browsercms 3.5.7 → 4.0.0.alpha

data/lib/acts_as_list.rb

@@ -29,7 +29,7 @@ module ActsAsList
     #   to give it an entire string that is interpolated if you need a tighter scope than just a foreign key.
     #   Example: <tt>acts_as_list :scope => 'todo_list_id = #{todo_list_id} AND completed = 0'</tt>
     def acts_as_list(options = {})
-      configuration = { :column => "position", :scope => "1 = 1" }
+      configuration = {:column => "position", :scope => "1 = 1"}
       configuration.update(options) if options.is_a?(Hash)
 
       configuration[:scope] = "#{configuration[:scope]}_id".intern if configuration[:scope].is_a?(Symbol) && configuration[:scope].to_s !~ /_id$/
@@ -156,17 +156,18 @@ module ActsAsList
     # Return the next higher item in the list.
     def higher_item
       return nil unless in_list?
-      acts_as_list_class.find(:first, :conditions =>
-        "#{scope_condition} AND #{position_column} < #{send(position_column).to_s}", :order => "#{position_column} DESC"
-      )
+      acts_as_list_class
+        .where("#{scope_condition} AND #{position_column} < #{send(position_column).to_s}")
+        .order("#{position_column} DESC")
+        .first
     end
 
     # Return the next lower item in the list.
     def lower_item
       return nil unless in_list?
-      acts_as_list_class.find(:first, :conditions =>
-        "#{scope_condition} AND #{position_column} > #{send(position_column).to_s}", :order => "#{position_column} ASC"
-      )
+      acts_as_list_class.where("#{scope_condition} AND #{position_column} > #{send(position_column).to_s}")
+        .order("#{position_column} ASC" )
+        .first
     end
 
     # Test if this record is in a list
@@ -175,82 +176,82 @@ module ActsAsList
     end
 
     private
-      def add_to_list_top
-        increment_positions_on_all_items
-      end
+    def add_to_list_top
+      increment_positions_on_all_items
+    end
 
-      def add_to_list_bottom
-        self[position_column] = bottom_position_in_list.to_i + 1
-      end
+    def add_to_list_bottom
+      self[position_column] = bottom_position_in_list.to_i + 1
+    end
 
-      # Overwrite this method to define the scope of the list changes
-      def scope_condition() "1" end
+    # Overwrite this method to define the scope of the list changes
+    def scope_condition()
+      "1"
+    end
 
-      # Returns the bottom position number in the list.
-      #   bottom_position_in_list    # => 2
-      def bottom_position_in_list(except = nil)
-        item = bottom_item(except)
-        item ? item.send(position_column) : 0
-      end
+    # Returns the bottom position number in the list.
+    #   bottom_position_in_list    # => 2
+    def bottom_position_in_list(except = nil)
+      item = bottom_item(except)
+      item ? item.send(position_column) : 0
+    end
 
-      # Returns the bottom item
-      def bottom_item(except = nil)
-        conditions = scope_condition
-        conditions = "#{conditions} AND #{self.class.primary_key} != #{except.id}" if except
-        acts_as_list_class.find(:first, :conditions => conditions, :order => "#{position_column} DESC")
-      end
+    # Returns the bottom item
+    def bottom_item(except = nil)
+      conditions = scope_condition
+      conditions = "#{conditions} AND #{self.class.primary_key} != #{except.id}" if except
+      acts_as_list_class.where(conditions).order("#{position_column} DESC").first
+    end
 
-      # Forces item to assume the bottom position in the list.
-      def assume_bottom_position
-        update_attribute(position_column, bottom_position_in_list(self).to_i + 1)
-      end
+    # Forces item to assume the bottom position in the list.
+    def assume_bottom_position
+      update_attribute(position_column, bottom_position_in_list(self).to_i + 1)
+    end
 
-      # Forces item to assume the top position in the list.
-      def assume_top_position
-        update_attribute(position_column, 1)
-      end
+    # Forces item to assume the top position in the list.
+    def assume_top_position
+      update_attribute(position_column, 1)
+    end
 
-      # This has the effect of moving all the higher items up one.
-      def decrement_positions_on_higher_items(position)
-        acts_as_list_class.update_all(
+    # This has the effect of moving all the higher items up one.
+    def decrement_positions_on_higher_items(position)
+      acts_as_list_class.update_all(
           "#{position_column} = (#{position_column} - 1)", "#{scope_condition} AND #{position_column} <= #{position}"
-        )
-      end
+      )
+    end
 
