caboose-cms 0.0.2

data/app/controllers/caboose/permissions_controller.rb

@@ -0,0 +1,83 @@
+class PermissionsController < ApplicationController
+  # GET /permissions
+  # GET /permissions.json
+  def index
+    @permissions = Permission.all
+
+    respond_to do |format|
+      format.html # index.html.erb
+      format.json { render json: @permissions }
+    end
+  end
+
+  # GET /permissions/1
+  # GET /permissions/1.json
+  def show
+    @permission = Permission.find(params[:id])
+
+    respond_to do |format|
+      format.html # show.html.erb
+      format.json { render json: @permission }
+    end
+  end
+
+  # GET /permissions/new
+  # GET /permissions/new.json
+  def new
+    @permission = Permission.new
+
+    respond_to do |format|
+      format.html # new.html.erb
+      format.json { render json: @permission }
+    end
+  end
+
+  # GET /permissions/1/edit
+  def edit
+    @permission = Permission.find(params[:id])
+  end
+
+  # POST /permissions
+  # POST /permissions.json
+  def create
+    @permission = Permission.new(params[:permission])
+
+    respond_to do |format|
+      if @permission.save
+        format.html { redirect_to @permission, notice: 'Permission was successfully created.' }
+        format.json { render json: @permission, status: :created, location: @permission }
+      else
+        format.html { render action: "new" }
+        format.json { render json: @permission.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # PUT /permissions/1
+  # PUT /permissions/1.json
+  def update
+    @permission = Permission.find(params[:id])
+
+    respond_to do |format|
+      if @permission.update_attributes(params[:permission])
+        format.html { redirect_to @permission, notice: 'Permission was successfully updated.' }
+        format.json { head :no_content }
+      else
+        format.html { render action: "edit" }
+        format.json { render json: @permission.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /permissions/1
+  # DELETE /permissions/1.json
+  def destroy
+    @permission = Permission.find(params[:id])
+    @permission.destroy
+
+    respond_to do |format|
+      format.html { redirect_to permissions_url }
+      format.json { head :no_content }
+    end
+  end
+end

data/app/controllers/caboose/roles_controller.rb

@@ -0,0 +1,109 @@
+module Caboose
+  class RolesController < ApplicationController
+    
+    # GET /roles
+    def index
+      return if !user_is_allowed('roles', 'view')
+      top_roles = Role.tree
+      arr = []
+      top_roles.each { |r| arr += add_role_options(r, 0) }
+      @roles = arr        
+    end
+    
+    # GET /roles/new
+    def new
+      return if !user_is_allowed('roles', 'add')
+      @role = Role.new
+    end
+    
+    # GET /roles/1/edit
+    def edit
+      return if !user_is_allowed('roles', 'edit')
+      @role = Role.find(params[:id])
+      @users = User.users_with_role(@role.id)
+    end
+    
+    # POST /roles
+    def create
+      return if !user_is_allowed('roles', 'add')
+      
+      resp = StdClass.new({
+          'error' => nil,
+          'redirect' => nil
+      })
+      
+      role = Role.new()
+      role.parent_id = params[:parent_id]
+      role.name = params[:name]    
+      role.save
+      
+      resp.redirect = "/roles/#{role.id}/edit"
+      render json: resp
+    end
+    
+    # PUT /roles/1
+    def update
+      return if !user_is_allowed('roles', 'edit')
+      
+      resp = StdClass.new     
+      role = Role.find(params[:id])
+      name = params[:name]
+      value = params[:value]
+      
+      save = true
+      case name
+    		when "name"
+    		  role.name = value
+    		when "parent_id"			  
+    		  if (role.id == value)
+    		    resp.error = "You can't set the parent to be this role."
+    		    save = false
+    			#elsif (role.is_parent_of(value))
+    			#  resp.error = "You can't set the parent to be one of the child roles."
+    			#  save = false
+    			else
+    			  role.parent_id = value
+    			end
+    		when "users"
+    		  role.users = []
+    		  value.each { |uid| role.users << User.find(uid) } unless value.nil?
+    		  resp.attribute = { 'text' => role.users.collect{ |u| "#{u.first_name} #{u.last_name}" }.join(', ') }    		  
+    	end
+    	
+    	resp.success = save && user.save
+    	render json: resp
+    end
+    
+    # DELETE /roles/1
+    def destroy
+      return if !user_is_allowed('roles', 'delete')
+      @role = Role.find(params[:id])
+      @role.destroy
+    
+      respond_to do |format|
+        format.html { redirect_to roles_url }
+        format.json { head :no_content }
+      end
+    end
+    
+    # GET /roles/options
+    def options
+      return if !user_is_allowed('roles', 'view')
+      @top_roles = Role.tree
+      arr = []
+      @top_roles.each { |r| arr += add_role_options(r, 0) }
+      render json: arr.to_json    
+    end
+    
+    def add_role_options(role, level) 
+      arr = [{ 
+        "value" => role.id, 
+        "text" => (" - " * level) + role.name 
+      }]
+      role.children.each do |kid|
+        arr += add_role_options(kid, level+1)
+      end
+      return arr
+    end
+  end
+end

