browsercms-artirix 4.0.0.rc1.art4 → 4.0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 772d01467da5cad3fc2b52f22bc531f463ac1f37
-  data.tar.gz: 3eea925bc7e2654dbe0966b9769603094d5cae71
+  metadata.gz: c583e14fa12a74f972234f11511a962188130dbe
+  data.tar.gz: 11cc22e7c560d79463b17162c340663f72e198ed
 SHA512:
-  metadata.gz: cd54bfc2e9728a276d0d088cf23a6b4f44f2bb7c2076436d630da77d61af84d8eac314e3b55fd052f3e3bca4d404005deeb5afda3fc9efeb50cea45d253d061a
-  data.tar.gz: c8514b9073eea9cb8faf5f477c6310f361b50c8143c3232b18d04a9dbce1772e3e4cfbe46581965cd0e36cec1394f7ed9f3bd39ae6f3722fb019c5d7504dc899
+  metadata.gz: 8ae938f94dd7d6135bee6c3b041533730171449f1da563087bfd1570b3222bfef97ce1746c7fc4addeb41f3f0a543670b212680b5a69426fc9758cf92dee1ba0
+  data.tar.gz: 2a28a07e19f40207217060314715102733189ff936e33cc05b4ec2f5eee4d060d0377d1e17c2fcd046fde4ed6cb94e607ae6d1f0509b60db6eb8e1105a50c09b

data/app/controllers/cms/attachments_controller.rb

@@ -24,7 +24,7 @@ module Cms
     end
 
     def create
-      @attachment = Attachment.new(permitted_params())
+      @attachment = Attachment.new(permitted_params)
       @attachment.published = true
       if @attachment.save
         render :partial => 'cms/attachments/attachment_wrapper', :locals => {:attachment => @attachment}

data/app/controllers/cms/cas_sessions_controller.rb

@@ -0,0 +1,13 @@
+module Cms
+  class CasSessionsController < Devise::CasSessionsController
+
+    # remove "You need to be signed in" error flash after you're logged in.
+    before_filter :clear_flash, only: [:service]
+
+    private
+    def clear_flash
+      flash.delete :alert
+      true
+    end
+  end
+end

data/app/controllers/cms/sections_controller.rb

@@ -89,7 +89,7 @@ module Cms
     end
 
     def public_groups
-      @public_groups ||= Cms::Group.public.order("#{Cms::Group.table_name}.name")
+      @public_groups ||= Cms::Group.public_users.order("#{Cms::Group.table_name}.name")
     end
 
     def cms_groups

data/app/controllers/cms/users_controller.rb

@@ -80,7 +80,7 @@ module Cms
     protected
 
     def cms_user_params
-      params.require("user").permit(Cms::User.permitted_params)
+      params.require(:user).permit(Cms::User.permitted_params)
     end
 
     def after_create_url

data/app/helpers/cms/sites/authentication_helper.rb

@@ -6,6 +6,7 @@ module Cms
     module AuthenticationHelper
 
       def new_session_path(resource_name)
+        # login_path
         main_app.new_cms_user_session_path
       end
 

data/app/helpers/cms/sites/devise_shim_helper.rb

@@ -11,7 +11,7 @@ module Cms
 
       include DeviseHelper
 
-      # Use public routes (/login) for paths
+      # Use public routes (/cms/users/login) for paths
       include Cms::Sites::AuthenticationHelper
 
 

data/app/models/cms/default_user.rb

@@ -0,0 +1,6 @@
+module Cms
+  class DefaultUser < ActiveRecord::Base
+    self.table_name = "cms_default_users"
+    include Cms::UsersService.user_compatibility_module
+  end
+end

data/app/models/cms/external_user.rb

@@ -6,7 +6,7 @@ module Cms
   #  # Assumes there is an external Crm tool that we look up username/passwords from.
   #  if(SouthparkCrm::Client.authenticate(params[:login], params[:password]))
   #   user = Cms::ExternalUser.authenticate('stan.marsh', 'southpark-crm')
-  #   user.authorize('cms-admin')
+  #   user.authorize(Cms::UsersService::GROUP_CMS_ADMIN)
   # end
   # ```
   class ExternalUser < Cms::PersistentUser

data/app/models/cms/group.rb

@@ -6,7 +6,7 @@ class Cms::Group < ActiveRecord::Base
   GUEST_CODE = "guest"
 
   has_many :user_group_memberships, :class_name => 'Cms::UserGroupMembership'
-  has_many :users, :through => :user_group_memberships, :class_name => 'Cms::PersistentUser'
+  has_many :users, :through => :user_group_memberships, :class_name => Cms.user_class_name
 
   has_many :group_permissions, :class_name => 'Cms::GroupPermission'
   has_many :permissions, :through => :group_permissions, :class_name => 'Cms::Permission'
@@ -36,7 +36,8 @@ class Cms::Group < ActiveRecord::Base
     end
   end
 