-      # This has the effect of moving all the lower items up one.
-      def decrement_positions_on_lower_items
-        return unless in_list?
-        acts_as_list_class.update_all(
-          "#{position_column} = (#{position_column} - 1)", "#{scope_condition} AND #{position_column} > #{send(position_column).to_i}"
-        )
-      end
+    # This has the effect of moving all the lower items up one.
+    def decrement_positions_on_lower_items
+      return unless in_list?
+      acts_as_list_class.where(
+          "#{scope_condition} AND #{position_column} > #{send(position_column).to_i}"
+      ).update_all("#{position_column} = (#{position_column} - 1)")
+    end
 
-      # This has the effect of moving all the higher items down one.
-      def increment_positions_on_higher_items
-        return unless in_list?
-        acts_as_list_class.update_all(
-          "#{position_column} = (#{position_column} + 1)", "#{scope_condition} AND #{position_column} < #{send(position_column).to_i}"
-        )
-      end
+    # This has the effect of moving all the higher items down one.
+    def increment_positions_on_higher_items
+      return unless in_list?
+      acts_as_list_class.where("#{scope_condition} AND #{position_column} < #{send(position_column).to_i}").update_all("#{position_column} = (#{position_column} + 1)")
+    end
 
-      # This has the effect of moving all the lower items down one.
-      def increment_positions_on_lower_items(position)
-        acts_as_list_class.update_all(
-          "#{position_column} = (#{position_column} + 1)", "#{scope_condition} AND #{position_column} >= #{position}"
-       )
-      end
+    # This has the effect of moving all the lower items down one.
+    def increment_positions_on_lower_items(position)
+      acts_as_list_class.where("#{scope_condition} AND #{position_column} >= #{position}").update_all(
+          "#{position_column} = (#{position_column} + 1)"
+      )
+    end
 
-      # Increments position (<tt>position_column</tt>) of all items in the list.
-      def increment_positions_on_all_items
-        acts_as_list_class.update_all(
-          "#{position_column} = (#{position_column} + 1)",  "#{scope_condition}"
-        )
-      end
+    # Increments position (<tt>position_column</tt>) of all items in the list.
+    def increment_positions_on_all_items
+      acts_as_list_class.where("#{scope_condition}").update_all(
+          "#{position_column} = (#{position_column} + 1)"
+      )
+    end
 
-      def insert_at_position(position)
-        remove_from_list
-        increment_positions_on_lower_items(position)
-        self.update_attribute(position_column, position)
-      end
+    def insert_at_position(position)
+      remove_from_list
+      increment_positions_on_lower_items(position)
+      self.update_attribute(position_column, position)
+    end
   end
 end

data/lib/browsercms.rb

@@ -1,8 +1,34 @@
+# Load all dependencies needed at boot time.
+require 'rails'
+require 'cms/configuration'
+require 'cms/version'
+require 'browsercms'
+
+require 'bootstrap-sass'
+require 'compass-rails'
+
+# Gem name is different than file name
+# Must be required FIRST, so that our assets paths appear before its do.
+# This allows app/assets/ckeditor/config.js to set CMS specific defaults.
+require 'ckeditor-rails'
+
+# Explicitly require this, so that CMS projects do not need to add it to their Gemfile
+# especially while upgrading
+require 'jquery-rails'
+require 'jquery-ui-rails'
+
+require 'underscore-rails'
+require 'will_paginate'
+require 'will_paginate/active_record'
+require 'actionpack/page_caching'
+require 'panoramic'
+require 'simple_form'
+require 'devise'
+
 require 'cms/engine'
 require 'cms/extensions'
 require 'cms/route_extensions'
 require 'cms/caching'
-require 'cms/addressable'
 require 'cms/error_pages'
 
 #Load libraries that are included with CMS
@@ -11,13 +37,23 @@ ActiveRecord::Base.send(:include, ActsAsList)
 
 require 'cms/acts'
 require 'cms/authentication'
+require 'cms/content_page'
+require 'cms/configuration/configurable_template'
 require 'cms/domain_support'
 require 'cms/authoring'
 require 'cms/date_picker'
 require 'cms/content_rendering_support'
 require 'cms/mobile_aware'
 require 'cms/attachments/configuration'
+require 'cms/controllers/admin_controller'
 require 'cms/default_accessible'
+require 'cms/admin_tab'
+require 'cms/publish_workflow'
+require 'cms/content_filter'
+require 'cms/polymorphic_single_table_inheritance'
+require 'cms/form_builder/default_input'
+require 'cms/form_builder/content_block_form_builder'
+require 'cms/form_builder/workflow_buttons'
 
