browsercms_s3 3.0.4 → 3.0.5

data/README.markdown

@@ -50,6 +50,7 @@ The user documentation and guides for this version of the application can be fou
 
 1. http://browsercms.org/doc/guides/html/index.html - User guides and manuals that cover the features and general functionality of the project. (Found locally at doc/guides/html/index.html)
 2. http://browsercms.org/doc/app/index.html - The RDoc API documenation (locally at doc/app/index.html)
+3. http://wiki.github.com/browsermedia/browsercms - The project wiki
 
 ## Modifying the source
 If you want to experiment with the source code, the BrowserCMS project can bootstrap itself as a web application. This allows developers who want to contribute to the project to easily alter and test changes. To run the application itself, do the following:

data/app/controllers/cms/content_controller.rb

@@ -58,7 +58,7 @@ class Cms::ContentController < Cms::ApplicationController
   # if caching is not enabled
   def render_page
     @_page_route.execute(self) if @_page_route
-    prepare_connectables_for_render unless (logged_in? && current_user.able_to?(:administrate, :edit_content, :publish_content))
+    prepare_connectables_for_render 
     render :layout => @page.layout, :action => 'show'
   end
   
@@ -95,7 +95,7 @@ class Cms::ContentController < Cms::ApplicationController
         @template.instance_variable_set("#{v}", nil)
       end
       
-      prepare_connectables_for_render unless (logged_in? && current_user.able_to?(:administrate, :edit_content, :publish_content))
+      prepare_connectables_for_render
       render :layout => @page.layout, :template => 'cms/content/show', :status => status
     else
       handle_server_error(exception)
@@ -105,23 +105,28 @@ class Cms::ContentController < Cms::ApplicationController
   # If any of the page's connectables (portlets, etc) are renderable, they may have a render method
   # which does "controller" stuff, so we need to get that run before rendering the page.
   def prepare_connectables_for_render
-    worst_exception = nil
-    @page.connectables_by_connector.values.each do |c| 
-      begin
-        c.prepare_to_render(self) 
-      rescue
-        logger.debug "THROWN EXCEPTION by connectable #{c}: #{$!}"
-        case $!
-        when ActiveRecord::RecordNotFound
-          raise
-        when Cms::Errors::AccessDenied
-          worst_exception = $!
-         else
-          c.render_exception = $!
+
+    @_connectors = @page.connectors.for_page_version(@page.version)
+    @_connectables = @_connectors.map(&:connectable_with_deleted)
+    unless (logged_in? && current_user.able_to?(:administrate, :edit_content, :publish_content))
+      worst_exception = nil
+      @_connectables.each do |c|
+        begin
+          c.prepare_to_render(self) 
+        rescue
+          logger.debug "THROWN EXCEPTION by connectable #{c}: #{$!}"
+          case $!
+          when ActiveRecord::RecordNotFound
+            raise
+          when Cms::Errors::AccessDenied
+            worst_exception = $!
+          else
+            c.render_exception = $!
+          end
         end
       end
-    end
-    raise worst_exception if worst_exception
+      raise worst_exception if worst_exception
+    end 
   end 
 
   # ----- Before Filters -------------------------------------------------------

data/app/controllers/cms/pages_controller.rb

@@ -1,5 +1,5 @@
 class Cms::PagesController < Cms::BaseController
-  
+ 
   before_filter :set_toolbar_tab
   before_filter :load_section, :only => [:new, :create]
   before_filter :load_page, :only => [:versions, :version, :revert_to, :destroy]
@@ -18,7 +18,7 @@ class Cms::PagesController < Cms::BaseController
   def show
     redirect_to Page.find(params[:id]).path
   end
-  
+ 
   def create
     @page = Page.new(params[:page])
     @page.section = @section
@@ -38,7 +38,7 @@ class Cms::PagesController < Cms::BaseController
       render :action => "edit"
     end
   rescue ActiveRecord::StaleObjectError => e
-    @other_version = @page.class.find(@page.id) 
+    @other_version = @page.class.find(@page.id)
     render :action => "edit"
   end
 