-  scope :public, -> { where(["#{Cms::GroupType.table_name}.cms_access = ?", false]).includes(:group_type).references(:group_type) }
+  # `public` scope is defined in rails 4.2
+  scope :public_users, -> { where(["#{Cms::GroupType.table_name}.cms_access = ?", false]).includes(:group_type).references(:group_type) }
   scope :cms_access, -> { where(["#{Cms::GroupType.table_name}.cms_access = ?", true]).includes(:group_type).references(:group_type) }
 
   def guest?
@@ -49,9 +50,12 @@ class Cms::Group < ActiveRecord::Base
 
   # Finds the guest group, which is a special group that represents public non-logged in users.
   def self.guest
-    with_code(GUEST_CODE).first
+    guest_groups.first
   end
 
+  def self.guest_groups
+    with_code(GUEST_CODE)
+  end
 
   def has_permission?(permission)
     permissions.any? do |p|

data/app/models/cms/guest_user.rb

@@ -7,51 +7,12 @@
 module Cms
   class GuestUser < Cms::User
 
+    include Cms::UsersService::GuestUserModule
+
     def initialize(attributes={})
       super({:login => Cms::Group::GUEST_CODE, :first_name => "Anonymous", :last_name => "User"}.merge(attributes))
       @guest = true
     end
 
-    def able_to?(*name)
-      group && group.permissions.where('name in (?)', name.map(&:to_s)).count > 0
-    end
-
-    # Guests never get access to the CMS.
-    # Overridden from user so that able_to_view? will work correctly.
-    def cms_access?
-      false
-    end
-
-    # Return a list of the sections associated with this user that can be viewed.
-    # Overridden from user so that able_to_view? will work correctly.
-    def viewable_sections
-      group.sections
-    end
-
-    def able_to_edit?(section)
-      false
-    end
-
-    def group
-      @group ||= Cms::Group.guest
-    end
-
-    def groups
-      [group]
-    end
-
-    #You shouldn't be able to save a guest user
-    def update_attribute(name, value)
-      false
-    end
-
-    def update_attributes(attrs={})
-      false
-    end
-
-    def save(perform_validation=true)
-      false
-    end
-
   end
 end

data/app/models/cms/permission.rb

@@ -6,6 +6,10 @@ module Cms
     has_many :group_permissions, :class_name => 'Cms::GroupPermission'
     has_many :groups, :through => :group_permissions, :class_name => 'Cms::Group'
 
+    def self.by_group_ids(group_ids)
+      distinct.where("#{Cms::Group.table_name}.id" => group_ids).includes(:groups).references(:groups)
+    end
+
     validates_presence_of :name
     validates_uniqueness_of :name
 

data/app/models/cms/persistent_user.rb

@@ -3,16 +3,13 @@ module Cms
   # A parent class for users that need to be persisted in the CMS database.
   class PersistentUser < ActiveRecord::Base
 
+    include Cms::UsersService.user_compatibility_module
+
     self.table_name = 'cms_users'
 
     # Note that Chrome doesn't expire session cookies immediately so test this in other browsers.
     # http://stackoverflow.com/questions/16817229/issues-with-devise-rememberable
-    devise :database_authenticatable,
-           # Note that Chrome doesn't expire session cookies immediately so test this in other browsers.
-           # http://stackoverflow.com/questions/16817229/issues-with-devise-rememberable
-           :rememberable,
-           :recoverable,  # Needs to be here so forgot password link works.
-           :authentication_keys => [:login]
+    devise *Cms.user_class_devise_options
 
 
     has_many :user_group_memberships, :class_name => 'Cms::UserGroupMembership', foreign_key: :user_id
@@ -31,14 +28,14 @@ module Cms
     class << self
 
       def permitted_params
-        super + [{:group_ids => []}]
+        super + [{ :group_ids => [] }]
       end
 
