boxroom 0.0.1

data/app/models/boxroom/folder.rb

@@ -0,0 +1,113 @@
+module Boxroom
+  class Folder < ActiveRecord::Base
+    acts_as_tree :order => 'name'
+
+    has_many :user_files, -> {order :attachment_file_name}, :dependent => :destroy
+    has_many :permissions, :dependent => :destroy
+
+    attr_accessor :is_copied_folder
+
+    validates_uniqueness_of :name, :scope => :parent_id
+    validates_presence_of :name
+
+    before_save :check_for_parent
+    after_create :create_permissions, :unless => :is_copied_folder
+    before_destroy :dont_destroy_root_folder
+
+    def copy(target_folder, originally_copied_folder = nil)
+      new_folder = self.dup
+      new_folder.is_copied_folder = true
+      new_folder.parent = target_folder
+      new_folder.save!
+
+      originally_copied_folder = new_folder if originally_copied_folder.nil?
+
+      # Copy original folder's permissions
+      self.permissions.each do |permission|
+        new_permission = permission.dup
+        new_permission.folder = new_folder
+        new_permission.save!
+      end
+
+      self.user_files.each do |file|
+        file.copy(new_folder)
+      end
+
+      # Copy sub-folders recursively
+      self.children.each do |folder|
+        folder.copy(new_folder, originally_copied_folder) unless folder == originally_copied_folder
+      end
+
+      new_folder
+    end
+
+    def move(target_folder)
+      unless target_folder == self || self.parent_of?(target_folder)
+        self.parent = target_folder
+        save!
+      else
+        raise 'You cannot move a folder to its own sub-folder.'
+      end
+    end
+
+    def copy_permissions_to_children(permissions_to_copy)
+      permissions_to_copy.each do |permission|
+        attributes = permission.attributes.except('id', 'folder_id', 'group_id')
+        Permission.where(:folder_id => children, :group_id => permission.group_id).update_all(attributes)
+      end
+
+      # Copy permissions recursively
+      children.each do |child|
+        child.copy_permissions_to_children(permissions_to_copy) if child.has_children?
+      end
+    end
+
+    def parent_of?(folder)
+      self.children.each do |child|
+        if child == folder
+          return true
+        else
+          return child.parent_of?(folder)
+        end
+      end
+      false
+    end
+
+    def is_root?
+      parent.nil? && !new_record?
+    end
+
+    def has_children?
+      children.count > 0
+    end
+
+    def self.root
+      @root_folder ||= find_by_name_and_parent_id('Root folder', nil)
+    end
+
+    private
+
+    def check_for_parent
+      raise 'Folders must have a parent.' if parent.nil? && name != 'Root folder'
+    end
+
+    def create_permissions
+      unless is_root?
+        parent.permissions.each do |permission|
+          Permission.create! do |p|
+            p.group = permission.group
+            p.folder = self
+            p.can_create = permission.can_create
+            p.can_read = permission.can_read
+            p.can_update = permission.can_update
+            p.can_delete = permission.can_delete
+          end
+        end
+      end
+    end
+
+    def dont_destroy_root_folder
+      raise "Can't delete Root folder" if is_root?
+    end
+  end
+end

data/app/models/boxroom/group.rb

@@ -0,0 +1,57 @@
+module Boxroom
+  class Group < ActiveRecord::Base
+    has_many :permissions, :dependent => :destroy
+    has_and_belongs_to_many :users
+
+    validates_uniqueness_of :name
+    validates_presence_of :name
+
+    after_create :create_admin_permissions, :if => :admins_group?
+    after_create :create_permissions, :unless => :admins_group?
+    before_destroy :dont_destroy_admins
+
+    def admins_group?
+      name == 'Admins'
+    end
+
+    def self.admins_group
+      where(:name => 'Admins').first
+    end
+
+    def self.all_except_admins
+      where.not(:name => 'Admins')
+    end
+
+    private
+
+    def create_admin_permissions
+      Folder.find_each do |folder|
+        Permission.create! do |p|
+          p.group = self
+          p.folder = folder
+          p.can_create = true
+          p.can_read = true
+          p.can_update = true
+          p.can_delete = true
+        end
+      end
+    end
+
+    def create_permissions
+      Folder.find_each do |folder|
+        Permission.create! do |p|
+          p.group = self
+          p.folder = folder
+          p.can_create = false
+          p.can_read = folder.is_root? # New groups can read the root folder
+          p.can_update = false
+          p.can_delete = false
+        end
+      end
+    end
+
+    def dont_destroy_admins
+      raise "Can't delete admins group" if admins_group?
+    end
+  end
+end