@@ -55,7 +55,7 @@ class Cms::PagesController < Cms::BaseController
       end
     end
   end
-  
+ 
   #status actions
   {:publish => "published", :hide => "hidden", :archive => "archived"}.each do |status, verb|
     define_method status do
@@ -74,25 +74,27 @@ class Cms::PagesController < Cms::BaseController
       end
     end
   end
-  
+ 
   def version
     @page = @page.as_of_version(params[:version])
     @show_toolbar = true
     @show_page_toolbar = true
+    @_connectors = @page.connectors.for_page_version(@page.version)
+    @_connectables = @_connectors.map(&:connectable_with_deleted)   
     render :layout => @page.layout, :template => 'cms/content/show'
-  end  
-  
+  end 
+ 
   def revert_to
     if @page.revert_to(params[:version])
       flash[:notice] = "Page '#{@page.name}' was reverted to version #{params[:version]}"
     end
-    
+   
     respond_to do |format|
       format.html { redirect_to @page.path }
       format.js { render :template => 'cms/shared/show_notice' }
-    end    
+    end   
   end
-  
+ 
   private
     def strip_publish_params
       unless current_user.able_to?(:publish_content)
@@ -105,17 +107,17 @@ class Cms::PagesController < Cms::BaseController
       @page = Page.find(params[:id])
       raise Cms::Errors::AccessDenied unless current_user.able_to_edit?(@page)
     end
-    
+   
     def load_draft_page
       load_page
       @page = @page.as_of_draft_version
     end
-  
+ 
     def load_section
       @section = Section.find(params[:section_id])
       raise Cms::Errors::AccessDenied unless current_user.able_to_edit?(@section)
     end
-    
+   
     def hide_toolbar
       @hide_page_toolbar = true
     end
@@ -123,9 +125,9 @@ class Cms::PagesController < Cms::BaseController
     def set_toolbar_tab
       @toolbar_tab = :sitemap
     end
-    
+   
     def load_templates
       @templates = PageTemplate.options
     end
-    
+   
 end

data/app/controllers/cms/sessions_controller.rb

@@ -3,11 +3,11 @@ class Cms::SessionsController < Cms::ApplicationController
 
   before_filter :redirect_to_cms_site, :only => [:new]
   layout "cms/login"
-  
+
   def new
-    
+
   end
-  
+
   def create
     logout_keeping_session!
     user = User.authenticate(params[:login], params[:password])
@@ -21,7 +21,7 @@ class Cms::SessionsController < Cms::ApplicationController
       handle_remember_cookie! new_cookie_flag
       flash[:notice] = "Logged in successfully"
       if params[:success_url] # Coming from login portlet
-        redirect_to(session[:return_to] || params[:success_url] || "/")          
+        redirect_to((!params[:success_url].blank? && params[:success_url]) || session[:return_to] || "/")
         session[:return_to] = nil
       else
         redirect_back_or_default(cms_home_url)
@@ -30,7 +30,7 @@ class Cms::SessionsController < Cms::ApplicationController
       note_failed_signin
       @login       = params[:login]
       @remember_me = params[:remember_me]
-      flash[:login_error] = "Log in failed"  
+      flash[:login_error] = "Log in failed"
       if params[:success_url] # Coming from login portlet
         if params[:success_url].blank?
           success_url = session[:return_to] || "/"
@@ -42,23 +42,30 @@ class Cms::SessionsController < Cms::ApplicationController
         flash[:success_url] = success_url
         redirect_to request.referrer
       else
-        render :action => "new" 
-      end 
+        render :action => "new"
+      end
     end
   end
 
   def destroy
+    logout_user
+    redirect_back_or_default("/")
+  end
+
+  protected
+
+  # Pulled this out as a separate method so that modules (like bcms_cas) can override/alias destroy and
+  # not have a redirect happen as a side effect.
+  def logout_user
     logout_killing_session!
     cookies.delete :openSectionNodes
     flash[:notice] = "You have been logged out."
-    redirect_back_or_default("/")
   end
 
-protected
   # Track failed login attempts
   def note_failed_signin
     flash[:error] = "Couldn't log you in as '#{params[:login]}'"
     logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
   end
-  
+
 end

data/app/helpers/cms/menu_helper.rb

@@ -22,7 +22,7 @@ module Cms
     # * <tt>:children</tt> - An array of hashes containing the child menu items. This is where the
     #   tree structure comes in.
     def render_menu(options = {})
-      options[:items] ||= menu_items
+      options[:items] ||= menu_items(options)
       options[:partial] ||= "cms/menus/menu"
       options[:id] ||= "menu"
       options[:class] ||= "menu"

data/app/models/group.rb

@@ -1,5 +1,11 @@
+#
+# A group represents a collection of permissions. Each User can be assigned to one or more groups, and the sum of
+# their permissions from all groups combined represents what they can do.
+#
 class Group < ActiveRecord::Base
-  
+
+  GUEST_CODE = "guest"
+
   has_many :user_group_memberships
   has_many :users, :through => :user_group_memberships
   