       # Returns all users that can :edit_content or :publish_content permissions.
       #
       # @return [ActiveRelation<Cms::User>] A scope which will find users with the correct permissions.
       def able_to_edit_or_publish_content
-        where(["#{Permission.table_name}.name = ? OR #{Permission.table_name}.name = ?", "edit_content", "publish_content"]).includes({:groups => :permissions}).references(:permissions)
+        where(["#{Permission.table_name}.name = ? OR #{Permission.table_name}.name = ?", "edit_content", "publish_content"]).includes({ :groups => :permissions }).references(:permissions)
       end
 
       def current
@@ -55,29 +52,23 @@ module Cms
       end
     end
 
-    # Determines if this user a Guest or not.
-    def guest?
-      !!@guest
+    def cas_extra_attributes=(extra_attributes)
+      self.external_data = extra_attributes.to_json
+      extra_attributes = {}.merge(extra_attributes).symbolize_keys
+      Cms.user_cas_extra_attributes_setter.call self, extra_attributes
     end
 
-    # checks for usage
-    def cms_user_compatible?
-      true
+    def group_codes
+      groups.map &:code
     end
 
-    def enable_able?
-      true
+    def group_codes=(group_codes)
+      self.groups = Cms::Group.with_code(group_codes)
     end
 
-    def disable_able?
-      true
-    end
-
-
-    # Determines if this user should have access to the CMS administration tools. Can be overridden by specific users (like GuestUser)
-    # which may not need to check the database for that information.
-    def cms_access?
-      groups.cms_access.count > 0
+    # Determines if this user a Guest or not.
+    def guest?
+      !!@guest
     end
 
     def disable
@@ -129,95 +120,11 @@ module Cms
       [first_name, last_name].reject { |e| e.nil? }.join(" ")
     end
 
-    def full_name_with_login
-      "#{full_name} (#{login})"
-    end
-
-    def full_name_or_login
-      if full_name.strip.blank?
-        login
-      else
-        full_name
-      end
-    end
-
-    # This is to show a formated date on the input form. I'm unsure that
+    # This is to show a formatted date on the input form. I'm unsure that
     # this is the best way to solve this, but it works.
     def expires_at_formatted
       expires_at ? (expires_at.strftime '%m/%d/%Y') : nil
     end
 
-    def permissions
-      @permissions ||= Cms::Permission.where(["#{self.class.table_name}.id = ?", id]).includes({:groups => :users}).references(:users)
-    end
-
-    def viewable_sections
-      @viewable_sections ||= Cms::Section.where(["#{self.class.table_name}.id = ?", id]).includes(:groups => :users).references(:users)
-    end
-
-    def modifiable_sections
-      @modifiable_sections ||= Cms::Section.where(["#{self.class.table_name}.id = ? and #{GroupType.table_name}.cms_access = ?", id, true]).includes(:groups => [:group_type, :users]).references(:users, :groups)
-    end
-
-    # Expects a list of names of Permissions
-    # true if the user has any of the permissions
-    def able_to?(*required_permissions)
-      perms = required_permissions.map(&:to_sym)
-      permissions.any? do |p|
-        perms.include?(p.name.to_sym)
-      end
-    end
-
-    # Determine if this user has permission to view the specific object. Permissions
-    #   are always tied to a specific section. This method can take different input parameters
-    #   and will attempt to determine the relevant section to check.
-    # Expects object to be of type:
-    #   1. Section - Will check the user's groups to see if any of those groups can view this section.
-    #   2. Path - Will look up the section based on the path, then check it.  (Note that section paths are not currently unique, so this will check the first one it finds).
-    #   3. Other - Assumes it has a section attribute and will call that and check the return value.
-    #
-    # Returns: true if the user can view this object, false otherwise.
-    # Raises: ActiveRecord::RecordNotFound if a path to a not existent section is passed in.
-    def able_to_view?(object)
-      section = object
-      if object.is_a?(String)
-        section = Cms::Section.find_by_path(object)
-        raise ActiveRecord::RecordNotFound.new("Could not find section with path = '#{object}'") unless section
-      elsif !object.is_a?(Cms::Section)
-        section = object.parent
-      end
-      viewable_sections.include?(section) || cms_access?
-    end
-
-    def able_to_modify?(object)
-      case object
-        when Cms::Section
-          modifiable_sections.include?(object)
-        when Cms::Page, Cms::Link
-          modifiable_sections.include?(object.section)
-        else
-          if object.class.respond_to?(:connectable?) && object.class.connectable?
-            object.connected_pages.all? { |page| able_to_modify?(page) }
-          else
-            true
-          end
-      end
-    end
-
-    # Expects node to be a Section, Page or Link
-    # Returns true if the specified node, or any of its ancestor sections, is editable by any of
-    # the user's 'CMS User' groups.
-    def able_to_edit?(object)
-      able_to?(:edit_content) && able_to_modify?(object)
-    end
-
-    def able_to_publish?(object)
-      able_to?(:publish_content) && able_to_modify?(object)
-    end
-
-    def able_to_edit_or_publish_content?
-      able_to?(:edit_content, :publish_content)
-    end
-
   end
 end