data/app/models/boxroom/permission.rb

@@ -0,0 +1,6 @@
+module Boxroom
+  class Permission < ActiveRecord::Base
+    belongs_to :group
+    belongs_to :folder
+  end
+end

data/app/models/boxroom/permitted_params.rb

@@ -0,0 +1,33 @@
+module Boxroom
+  class PermittedParams < Struct.new(:params, :current_user)
+    %w{folder group share_link user user_file}.each do |model_name|
+      define_method model_name do
+        params.require(model_name.to_sym).permit(*send("#{model_name}_attributes"))
+      end
+    end
+
+    def folder_attributes
+      [:name]
+    end
+
+    def group_attributes
+      [:name]
+    end
+
+    def share_link_attributes
+      [:emails, :link_expires_at, :message]
+    end
+
+    def user_attributes
+      if current_user && current_user.member_of_admins?
+        [:name, :email, :password, :password_confirmation, {:group_ids => []}]
+      else
+        [:name, :email, :password, :password_confirmation]
+      end
+    end
+
+    def user_file_attributes
+      [:attachment, :attachment_file_name]
+    end
+  end
+end

data/app/models/boxroom/share_link.rb

@@ -0,0 +1,40 @@
+module Boxroom
+  class ShareLink < ActiveRecord::Base
+    belongs_to :user
+    belongs_to :user_file
+
+    validates_presence_of :emails, :link_expires_at
+    validates_length_of :emails, :maximum => 255
+    validate :format_of_emails
+
+    before_save :generate_token
+
+    def self.active_share_links
+      where('link_expires_at >= ?', DateTime.now).order(:link_expires_at)
+    end
+
+    def self.file_for_token(token)
+      share_link = find_by_link_token(token)
+
+      if share_link.link_expires_at < DateTime.now
+        raise 'This share link expired.'
+      else
+        share_link.user_file
+      end
+    end
+
+    private
+
+    def format_of_emails
+      emails.split(/,\s*/).each do |email|
+        unless email.strip =~ /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/
+          errors.add(:emails, I18n.t(:are_invalid_due_to, :email => email))
+        end
+      end
+    end
+
+    def generate_token
+      self.link_token = SecureRandom.hex(10)
+    end
+  end
+end

data/app/models/boxroom/user.rb

@@ -0,0 +1,113 @@
+module Boxroom
+  class User < ActiveRecord::Base
+    has_and_belongs_to_many :groups
+    has_many :share_links
+
+    attr_accessor :password_confirmation, :password_required, :dont_clear_reset_password_token
+
+    validates_confirmation_of :password
+    validates_length_of :password, :in => 6..20, :allow_blank => true
+    validates_presence_of :password, :if => :password_required
+    validates_presence_of :name, :unless => :new_record?
+    validates_presence_of :email
+    validates_uniqueness_of :name, :unless => :new_record? && :name_is_blank?
+    validates_uniqueness_of :email
+    validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/
+
+    before_create :set_signup_token
+    before_save :clear_reset_password_token, :unless => :dont_clear_reset_password_token
+    before_update :clear_signup_token
+    after_create :create_root_folder_and_admins_group, :if => :is_admin
+    before_destroy :dont_destroy_admin
+
+    %w{create read update delete}.each do |method|
+      define_method "can_#{method}" do |folder|
+        has_permission = false
+
+        Permission.where(:group_id => groups, :folder_id => folder.id).each do |permission|
+          has_permission = permission.send("can_#{method}")
+          break if has_permission
+        end
+
+        has_permission
+      end
+    end
+
+    def password
+      @password
+    end
+
+    def password=(new_password)
+      @password = new_password
+
+      unless @password.blank?
+        self.password_salt = SecureRandom.base64(32)
+        self.hashed_password = Digest::SHA256.hexdigest(password_salt + password)
+      end
+    end
+
+    def member_of_admins?
+      groups.admins_group.present?
+    end
+
+    def refresh_reset_password_token
+      self.reset_password_token = SecureRandom.hex(10)
+      self.reset_password_token_expires_at = 1.hour.from_now
+      self.dont_clear_reset_password_token = true
+      save(:validate => false)
+    end
+
+    def refresh_remember_token
+      self.remember_token = SecureRandom.base64(32)
+      save(:validate => false)
+    end
+
+    def forget_me
+      self.remember_token = nil
+      save(:validate => false)
+    end
+
+    def name_is_blank?
+      self.name.blank?
+    end
+
+    def self.authenticate(name, password)
+      return nil if name.blank? || password.blank?
+      user = find_by_name(name) or return nil
+      hash = Digest::SHA256.hexdigest(user.password_salt + password)
+      hash == user.hashed_password ? user : nil
+    end
+
+    def self.no_admin_yet?
+      find_by_is_admin(true).blank?
+    end
+
+    private
+
+    def set_signup_token
+      self.signup_token = SecureRandom.hex(10)
+      self.signup_token_expires_at = 2.weeks.from_now
+    end
+
+    def clear_signup_token
+      unless self.name.blank?
+        self.signup_token = nil
+        self.signup_token_expires_at = nil
+      end
+    end
+
+    def clear_reset_password_token
+      self.reset_password_token = nil
+      self.reset_password_token_expires_at = nil
+    end
+
+    def create_root_folder_and_admins_group
+      Folder.find_or_create_by(name: 'Root folder')
+      groups << Group.find_or_create_by(name: 'Admins')
+    end
+
+    def dont_destroy_admin
+      raise "Can't delete original admin user" if is_admin
+    end
+  end
+end