data/app/controllers/caboose/users_controller.rb

@@ -0,0 +1,117 @@
+
+module Caboose
+  class UsersController < ApplicationController
+      
+    # GET /users
+    def index
+      return if !user_is_allowed('users', 'view')
+      
+      @gen = PageBarGenerator.new(params, {
+    		  'first_name'  => '',
+    		  'last_name'		=> '',
+    		  'username'	  => '',
+    		  'email' 		  => '',
+    		},{
+    	    'sort'			  => 'last_name, first_name',
+    		  'desc'			  => false,
+    		  'base_url'		=> '/users'
+    	})
+    	
+    	if (@gen.options['page'] == 0) 
+    		@gen.options['item_count'] = User.where(@gen.where).count
+    	end
+    	@users = User.where(@gen.where).limit(@gen.limit).offset(@gen.offset).reorder(@gen.reorder).all
+    end
+    
+    # GET /users/new
+    def new
+      return if !user_is_allowed('users', 'add')
+      @user = User.new
+    end
+    
+    # GET /users/1/edit
+    def edit
+      return if !user_is_allowed('users', 'edit')
+      @user = User.find(params[:id])    
+      @all_roles = Role.tree
+      @roles = Role.roles_with_user(@user.id)
+    end
+    
+    # POST /users
+    def create
+      return if !user_is_allowed('users', 'add')
+      
+      resp = StdClass.new({
+          'error' => nil,
+          'redirect' => nil
+      })
+      
+      user = User.new()
+      user.username = params[:username]
+      
+      if (user.username.length == 0)
+        resp.error = "Your username is required."
+      elsif      
+        user.save
+        resp.redirect = "/users/#{user.id}/edit"
+      end
+      render json: resp
+    end
+    
+    # PUT /users/1
+    def update
+      return if !user_is_allowed('users', 'edit')
+      
+      resp = StdClass.new     
+      user = User.find(params[:id])
+      name = params[:name]
+      value = params[:value]
+    
+      save = true
+      case name
+    		when "first_name", "last_name", "username", "email"
+    		  user[name.to_sym] = value
+    		when "password"			  
+    		  confirm = params[:confirm]
+    			if (value != confirm)			
+    			  resp.error = "Passwords do not match.";
+    			  save = false
+    			elsif (value.length < 8)
+    			  resp.error = "Passwords must be at least 8 characters.";
+    			  save = false
+    			else
+    			  user.password = Digest::SHA1.hexdigest(Caboose::salt + value)
+    			end
+    		when "roles"
+    		  user.roles = [];
+    		  value.each { |rid| user.roles << Role.find(rid) } unless value.nil?
+    		  resp.attribute = { 'text' => user.roles.collect{ |r| r.name }.join(', ') }    		  
+    	end
+    	
+    	resp.success = save && user.save
+    	render json: resp
+    end
+    
+    def update_pic
+      @user = User.find(params[:id])
+      @new_value = "Testing"
+    end
+    
+    def update_resume
+      @user = User.find(params[:id])
+      @new_value = "Testing"
+    end
+      
+    # DELETE /users/1
+    def destroy
+      return if !user_is_allowed('users', 'delete')
+      user = User.find(params[:id])
+      user.destroy
+      
+      resp = StdClass.new({
+        'redirect' => '/users'
+      })
+      render json: resp
+    end
+  end
+end

data/app/helpers/caboose/application_helper.rb

@@ -0,0 +1,4 @@
+module Caboose
+  module ApplicationHelper
+  end
+end

data/app/helpers/caboose/permissions_helper.rb

@@ -0,0 +1,4 @@
+module Caboose
+  module PermissionsHelper
+  end
+end

data/app/models/caboose/approval_request.rb

@@ -0,0 +1,13 @@
+
+class Caboose::ApprovalRequest < ActiveRecord::Base
+  self.table_name = "approval_reqests"
+  belongs_to :page
+  belongs_to :user
+  belongs_to :reviewer, :class_name => 'User', :foreign_key => 'reviewer_id'
+  attr_accessible :page_id, :user_id, :reviewer_id, :date_requested, :date_reviewed, :notes, :reviewer_notes, :status
+  
+	#const STATUS_APPROVED 	= 'approved';
+	#const STATUS_DENIED 	= 'denied';
+	#const STATUS_PENDING	= 'pending';
+	
+end

