboard from Hash
+        new_cl = Clipboard.new
+        cl['folders'].each do |folder_id|
+          new_cl.add(Folder.find(folder_id))
+        end
+        cl['files'].each do |file_id|
+          new_cl.add(UserFile.find(file_id))
+        end
+        cl = new_cl
+      end
+      cl
+    end
+
+    def current_user
+      @current_user ||= User.find_by_id(session[:user_id])
+    end
+
+    def signed_in?
+      !!current_user
+    end
+
+    def permitted_params
+      @permitted_params ||= PermittedParams.new(params, current_user)
+    end
+
+    def require_admin_in_system
+      redirect_to new_admin_url if User.no_admin_yet?
+    end
+
+    def require_admin
+      redirect_to :root unless current_user.member_of_admins?
+    end
+
+    def require_login
+      if current_user.nil?
+        user = User.find_by_remember_token(cookies[:auth_token]) unless cookies[:auth_token].blank?
+
+        if user.nil?
+          reset_session
+          session[:user_id] = nil
+          session[:return_to] = request.fullpath
+          redirect_to new_session_url
+        else
+          user.refresh_remember_token
+          session[:user_id] = user.id
+          cookies[:auth_token] = user.remember_token
+        end
+      end
+    end
+
+    def require_existing_target_folder
+      @target_folder = get_folder_or_redirect(params[:folder_id])
+    end
+
+    def require_create_permission
+      unless current_user.can_create(@target_folder)
+        redirect_to @target_folder, :alert => t(:no_permissions_for_this_type, :method => t(:create), :type => t(:this_folder))
+      end
+    end
+
+    def get_folder_or_redirect(id)
+      Folder.find(id)
+    rescue ActiveRecord::RecordNotFound
+      redirect_to Folder.root, :alert => t(:already_deleted, :type => t(:this_folder))
+    end
+  end
+end

data/app/helpers/boxroom/application_helper.rb

@@ -0,0 +1,4 @@
+module Boxroom
+  module ApplicationHelper
+  end
+end

data/app/helpers/boxroom/folders_helper.rb

@@ -0,0 +1,17 @@
+module Boxroom
+  module FoldersHelper
+    def breadcrumbs(folder, breadcrumbs = '')
+      breadcrumbs = "<li>#{link_to(folder.parent.name, folder.parent)}</li> #{breadcrumbs}"
+      breadcrumbs = breadcrumbs(folder.parent, breadcrumbs) unless folder.parent == Folder.root
+      breadcrumbs.html_safe
+    end
+
+    def file_icon(extension)
+      if extension && FileTest.exists?(Rails.root.join('app', 'assets', 'images', 'fileicons', "#{extension.downcase}.png"))
+        "boxroom/fileicons/#{extension.downcase}.png"
+      else
+        'boxroom/file.png'
+      end
+    end
+  end
+end

data/app/jobs/boxroom/application_job.rb

@@ -0,0 +1,4 @@
+module Boxroom
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/boxroom/application_mailer.rb

@@ -0,0 +1,6 @@
+module Boxroom
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/mailers/boxroom/user_mailer.rb

@@ -0,0 +1,18 @@
+module Boxroom
+  class UserMailer < ActionMailer::Base
+    def signup_email(user)
+      @user = user
+      mail(:to => user.email, :subject => t(:signup_email_subject))
+    end
+
+    def reset_password_email(user)
+      @user = user
+      mail(:to => user.email, :subject => t(:reset_password_email_subject))
+    end
+
+    def share_link_email(share_link)
+      @share_link = share_link
+      mail(:to => share_link.user.email, :reply_to => share_link.user.email, :bcc => share_link.emails, :subject => t(:share_link_email_subject, :email => share_link.user.email))
+    end
+  end
+end

data/app/models/boxroom/application_record.rb

@@ -0,0 +1,5 @@
+module Boxroom
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/boxroom/clipboard.rb

@@ -0,0 +1,45 @@
+module Boxroom
+  class Clipboard
+    def initialize
+      setup
+    end
+
+    def folders
+      Folder.where(:id => @folders)
+    end
+
+    def files
+      UserFile.where(:id => @files)
+    end
+
+    def add(item)
+      if item.class == Folder
+        @folders << item.id unless @folders.include?(item.id)
+      else
+        @files << item.id unless @files.include?(item.id)
+      end
+    end
+
+    def remove(item)
+      if item.class == Folder
+        @folders.delete(item.id)
+      else
+        @files.delete(item.id)
+      end
+    end
+
+    def empty?
+      (@folders.empty? || folders.empty?) && (@files.empty? || files.empty?)
+    end
+
+    def reset
+      setup
+    end
+
+    private
+
+    def setup
+      @folders, @files = [], []
+    end
+  end
+end