 # This shouldn't be necessary, except for the need to get into the loadpath for testing.
 require 'command_line'
@@ -25,6 +61,10 @@ require 'command_line'
 #Include CMS Behaviors
 ActiveRecord::Base.send(:include, Cms::Acts::ContentBlock)
 require 'cms/behaviors'
+require 'cms/concerns'
+
 
 ActiveRecord::Base.send(:include, Cms::Acts::CmsUser)
+require 'cms/responders/content_responder'
 
+require "panoramic"

data/lib/cms/acts/content_block.rb

@@ -15,7 +15,8 @@ module Cms
         def acts_as_content_block(options={})
           defaults = {
               # Set default values here.
-              :allow_attachments => true
+              :allow_attachments => true,
+              :content_module => true
           }
           options = defaults.merge(options)
 
@@ -23,7 +24,7 @@ module Cms
             raise ArgumentError.new ":belongs_to_attachment option is no longer supported. Please use :has_attachments option"
           end
 
-          include Cms::DefaultAccessible
+          extend Cms::DefaultAccessible
           allow_attachments if options[:allow_attachments]
           is_archivable(options[:archiveable].is_a?(Hash) ? options[:archiveable] : {}) unless options[:archiveable] == false
           is_connectable(options[:connectable].is_a?(Hash) ? options[:connectable] : {}) unless options[:connectable] == false
@@ -37,7 +38,12 @@ module Cms
           is_versioned(options[:versioned].is_a?(Hash) ? options[:versioned] : {}) unless options[:versioned] == false
 
           include InstanceMethods
+
+          unless options[:content_module] == false
+            has_content_type
+          end
           extend Cms::Behaviors::Naming
+
         end
 
         module InstanceMethods
@@ -45,7 +51,11 @@ module Cms
             "#{self.class.name.demodulize.titleize} '#{name}'"
           end
         end
+
+
       end
+
+
     end
   end
 end

data/lib/cms/acts/content_page.rb

@@ -39,6 +39,9 @@ module Cms
         base.helper Cms::RenderingHelper
         base.helper Cms::MenuHelper
         base.helper Cms::Acts::PageHelper
+        base.helper Cms::UiElementsHelper
+        base.helper Cms::PathHelper
+        base.send :include, Cms::NavMenuHelper
       end
 
       # Allows a Controller method to set a page title for an action.
@@ -56,10 +59,6 @@ module Cms
         end
       end
 
-      def determine_page_layout
-        @page.layout
-      end
-
       module ClassMethods
 
         # Requires that some or all of the actions on this controller require the same permissions as a specific section of the website.

data/lib/cms/admin_tab.rb

@@ -0,0 +1,15 @@
+module Cms
+
+  # Any controller that is considered to be on the 'Admin' tab should include this.
+  module AdminTab
+    extend ActiveSupport::Concern
+
+    included do
+      before_filter :set_menu_section
+    end
+
+    def new_button_path
+      cms.new_user_path
+    end
+  end
+end

data/lib/cms/attachments/configuration.rb

@@ -45,7 +45,7 @@ module Cms
 
       # Set default configurations for Attachments.
       def initialize
-        self.url = ":attachment_file_path"
+        self.url = Rails.configuration.cms.attachments[:url] || ":attachment_file_path"
         self.path = ":attachments_root/:id_partition/:style/:fingerprint"
         self.styles = {}
         self.processors = [:thumbnail]

data/lib/cms/authentication/controller.rb

@@ -5,11 +5,6 @@
 # class MySuperSecureController < ApplicationController
 #   include Cms::Authentication::Controller
 #
-# It is based off Restful_Authentication, and adds in behavior to deal with several concepts specific to BrowserCMS.
-#
-# (Note: 10/8/09 - I was comparing this to a very old version of the generated code from Restful_Authentication,
-# so some of the following items may be 'stock' to that. (Especially #2)
-#
 # 1. Guests - These represents users that are not logged in. What guests can see and do can be modified via the CMS UI. Guests
 #             are not considered to be 'logged in'.
 # 2. 'Current' User - The currently logged in user is stored in a thread local, and can be accessed anywhere via 'Cms::User.current'.
@@ -25,189 +20,100 @@
 module Cms
   module Authentication
     module Controller
-      protected
-        # Returns true or false if the user is logged in.
-        # Preloads Cms::User.current with the user model if they're logged in.
-        def logged_in?
-          !current_user.nil? && !current_user.guest?
-        end
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      def self.included(base)
+        base.send :helper_method, :current_user, :logged_in? if base.respond_to? :helper_method
+        base.extend ClassMethods
+      end
 