data/app/models/cms/section.rb

@@ -23,17 +23,21 @@ module Cms
     has_many :group_sections, :class_name => 'Cms::GroupSection'
     has_many :groups, :through => :group_sections, :class_name => 'Cms::Group'
 
-    scope :root, -> { where(['root = ?', true]) }
-    scope :system, -> { where({:name => 'system'}) }
-    scope :hidden, -> { where({:hidden => true}) }
-    scope :not_hidden, -> { where({:hidden => false}) }
+    scope :root, -> { where root: true }
+    scope :system, -> { where name: 'system' }
+    scope :hidden, -> { where hidden: true }
+    scope :not_hidden, -> { where hidden: false }
 
     def self.named(name)
-      where(["#{table_name}.name = ?", name])
+      where name: name
     end
 
     def self.with_path(path)
-      where(["#{table_name}.path = ?", path])
+      where path: path
+    end
+
+    def self.by_group_ids(group_ids)
+      distinct.where("#{Cms::Group.table_name}.id" => group_ids).includes(:groups).references(:groups)
     end
 
     #scope :named, lambda { |name| {-> {where( ["#{table_name}.name = ?", name]} }   )}

data/app/models/cms/user.rb

@@ -2,8 +2,8 @@ module Cms
 
   # Represents a CMS users that is managed through the CMS UI.
   class User < PersistentUser
-    include Devise::Models::Validatable
-    include Devise::Models::Recoverable
+    include Devise::Models::Validatable if Cms.user_class_devise_validatable?
+    include Devise::Models::Recoverable if Cms.user_class_devise_recoverable?
 
     class << self
       # Change a given user's password.

data/app/models/cms/user_group_membership.rb

@@ -3,7 +3,7 @@ module Cms
 
     extend Cms::DefaultAccessible
 
-    belongs_to :group, :class_name => 'Cms::Group'
-    belongs_to :user, :class_name => 'Cms::PersistentUser'
+    belongs_to :group, class_name: 'Cms::Group'
+    belongs_to :user, class_name: Cms.user_class_name
   end
 end

data/app/portlets/login_portlet.rb

@@ -1,11 +1,11 @@
 # Shows a 'Login' form.
 #
 # This portlet should not typically necessary in CMS 4.0 or later since there is a built
-# in /login route built in.
+# in /users/login route built in.
 class LoginPortlet < Cms::Portlet
 
   enable_template_editor false
-  description "Display a login form (Consider using /login instead)."
+  description "Display a login form (Consider using /users/login instead)."
 
   def render
   end

data/config/routes.rb

@@ -3,31 +3,30 @@
 #   be found in lib/cms/route_extensions.rb
 Cms::Engine.routes.draw do
   get 'fakemap', to: 'section_nodes#fake'
-  get '/content/:id/edit', :to => "content#edit", :as => 'edit_content'
-  get '/dashboard', :to => "dashboard#index", :as => 'dashboard'
-  get '/', :to => 'home#index', :as => 'home'
-  get '/sitemap', :to => "section_nodes#index", :as => 'sitemap'
-  get '/content_library', :to => "html_blocks#index", :as => 'content_library'
-  get '/administration', :to => "users#index", :as => 'administration'
-
-  devise_for :cms_users,
-             skip: [:sessions],
-             path: :users,
-             class_name: 'Cms::PersistentUser',
-             controllers: {passwords: 'cms/passwords'},
-             module: :devise
+  get '/content/:id/edit', to: 'content#edit', as: 'edit_content'
+  get '/dashboard', to: 'dashboard#index', as: 'dashboard'
+  get '/', to: 'home#index', as: 'home'
+  get '/sitemap', to: 'section_nodes#index', as: 'sitemap'
+  get '/content_library', to: 'html_blocks#index', as: 'content_library'
+  get '/administration', to: 'users#index', as: 'administration'
+
+  devise_for :cms_users, Cms.routes_devise_for_options
 
   devise_scope :cms_user do
-    get '/login' => "sessions#new", :as => 'login'
-    get '/login' => "sessions#new", :as => :new_cms_user_session
-    post '/login' => "sessions#create", :as => :cms_user_session
-    get '/logout' => "sessions#destroy", :as => 'logout'
+    controller = Cms.routes_devise_sessions_controller
+    get '/login' => "#{controller}#new", as: :login
+    get '/logout' => "#{controller}#destroy", as: :logout
 