data/app/models/caboose/asset.rb

@@ -0,0 +1,23 @@
+
+class Caboose::Asset < ActiveRecord::Base
+  self.table_name = "assets"
+  belongs_to :page
+  attr_accessible :page_id, :uploaded_by_id, :date_uploaded, :name, :filename, :description, :extension
+
+  def sanitize_name(str)
+    return str.gsub(' ', '_').downcase 
+  end
+  
+  def assets_with_uri(uri)
+    uri[0] = '' if uri.start_with? '/'
+    
+		page = Page.page_with_uri(File.dirname(uri), false)		
+		return false if page.nil?
+		
+		asset = Asset.where(:page_id => page.id,:filename => File.basename(uri)).first
+		return false if asset.nil?
+		
+		return asset
+	end
+
+end

data/app/models/caboose/caboose_plugin.rb

@@ -0,0 +1,15 @@
+class Caboose::CaboosePlugin
+ 
+  def self.page_content_hook(str)
+    return str    
+  end
+  
+  def self.admin_nav_hook(arr)
+    return arr
+  end
+  
+  def self.admin_subnav_hook(arr)
+    return arr
+  end
+  
+end

data/app/models/caboose/menu_block.rb

@@ -0,0 +1,6 @@
+
+class Caboose::MenuBlock
+
+  attr_accessor :title, :title_id, :links
+ 
+end