-        # Accesses the current user from the session or 'remember me' cookie.
-        # If the user is not logged in, this will be set to the guest user, which represents a public
-        # user, who will likely have more limited permissions
-        def current_user
-          # Note: We have disabled basic_http_auth
-          @current_user ||= begin
-            Cms::User.current = (login_from_session || login_from_cookie || Cms::User.guest)  
-          end
-        end
 
-        # Store the given user id in the session.
-        def current_user=(new_user)
-          session[:user_id] = new_user ? new_user.id : nil
-          @current_user = new_user || false
-          Cms::User.current = @current_user
-        end
+      module ClassMethods
 
-        # Check if the user is authorized
+        # Determines if the current user has at least one of the following permissions. Sets up a before_action that
+        # enforces permissions.
         #
-        # Override this method in your controllers if you want to restrict access
-        # to only a few actions or if you want to check if the user
-        # has the correct rights.
+        # @param [Symbol, Array<Symbol>] perms One or more permissions.
+        # @raise [Cms::Errors::AccessDenied] If the current_user doesn't have ANY of the given permissions.
         #
         # Example:
-        #
-        #  # only allow nonbobs
-        #  def authorized?
-        #    current_user.login != "bob"
-        #  end
-        #
-        def authorized?(action=nil, resource=nil, *args)
-          logged_in?
-        end
-
-        # Filter method to enforce a login requirement.
-        #
-        # To require logins for all actions, use this in your controllers:
-        #
-        #   before_filter :login_required
-        #
-        # To require logins for specific actions, use this in your controllers:
-        #
-        #   before_filter :login_required, :only => [ :edit, :update ]
-        #
-        # To skip this in a subclassed controller:
-        #
-        #   skip_before_filter :login_required
-        #
-        def login_required
-          authorized? || access_denied
-        end
-
-        # Redirect as appropriate when an access request fails.
-        #
-        # The default action is to redirect to the BrowserCMS admin login screen.
-        #
-        # Override this method in your controllers if you want to have special
-        # behavior in case the user is not authorized
-        # to access the requested action.  For example, a popup window might
-        # simply close itself.
-        def access_denied
-          respond_to do |format|
-            format.html do
-              store_location
-              redirect_to cms.login_path
-            end
-          end
-        end
-
-        # Store the URI of the current request in the session.
-        #
-        # We can return to this location by calling #redirect_back_or_default.
-        def store_location
-          session[:return_to] = request.fullpath
-        end
-
-        # Redirect to the URI stored by the most recent store_location call or
-        # to the passed default.  Set an appropriately modified
-        #   after_filter :store_location, :only => [:index, :new, :show, :edit]
-        # for any controller you want to be bounce-backable.
-        def redirect_back_or_default(default)
-          redirect_to(session[:return_to] || default)
-          session[:return_to] = nil
-        end
-
-        # Inclusion hook to make #current_user and #logged_in?
-        # available as ActionView helper methods.
-        def self.included(base)
-          base.send :helper_method, :current_user, :logged_in?, :authorized? if base.respond_to? :helper_method
-        end
-
-        #
-        # Login
-        #
-
-        # Called from #current_user.  First attempt to login by the user id stored in the session.
-        def login_from_session
-          self.current_user = Cms::User.find_by_id(session[:user_id]) if session[:user_id]
-        end
-
-        # Called from #current_user.  Now, attempt to login by basic authentication information.
-        def login_from_basic_auth
-          authenticate_with_http_basic do |login, password|
-            self.current_user = Cms::User.authenticate(login, password)
-          end
-        end
-    
-        #
-        # Logout
-        #
-
-        # Called from #current_user.  Finaly, attempt to login by an expiring token in the cookie.
-        # for the paranoid: we _should_ be storing user_token = hash(cookie_token, request IP)
-        def login_from_cookie
-          user = cookies[:auth_token] && Cms::User.find_by_remember_token(cookies[:auth_token])
-          if user && user.remember_token?
-            self.current_user = user
-            handle_remember_cookie! false # freshen cookie token (keeping date)
-            self.current_user
+        # class MyCustomController < Cms::ApplicationController
+        #   check_permissions :publish_content, :except => [:index]
+        # end
+        def check_permissions(*perms)
+          opts = Hash === perms.last ? perms.pop : {}
+          before_filter(opts) do |controller|
+            raise Cms::Errors::AccessDenied unless controller.send(:current_user).able_to?(*perms)
           end
         end
+      end
 