data/app/models/boxroom/user_file.rb

@@ -0,0 +1,35 @@
+module Boxroom
+  class UserFile < ActiveRecord::Base
+    has_attached_file :attachment, :path => ":rails_root/#{Boxroom.configuration.uploads_path}/:rails_env/:id/:style/:id", :restricted_characters => Boxroom::RESTRICTED_CHARACTERS
+    do_not_validate_attachment_file_type :attachment
+
+    belongs_to :folder
+    has_many :share_links, :dependent => :destroy
+
+    validates_attachment_presence :attachment, :message => I18n.t(:blank, :scope => [:activerecord, :errors, :messages])
+    validates_presence_of :folder_id
+    validates_uniqueness_of :attachment_file_name, :scope => 'folder_id', :message => I18n.t(:exists_already, :scope => [:activerecord, :errors, :messages])
+    validates_format_of :attachment_file_name, :with => /\A[^\/\\\?\*:|"<>]+\z/, :message => I18n.t(:invalid_characters, :scope => [:activerecord, :errors, :messages])
+
+    def copy(target_folder)
+      new_file = self.dup
+      new_file.folder = target_folder
+      new_file.save!
+
+      path = "#{Rails.root}/#{Boxroom.configuration.uploads_path}/#{Rails.env}/#{new_file.id}/original"
+      FileUtils.mkdir_p path
+      FileUtils.cp_r self.attachment.path, "#{path}/#{new_file.id}"
+
+      new_file
+    end
+
+    def move(target_folder)
+      self.folder = target_folder
+      save!
+    end
+
+    def extension
+      File.extname(attachment_file_name)[1..-1]
+    end
+  end
+end

data/app/views/boxroom/admins/new.html.erb

@@ -0,0 +1,42 @@
+<% content_for :title, t(:create_admin) -%>
+
+<h1 class="title"><%= content_for :title %></h1>
+<div class="notification is-warning">
+  <%= t :no_administrator_yet %>
+</div>
+<%= form_for @user, url: {action: 'create'} do |f| %>
+    <% if f.error_messages.size > 0 %>
+        <div class="notification is-danger">
+          <%= f.error_messages %>
+        </div>
+    <% end %>
+    <div class="field">
+      <%= f.label :name, t(:username), class: 'label' %>
+      <div class="control">
+        <%= f.text_field :name, class: 'input' %>
+      </div>
+    </div>
+    <div class="field">
+      <%= f.label :email, class: 'label' %>
+      <div class="control">
+        <%= f.text_field :email, class: 'input' %>
+      </div>
+    </div>
+    <div class="field">
+      <%= label_tag :password, class: 'label' %>
+      <div class="control">
+        <%= f.password_field :password, class: 'input' %>
+      </div>
+    </div>
+    <div class="field">
+      <%= label_tag :confirm_password, nil, class: 'label' %>
+      <div class="control">
+        <%= f.password_field :password_confirmation, class: 'input' %>
+      </div>
+    </div>
+    <div class="field">
+      <div class="control">
+        <%= f.submit t(:create_admin_account), class: 'button is-link' %>
+      </div>
+    </div>
+<% end %>