@@ -26,5 +32,10 @@ class Group < ActiveRecord::Base
   def cms_access?
     group_type && group_type.cms_access?
   end
-  
+
+  # Finds the guest group, which is a special group that represents public non-logged in users.
+  def self.guest
+    with_code(GUEST_CODE).first
+  end
+
 end

data/app/models/guest_user.rb

@@ -1,7 +1,13 @@
+#
+# Guests are a special user that represents a non-logged in user. The main reason to create an explicit
+# instance of this type of user is so that the permissions a Guest user can have can be set via the Admin interface.
+#
+# Every request that a non-logged in user makes will use this User's permissions to determine what they can/can't do.
+#
 class GuestUser < User
-  
+
   def initialize(attributes={})
-    super({:login => "guest", :first_name => "Anonymous", :last_name => "User"}.merge(attributes))
+    super({:login => Group::GUEST_CODE, :first_name => "Anonymous", :last_name => "User"}.merge(attributes))
     @guest = true
   end
     
@@ -18,7 +24,7 @@ class GuestUser < User
   end
   
   def group
-    @group ||= Group.find_by_code("guest")
+    @group ||= Group.guest
   end
   
   def groups

data/app/models/page.rb

@@ -151,17 +151,6 @@ class Page < ActiveRecord::Base
   def delete_connectors
     connectors.for_page_version(version).all.each{|c| c.destroy }
   end
-  
-  def connectables_by_connector
-    @connectables_by_connector ||= connectors.for_page_version(version).inject({}) do |mem, connector|
-      connectable = connector.connectable_with_deleted
-      if connectable.class.versioned?
-        connectable = connectable.as_of_version(connector.connectable_version)
-      end
-      mem[connector] = connectable
-      mem
-    end
-  end
          
   #This is done to let copy_connectors know which version to pull from
   #copy_connectors will get called later as an after_update callback

data/app/views/cms/blocks/index.html.erb

@@ -1,4 +1,5 @@
 <% content_for(:html_head) do %>
+<%= javascript_include_tag "cms/content_library" %>
   <% javascript_tag do %>
     jQuery(function($){
       var collectionName = '<%= content_type.model_class.name.underscore.pluralize %>'

data/app/views/cms/content/show.html.erb

@@ -12,9 +12,9 @@
   <iframe src="<%=h cms_toolbar_path(:page_id => @page.id, :page_version => @page.version, :mode => @mode, :page_toolbar => @show_page_toolbar ? 1 : 0) %>" width="100%" height="<%= @show_page_toolbar ? 159 : 100 %>px" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" name="cms_toolbar"></iframe>
 <% end %>
 
-<% @page.connectables_by_connector.each_pair do |connector, connectable| %>
+<% @_connectors.each_with_index do |connector, i| %>
   <% content_for(connector.container.to_sym) do %>
-    <%= render_connector_and_connectable(connector, connectable) %>
+    <%= render_connector_and_connectable(connector, @_connectables[i]) %>
   <% end %>
 <% end %> 
 

data/browsercms.gemspec

@@ -1,15 +1,15 @@
 # Generated by jeweler
-# DO NOT EDIT THIS FILE
-# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
   s.name = %q{browsercms}
-  s.version = "3.0.3"
+  s.version = "3.0.5"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["BrowserMedia"]
-  s.date = %q{2009-10-28}
+  s.date = %q{2009-11-09}
   s.email = %q{github@browsermedia.com}
   s.extra_rdoc_files = [
     "LICENSE.txt",
@@ -1172,6 +1172,7 @@ Gem::Specification.new do |s|
      "public/images/cms/usercontrols_bg.png",
      "public/images/cms/usercontrols_bg_cap.png",
      "public/javascripts/cms/application.js",
+     "public/javascripts/cms/content_library.js",
      "public/javascripts/cms/editor.js",
      "public/javascripts/cms/sitemap.js",
      "public/javascripts/jquery-ui.js",
@@ -1315,3 +1316,4 @@ Gem::Specification.new do |s|
   else
   end
 end
+