+    # get '/login' => redirect { new_cms_user_session_path }, as: :login
+    # get '/logout' => redirect { destroy_cms_user_session_path }, as: :logout
   end
 
-  get '/toolbar', :to => "toolbar#index", :as => 'toolbar'
+  #user root path => go to dashboard
+  get '/dashboard' => 'dashboard#index', as: :cms_user_root
+
+  get '/toolbar', to: 'toolbar#index', as: 'toolbar'
 
-  put "/inline_content/:id", to: "inline_content#update", as: "update_inline_content"
+  put '/inline_content/:id', to: 'inline_content#update', as: 'update_inline_content'
   resources :page_components
   resources :connectors do
     member do
@@ -57,8 +56,8 @@ Cms::Engine.routes.draw do
     resources :tasks
   end
   get '/pages/:id/preview', to: 'content#preview', as: 'preview_page'
-  get '/pages/:id/version/:version', :to => 'pages#version', :as => 'version_page'
-  put '/pages/:id/revert_to/:version', :to => 'pages#revert_to', :as => 'revert_page'
+  get '/pages/:id/version/:version', to: 'pages#version', as: 'version_page'
+  put '/pages/:id/revert_to/:version', to: 'pages#revert_to', as: 'revert_page'
   resources :tasks do
     member do
       put :complete
@@ -77,7 +76,7 @@ Cms::Engine.routes.draw do
     end
   end
 
-  resources :attachments, :only => [:show, :create, :destroy]
+  resources :attachments, only: [:show, :create, :destroy]
 
   content_blocks :html_blocks
   content_blocks :forms
@@ -86,20 +85,20 @@ Cms::Engine.routes.draw do
       get :confirm_delete
     end
   end
-  post "form_fields/:id/insert_at/:position" => 'form_fields#insert_at'
-  get "/forms/:id/fields/preview" => 'form_fields#preview', as: 'preview_form_field'
+  post 'form_fields/:id/insert_at/:position' => 'form_fields#insert_at'
+  get '/forms/:id/fields/preview' => 'form_fields#preview', as: 'preview_form_field'
 
   resources :form_entries do
     collection do
       post :submit
     end
   end
-  put "/form_entries" => "form_entries#bulk_update"
+  put '/form_entries' => 'form_entries#bulk_update'
   # Faux nested resource for forms (not sure if #content_blocks allows for it.)
   get 'forms/:id/entries' => 'form_entries#index', as: 'entries'
 
   content_blocks :portlets
-  post '/portlet/:id/:handler', :to => "portlet#execute_handler", :as => "portlet_handler"
+  post '/portlet/:id/:handler', to: 'portlet#execute_handler', as: 'portlet_handler'
 
   content_blocks :file_blocks
   content_blocks :image_blocks
@@ -107,7 +106,7 @@ Cms::Engine.routes.draw do
   content_blocks :categories
   content_blocks :tags
 
-  get 'user' => "user#show", as: :current_user
+  get 'user' => 'user#show', as: :current_user
   resources :users, except: :show do
     member do
       get :change_password
@@ -119,16 +118,16 @@ Cms::Engine.routes.draw do
   resources :email_messages
   resources :groups
   resources :redirects
-  resources :page_partials, :controller => 'dynamic_views'
-  resources :page_templates, :controller => 'dynamic_views'
+  resources :page_partials, controller: 'dynamic_views'
+  resources :page_templates, controller: 'dynamic_views'
   resources :page_routes, except: :show do
-    resources :conditions, :controller => "page_route_conditions"
-    resources :requirements, :controller => "page_route_requirements"
+    resources :conditions, controller: 'page_route_conditions'
+    resources :requirements, controller: 'page_route_requirements'
   end
-  get 'cache', :to => 'cache#show', :as => 'cache'
-  delete 'cache', :to => 'cache#destroy'
+  get 'cache', to: 'cache#show', as: 'cache'
+  delete 'cache', to: 'cache#destroy'
 
-  get "/routes", :to => "routes#index", :as => 'routes'
+  get '/routes', to: 'routes#index', as: 'routes'
 
   add_routes_for_addressable_content_blocks
 end