data/app/models/caboose/page.rb

@@ -0,0 +1,329 @@
+
+class Caboose::Page < ActiveRecord::Base
+  self.table_name = "pages"
+  
+  belongs_to :parent, :class_name => "Page"
+  has_many :children, :class_name => "Page", :foreign_key => 'parent_id'    
+  has_many :page_permissions
+  attr_accessible :parent_id, 
+    :title, 
+    :menu_title, 
+    :content, 
+    :slug, 
+    :alias, 
+    :uri, 
+    :redirect_url, 
+    :hide, 
+    :content_format, 
+    :custom_css, 
+    :custom_js, 
+    :layout,
+    :seo_title, # 70 chars
+    :meta_description, # 156 chars
+    :meta_robots, # Multi-select options: none, noindex, nofollow, nosnippet, noodp, noarchive
+    :canonical_url,
+    :facebook_description, # defaults to meta_description
+    :googleplus_description # defaults to meta_description
+   
+  CONTENT_FORMAT_HTML  = 1 
+  CONTENT_FORMAT_TEXT  = 2
+  CONTENT_FORMAT_RUBY  = 3
+
+  def order_title
+    return "" + menu_title + title unless menu_title.nil? || title.nil?
+    return menu_title unless menu_title.nil?
+    return title unless title.nil?
+    return ""
+  end
+    
+  def self.find_with_fields(page_id, fields)
+    return self.where(:id => page_id).select(fields).first
+  end
+
+  def self.index_page
+    return self.where(:parent_id => -1).first
+  end
+  
+  def self.page_with_uri(uri, get_closest_parent = true)
+
+    uri = uri.to_s.gsub(/^(.*?)\?.*?$/, '\1')
+    uri.chop! if uri.end_with?('/')
+    uri[0] = '' if uri.starts_with?('/')
+      
+    return self.index_page if uri.length == 0
+
+    page = false
+		parts = uri.split('/')
+			
+		# See where to start looking
+		page_ids = self.where(:alias => parts[0]).limit(1).pluck(:id)
+		page_id = !page_ids.nil? && page_ids.count > 0 ? page_ids[0] : false
+		
+		# Search for the page
+		if (page_id)
+		  page_id = self.page_with_uri_helper(parts, 1, page_id)
+		else
+		  parent_id = self.index_page
+			page_id = self.page_with_uri_helper(parts, 0, parent_id)
+		end
+		
+		return false if page_id.nil?
+				
+		page = self.find(page_id)
+		
+		if (!get_closest_parent) # // Look for an exact match
+			return false if page.uri != uri
+		end
+		return page		
+	end
+	
+	def self.page_with_uri_helper(parts, level, parent_id)
+		return parent_id if level >= parts.count
+		slug = parts[level]		
+		page_ids = self.where(:parent_id => parent_id, :slug => slug).limit(1).pluck(:id)
+		return parent_id if page_ids.nil? || page_ids.count == 0		
+		return self.page_with_uri_helper(parts, level+1, page_ids[0])				
+	end
+	
+	def self.update_child_uris(page_id)
+		page = self.find(page_id)
+		parent = self.find(page.parent_id)
+		parent_uri = parent.nil? ? '/' : parent.uri
+		self.update_child_uris_helper(ppage, parent_uri)
+	end
+
+	def self.update_child_uris_helper(page, parent_uri)
+		return if page.redirect_url.length > 0
+		
+		slug = page.slug
+		if (slug.trim.length == 0)
+			slug = self.get_slug(page.title)
+			self.update_detail_field(page.id, 'slug', slug)
+		end
+		
+		slug = page.slug.trim.length > 0 ? page.slug : self.get_slug(page.title)
+		
+		uri= "#{parent_uri}/#{slug}"
+		if (page.alias.length > 0)
+		  uri = "/#{page.alias}" 
+		elsif (self.is_top_level(page.parent_id))
+		  uri = "/#{page.slug}"
+		end
+		self.update_detail_field(page.id, 'uri', uri)
+		
+		page.children.each do |kid|
+		  self.update_child_uris_helper(kid, uri)
+		end
+	end
+	
+	def self.update_child_perms(page_id)
+		page = self.find(page_id)
+			
+		viewers 	= Role.roles_with_page_permission(page_id, 'view')
+		editors 	= Role.roles_with_page_permission(page_id, 'edit')
+		approvers	= Role.roles_with_page_permission(page_id, 'approve')		
+		viewer_ids 		= viewers.collect {|r| r.id }
+		editor_ids 		= editors.collect {|r| r.id }
+		approver_id 	= approvers.collect {|r| r.id }
+		
+		self.update_child_perms_helper(page, viewer_ids, editor_ids, approver_ids)
+	end
+	
+	def self.update_child_perms_helper(page, viewer_ids, editor_ids, approver_ids)
+		self.update_authorized_for_action(page.id, 'view'		  , viewer_ids)
+		self.update_authorized_for_action(page.id, 'edit'		  , editor_ids)
+		self.update_authorized_for_action(page.id, 'approve'	, approver_ids)
+
+		page.children.each do |kid|
+			self.update_child_perms_helper(kid, viewer_ids, editor_ids, approver_ids)
+		end
+	end
+	
+	def self.update_authorized_for_action(page_id, action, roles)
+	  Caboose::PagePermission.where(:page_id => page_id, :action => action).destroy_all
+	  if (!roles.nil?)
+	    roles.each do |role|
+	      role_id = role.is_a?(Integer) ? role : role.id
+		  	Caboose::PagePermission.create({
+		  	  :page_id => page_id,
+		  	  :role_id => role_id,
+		  	  :action => action
+		  	})
+		  end
+		end
+		return true
+	end
+	
+	def self.is_allowed(user, page_id, action)
+		user = User.find(User.LOGGED_OUT_USER_ID) if user.nil?
+
+		# Allow a user id to be sent instead of a user object