data/lib/cms/authentication/controller.rb

@@ -1,3 +1,27 @@
+#
+# Defines the authentication behavior for controllers in BrowserCMS. It can be added to any controller that needs to 
+# hook into the BrowserCMS Authentication behavior like so:
+#
+# class MySuperSecureController < ApplicationController
+#   include Cms::Authentication::Controller
+#
+# It is based off Restful_Authentication, and adds in behavior to deal with several concepts specific to BrowserCMS.
+#
+# (Note: 10/8/09 - I was comparing this to a very old version of the generated code from Restful_Authentication,
+# so some of the following items may be 'stock' to that. (Especially #2)
+#
+# 1. Guests - These represents users that are not logged in. What guests can see and do can be modified via the CMS UI. Guests
+#             are not considered to be 'logged in'.
+# 2. 'Current' User - The currently logged in user is stored in a thread local, and can be accessed anywhere via 'User.current'.
+#             This allows model code to easily record which user is making changes to records, for versioning, etc.
+#
+# 3. 'Admin' Access Denied Page - If users try to access a protected controller, they are redirected to the CMS administration Login page
+#             which may be different than the 'front end' user login page. (Cms::Controller handles that differently)
+#
+#
+# To Dos: It appears as though we are storing the 'current' user in two places, @current_user and User.current. This is probably not DRY, but
+#   more testing would be needed.
+#
 module Cms
   module Authentication
     module Controller
@@ -12,6 +36,7 @@ module Cms
         # If the user is not logged in, this will be set to the guest user, which represents a public
         # user, who will likely have more limited permissions
         def current_user
+          # Note: We have disabled basic_http_auth
           @current_user ||= begin
             User.current = (login_from_session || login_from_cookie || User.guest)  
           end
@@ -61,7 +86,7 @@ module Cms
 
         # Redirect as appropriate when an access request fails.
         #
-        # The default action is to redirect to the login screen.
+        # The default action is to redirect to the BrowserCMS admin login screen.
         #
         # Override this method in your controllers if you want to have special
         # behavior in case the user is not authorized
@@ -73,11 +98,6 @@ module Cms
               store_location
               redirect_to cms_login_path
             end
-            # format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987
-            # you may want to change format.any to e.g. format.any(:js, :xml)
-            # format.any do
-            #   request_http_basic_authentication 'Web Password'
-            # end
           end
         end
 
@@ -162,7 +182,6 @@ module Cms
 
         # Cookies shouldn't be allowed to persist past their freshness date,
         # and they should be changed at each login
-
         def valid_remember_cookie?
           return nil unless User.current
           (User.current.remember_token?) && 

data/public/javascripts/cms/content_library.js

@@ -0,0 +1,36 @@
+jQuery(function($){
+    
+    //----- Helper Functions -----------------------------------------------------
+    //In all of this code, we are defining functions that we use later
+    //None of this actually manipulates the DOM in any way
+    
+    //This is used to get the id part of an elementId
+    //For example, if you have section_node_5, 
+    //you pass this 'section_node_5', 'section_node' 
+    //and this returns 5
+    var getId = function(elementId, s) {
+	return elementId.replace(s,'')
+    }
+    
+
+    var nodeOnDoubleClick = function() {
+	if($('#edit_button').hasClass('disabled')) {
+	    //$('#view_button').click()
+	    location.href = $('#view_button')[0].href
+	} else {
+	    //$('#edit_button').click()      
+	    location.href = $('#edit_button')[0].href
+	}
+    }
+    
+    var addNodeOnDoubleClick = function() {
+	$('#blocks tr').dblclick(nodeOnDoubleClick)
+    }
+    
+    //----- Init -----------------------------------------------------------------
+    //In other words, stuff that happens when the page loads
+    //This is where we actually manipulate the DOM, fire events, etc.
+    
+    addNodeOnDoubleClick()
+
+})

data/test/functional/cms/content_controller_test.rb

@@ -230,7 +230,7 @@ class Cms::ContentCachingEnabledControllerTest < ActionController::TestCase
     ActionController::Base.perform_caching = true
     @page = Factory(:page, :section => root_section, :name => "Test Page", :path => "/page", :publish_on_save => true)
     @registered_user = Factory(:user)
-    @registered_user.groups << Group.with_code("guest").first
+    @registered_user.groups << Group.guest
   end
 
   def teardown
@@ -315,7 +315,7 @@ class Cms::ContentCachingDisabledControllerTest < ActionController::TestCase
     ActionController::Base.perform_caching = false
     @page = Factory(:page, :section => root_section, :name => "Test Page", :path => "/page", :publish_on_save => true)
     @registered_user = Factory(:user)
-    @registered_user.groups << Group.with_code("guest").first
+    @registered_user.groups << Group.guest
   end
 
   def test_guest_user_views_page_on_public_site

data/test/functional/cms/pages_controller_test.rb

@@ -66,6 +66,13 @@ class Cms::PagesControllerTest < ActionController::TestCase
     end
   end
 