-        # This is ususally what you want; resetting the session willy-nilly wreaks
-        # havoc with forgery protection, and is only strictly necessary on login.
-        # However, **all session state variables should be unset here**.
-        def logout_keeping_session!
-          # Kill server-side auth cookie
-          Cms::User.current.forget_me if Cms::User.current.is_a? User
-          Cms::User.current = false     # not logged in, and don't do it for me
-          kill_remember_cookie!     # Kill client-side auth cookie
-          session[:user_id] = nil   # keeps the session but kill our variable
-          # explicitly kill any other session variables you set
-        end
-
-        # The session should only be reset at the tail end of a form POST --
-        # otherwise the request forgery protection fails. It's only really necessary
-        # when you cross quarantine (logged-out to logged-in).
-        def logout_killing_session!
-          logout_keeping_session!
-          reset_session
-        end
-    
-        #
-        # Remember_me Tokens
-        #
-        # Cookies shouldn't be allowed to persist past their freshness date,
-        # and they should be changed at each login
-
-        # Cookies shouldn't be allowed to persist past their freshness date,
-        # and they should be changed at each login
-        def valid_remember_cookie?
-          return nil unless Cms::User.current
-          (Cms::User.current.remember_token?) && 
-            (cookies[:auth_token] == Cms::User.current.remember_token)
-        end
-    
-        # Refresh the cookie auth token if it exists, create it otherwise
-        def handle_remember_cookie! new_cookie_flag
-          return unless Cms::User.current
-          case
-          when valid_remember_cookie? then Cms::User.current.refresh_token # keeping same expiry date
-          when new_cookie_flag        then Cms::User.current.remember_me 
-          else                             Cms::User.current.forget_me
+      protected
+      # Returns true or false if the user is logged in.
+      # Preloads Cms::User.current with the user model if they're logged in.
+      def logged_in?
+        !current_user.nil? && !current_user.guest?
+      end
+
+      # Returns the current user if logged in. If no user is logged in, returns the 'Guest' user which represents a
+      # what a visitor can do without being logged in.
+      def current_user
+        @current_user ||= begin
+          Cms::PersistentUser.current = current_cms_user || Cms::User.guest
+        end
+      end
+
+      # Redirect as appropriate when an access request fails.
+      #
+      # The default action is to redirect to the BrowserCMS admin login screen.
+      #
+      # Override this method in your controllers if you want to have special
+      # behavior in case the user is not authorized
+      # to access the requested action.  For example, a popup window might
+      # simply close itself.
+      def access_denied
+        respond_to do |format|
+          format.html do
+            store_location
+            redirect_to cms.login_path
           end
-          send_remember_cookie!
-        end
-  
-        def kill_remember_cookie!
-          cookies.delete :auth_token
-        end
-    
-        def send_remember_cookie!
-          cookies[:auth_token] = {
-            :value   => Cms::User.current.remember_token,
-            :expires => Cms::User.current.remember_token_expires_at }
         end
+      end
+
+      # Store the URI of the current request in the session.
+      #
+      # We can return to this location by calling #redirect_back_or_default.
+      def store_location
+        session[:return_to] = request.fullpath
+      end
+
+      # Redirect to the URI stored by the most recent store_location call or
+      # to the passed default.  Set an appropriately modified
+      #   after_filter :store_location, :only => [:index, :new, :show, :edit]
+      # for any controller you want to be bounce-backable.
+      def redirect_back_or_default(default)
+        redirect_to(session[:return_to] || default)
+        session[:return_to] = nil
+      end
+
+      # This is ususally what you want; resetting the session willy-nilly wreaks
+      # havoc with forgery protection, and is only strictly necessary on login.
+      # However, **all session state variables should be unset here**.
+      def logout_keeping_session!
+        # Kill server-side auth cookie
+        Cms::PersistentUser.current.forget_me if Cms::User.current.is_a? User
+        Cms::PersistentUser.current = false # not logged in, and don't do it for me
+        session[:user_id] = nil # keeps the session but kill our variable
+        # explicitly kill any other session variables you set
+      end
+
+      # The session should only be reset at the tail end of a form POST --
+      # otherwise the request forgery protection fails. It's only really necessary
+      # when you cross quarantine (logged-out to logged-in).
+      def logout_killing_session!
+        logout_keeping_session!
+        reset_session
+      end
 
     end
   end