+		user = User.find(user) if user.is_a?(Integer)
+		user.role_ids = [User.LOGGED_OUT_ROLE_ID] if user.role_ids.nil?
+
+		t = PagePermission.table		
+		reqs = nil
+		user.role_ids.each do |role_id|
+		  if (reqs.nil?)
+		    reqs = t[:role_id].eq(role_id)
+		  else
+		    reqs.or(t[:role_id].eq(role_id))
+		  end
+		end	
+		var params = { :page_id => page_id, :action => action }
+		params << reqs if !reqs.nil?
+		count = PagePermission.where(params).count
+		
+		return true if count > 0
+		return false
+	end
+	
+	def self.roles_with_permission(page_id, action)
+		return Role.roles_with_page_permission(page_id, action)
+	end
+	              
+	def self.permissible_actions(user, page_id)
+	  if (user.is_a?(Integer))
+	    user = Caboose::User.find(user)
+	  end
+	  actions = []
+	  user.roles.each do |role|
+	    actions + Caboose::PagePermission.where({
+	        :role_id => role.id, 
+	        :page_id => page_id
+	      }).pluck(:action)
+	  end
+		return actions.uniq
+	end
+	
+	def self.page_ids_with_permission(user, action)
+	  if (user.is_a?(Integer))
+	    user = Caboose::User.find(user)
+	  end
+	  ids = []
+	  user.roles.each do |role|	    
+	    ids + Caboose::PagePermission.where({
+	        :role_id => role.id,
+	        :action => action
+	      }).pluck(:page_id)
+	  end
+		return ids.uniq
+	end
+	
+	def self.crumb_trail(page)
+		page_id = page.is_a?(Integer) ? page : page.id
+		
+		arr = []
+		self.crumb_trail_helper(page_id, arr)
+		arr.reverse!
+		
+		trail = arr.collect do |row|
+			Caboose::StdClass.new({
+			  'href' => !row.uri.nil? && row.uri.length > 0 ? row.uri : '/',
+			  'text' => !row.menu_title.nil? && row.menu_title.length > 0 ? row.menu_title : row.title
+			})
+		end
+		return trail
+	end
+	
+	def self.crumb_trail_helper(page_id, arr)
+		return if page_id.nil? || page_id <= 0
+		p = self.find_with_fields(page_id, [:parent_id, :title, :menu_title, :uri])		
+		return if p.nil?
+		arr << p
+		self.crumb_trail_helper(p.parent_id, arr)
+	end
+	
+	def self.subnav(page, use_redirect_urls = true, user = false)
+	  
+	  # Be nice and allow page ids to be sent
+		if (page.is_a?(Integer)) 
+		  page = self.find_with_fields(page, [:title, :menu_title, :custom_sort_children])
+		end
+		
+		block = Caboose::MenuBlock.new
+		block.title = !page.menu_title.nil? && page.menu_title.length > 0 ? page.menu_title : page.title
+		block.title_id = page.id
+		               
+		pages = self.select([:id, :title, :menu_title, :alias, :slug, :uri, :redirect_url, :sort_order]).where(:parent_id => page.id, :hide => 0).reorder(:sort_order).all
+		if (page.custom_sort_children)
+		  pages.sort! {|x,y| x.sort_order <=> y.sort_order }
+		else
+		  pages.sort! {|x,y| x.order_title <=> y.order_title }
+		end
+			
+		if (pages.nil? || pages.count == 0) # No children, go up a level	
+			parent = self.find_with_fields(page.parent_id, [:title, :menu_title, :custom_sort_children])
+			return block if parent.nil? # If we happen to be at the top page
+			
+			block.title = parent.menu_title.length > 0 ? parent.menu_title : parent.title
+			block.title_id = parent.id
+			
+			pages = self.select(
+			    :id, :title, :menu_title, :alias, :slug, :uri, :redirect_url, :sort_order
+			  ).where(:parent_id => page.parent_id, :hide => 0)
+			if (parent.custom_sort_children)
+			  pages.sort! {|x,y| x.sort_order <=> y.sort_order }
+			else
+			  pages.sort! {|x,y| x.order_title <=> y.order_title }		
+			end
+		end
+		
+		block.links = []
+		pages.each do |p|
+			link = Caboose::StdClass.new({
+			  'href' => !p.redirect_url.nil? && p.redirect_url.length > 0 ? p.redirect_url : p.uri,
+			  'text' => !p.menu_title.nil? && p.menu_title.length > 0 ? p.menu_title : p.title,
+			  'is_current' => p.id == page.id
+			})
+			if (!use_redirect_urls && self.is_allowed(user, p.id, 'edit'))
+			  link.href = row.uri
+			end	
+			block.links << link
+		end		 
+		return block
+	end
+	
+	def self.url(page_id)
+		arr = []
+		self.url_helper(page_id, arr)
+		arr.reverse!
+		
+		path = []      
+		arr.each do |row|
+		  if (row.alias.length > 0)
+		    path = [row.alias]
+			elsif (row.slug.length > 0)
+			  path << row.slug
+			end
+		end
+		return path.join('/')
+	end
+	
+	def self.url_helper(page_id, arr)
+		return if page_id <= 0
+		
+		p = self.find_with_fields(page_id, [:id, :parent_id, :title, :menu_title, :alias, :slug])
+		return if p.nil?
+
+		arr << p
+		self.url_helper(p.parent_id, arr)
+	end
+	
+	def self.slug(str)
+		return str.downcase.gsub(' ', '-').gsub(/[^\w-]/, '')
+	end
+	
+	def self.has_children(page_id)
+		count = self.where(:parent_id => page_id).count
+		return count > 0
+	end
+	
+	def self.is_child(parent_id, child_id)
+	  pid = self.where(:page_id => child_id).first.pluck(:parent_id)
+		return false if pid <= 0
+		return true if pid == parent_id
+		return self.is_child(parent_id, pid)
+	end
+
+end