+ def test_version
+    create_page
+    @page.update_attributes(:name => "V2")
+    get :version, :id => @page.to_param, :version => 1
+    assert_response :success
+  end
+
   def test_revert_to
     create_page
     @page.update_attributes(:name => "V2")

data/test/functional/cms/sessions_controller_test.rb

@@ -2,6 +2,9 @@ require File.join(File.dirname(__FILE__), '/../../test_helper')
 
 class Cms::SessionsControllerTest < ActionController::TestCase
   include Cms::ControllerTestHelper
+  def teardown
+    User.current = nil
+  end
   
   def test_not_redirected_to_cms_site_if_public_site
     @request.host = "foo.com"
@@ -19,6 +22,22 @@ class Cms::SessionsControllerTest < ActionController::TestCase
     assert_select "title", "CMS Login"
   end
   
+  def test_return_to
+    user = Factory(:user)
+    expected_url = "/expected_url"
+
+    post :create, {:success_url => "", :login => user.login, :password => "password"}, {:return_to => expected_url }
+    assert_redirected_to(expected_url)
+  end
+  def test_success_url_overrides_return_to
+    user = Factory(:user)
+    expected_url = "/expected_url"
+
+    post :create, {:success_url => expected_url, :login => user.login, :password => "password"}, {:return_to => "/somewhere_else" }
+
+    assert_redirected_to(expected_url)
+  end
+  
 end
 
 class Cms::SessionsControllerCacheEnabledTest < ActionController::TestCase
@@ -48,5 +67,10 @@ class Cms::SessionsControllerCacheEnabledTest < ActionController::TestCase
     log @response.body
     assert_select "title", "CMS Login"
   end
-  
-end
+
+  test "destroy" do
+    Cms::SessionsController.any_instance.expects(:logout_user)
+    delete :destroy
+    assert_redirected_to "/" 
+  end
+end

data/test/test_helper.rb

@@ -99,7 +99,7 @@ class ActiveSupport::TestCase
   end
 
   def guest_group
-    Group.find_by_code("guest") || Factory(:group, :code => "guest")
+    Group.guest || Factory(:group, :code => Group::GUEST_CODE)
   end  
 
   def login_as(user)

data/test/unit/models/group_test.rb

@@ -4,4 +4,10 @@ class GroupTest < ActiveSupport::TestCase
   def test_valid
     assert Factory.build(:group).valid?
   end
+
+  test "Find guest group via method" do
+    expected = Group.find_by_code(Group::GUEST_CODE)
+    assert_not_nil expected, "Validates that our fixture code is loading a guest user into the database."
+    assert_equal expected, Group.guest
+  end
 end

data/test/unit/models/user_test.rb

@@ -72,7 +72,7 @@ end
 class UserPermissionsTest < ActiveSupport::TestCase
   def setup
     @user = Factory(:user)
-    @guest_group = Group.first(:conditions => {:code => "guest"})    
+    @guest_group = Group.guest
   end
   
   def test_user_permissions
@@ -210,7 +210,7 @@ end
 class GuestUserTest < ActiveSupport::TestCase
   def setup
     @user = User.guest
-    @guest_group = Group.with_code("guest").first
+    @guest_group = Group.guest
     @public_page = Factory(:page, :section => root_section)
     @protected_section = Factory(:section, :parent => root_section)
     @protected_page = Factory(:page, :section => @protected_section)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: browsercms_s3
 version: !ruby/object:Gem::Version 
-  version: 3.0.4
+  version: 3.0.5
 platform: ruby
 authors: 
 - Anthony Underwood
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-10-31 00:00:00 +00:00
+date: 2009-11-10 00:00:00 +00:00
 default_executable: 
 dependencies: []
 
@@ -1179,6 +1179,7 @@ files:
 - public/images/cms/usercontrols_bg.png
 - public/images/cms/usercontrols_bg_cap.png
 - public/javascripts/cms/application.js
+- public/javascripts/cms/content_library.js
 - public/javascripts/cms/editor.js
 - public/javascripts/cms/sitemap.js
 - public/javascripts/jquery-ui.js