RubyGems - caboose-cms - Versions diffs - 0.2.23 → 0.2.24 - Mend

caboose-cms 0.2.23 → 0.2.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

checksums.yaml +8 -8
data/app/controllers/caboose/pages_controller.rb +277 -217
data/app/controllers/caboose/roles_controller.rb +8 -8
data/app/models/caboose/page.rb +2 -1
data/app/views/caboose/pages/edit.html.erb +52 -8
data/app/views/caboose/pages/edit_content.html.erb +49 -37
data/app/views/caboose/pages/edit_css.html.erb +43 -28
data/app/views/caboose/pages/edit_js.html.erb +42 -27
data/app/views/caboose/pages/edit_resources.html.erb +41 -0
data/app/views/caboose/pages/edit_seo.html.erb +6 -4
data/app/views/caboose/pages/edit_settings.html.erb +6 -4
data/app/views/caboose/pages/edit_title.html.erb +1 -0
data/app/views/caboose/pages/show.html.erb +15 -0
data/app/views/caboose/pages/sitemap.html.erb +4 -4
data/app/views/caboose/roles/edit.html.erb +45 -4
data/config/routes.rb +2 -0
data/config/tinymce.yml +11 -0
data/lib/caboose/caboose_helper.rb +1 -1
data/lib/caboose/migration_version.rb +47 -0
data/lib/caboose/migrations.rb +7 -0
data/lib/caboose/version.rb +1 -1
data/lib/tasks/caboose.rake +75 -12
metadata +6 -2

checksums.yaml CHANGED Viewed

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    MzliMTgxODNhNGExNTk4ZmFlNGEwMzdlNDg0ODAxYzAyMzhiOTUwZg==
+    YTUxZWUzYzkxNGJiYTJkMmFkNTU0YmVhNGQyNWMxNDQxNTBhNTFkMw==
   data.tar.gz: !binary |-
-    ODY5YzhjZWRlNzI2OWVlMTIxZGVkOGRiMDdjNjQ3NjA2MTBiMzFlNQ==
+    ODE3OTQxMmZiZmU0YTlhZWQ5Y2NhM2ViMzYwMDcxYzcwNjIwYzQ2Mg==
 !binary "U0hBNTEy":
   metadata.gz: !binary |-
-    NGE2MTEwOTUwY2U3Y2NiYjkwNWI1OGZiYTBiOTlhM2E4ZmZkNzlmZDhlMDNm
-    YTMwODFhYzRiNDhiZjI0OTU4YWE2NWI1YTQyYzgxMDhmMmNmMTEzYWY5ZmNk
-    OTU4MGExNDM0ZTJmYjYwYThjNjYwYjdjYWM2MTFhNzA5OTU0Mzc=
+    ZmMyY2FhYjJlYmQwNzUzNTg4ZWRjYjE3MmZlODk1MjE2ODBjMDIwMjczZTgx
+    Y2UwZDUyMDkyNDJkY2QyNDRiMTgwMjYwOTBmMWI0M2M4NThiZTQ1ZmIxOWE1
+    YzljNjEwMDVlYWUyOGFkZDY2Mjk4MjM4YTM1ODM0ZGMwYTI3ZDg=
   data.tar.gz: !binary |-
-    MWUzMDE4NTNjNDAwNTUzZmQ1NDg3NDEwMDg0MGNhMGNiYjc0YzM3OGFiMTZm
-    NjNmZTFmNjY4YTkzYWViZWU2MTRjYzg5NDBmODgxMmExZGQ0NzA5ZjRhMTQ0
-    NTE3ZjhhOTM1ODE4ZTVhNTMyOWJmNmRlNjJmZjUwNWRjZWJiNmQ=
+    YWNlMmExZTJkN2Q3YzdkOGU3NWJiNDk4YWEwYmY4MTQ5NWRmZDdiNDdmNzI2
+    NzI3MzkwODUyYWEzMWFlMmY2MmI5NGFjN2MyNDlhNDljYTQyMGZlYjJlOTI4
+    ZTkzYjY5OTIzZmE1OTBiMmNjOTljMTUzN2U3M2M4YjQyMmUxOTU=

data/app/controllers/caboose/pages_controller.rb CHANGED Viewed

@@ -10,90 +10,106 @@ module Caboose
     def index
     end
+    def view_formatted_resources(page)
+      resources = { js: [], css: [] }
+      return resources if page.linked_resources.nil?
+      page.linked_resources.each_line do |r|
+        r.chomp!
+        case r
+        when /\.js$/
+          resources[:js] += [r]
+        when /\.css$/
+          resources[:css] += [r]
+        end
+      end
+      return resources
+    end
     # GET /pages/:id
     def show
       # Find the page with an exact URI match
       page = Page.page_with_uri(request.fullpath, false)
-		  if (!page)
-		  	asset
-		  	return
-		  end
-		  user = logged_in_user
-		  if (!user.is_allowed(page, 'view'))
-		  	if (user.id == User.logged_out_user_id)
-		  	  redirect_to "/login?return_url=" + URI.encode(request.fullpath)
-		  		return
-		  	else
-		  		page.title = 'Access Denied'
-		  		page.content = "<p class='note error'>You do not have access to view this page.</p>"
-		  	end
-		  end
-		  if (session['use_redirect_urls'] && !page.redirect_url.nil? && page.redirect_url.strip.length > 0)
-		    redirect_to page.redirect_url
-		  	return
-		  end
-		  page.content = Caboose.plugin_hook('page_content', page.content)
-		  @page = page
-		  @user = user
-		  @editmode = !params['edit'].nil? && user.is_allowed('pages', 'edit') ? true : false
-		  @crumb_trail = Caboose::Page.crumb_trail(@page)
-		  @subnav = Caboose::Page.subnav(@page, session['use_redirect_urls'], @user)
+      if (!page)
+        asset
+        return
+      end
+      user = logged_in_user
+      if (!user.is_allowed(page, 'view'))
+        if (user.id == User.logged_out_user_id)
+           redirect_to "/login?return_url=" + URI.encode(request.fullpath)
+          return
+        else
+          page.title = 'Access Denied'
+          page.content = "<p class='note error'>You do not have access to view this page.</p>"
+        end
+      end
+      if (session['use_redirect_urls'] && !page.redirect_url.nil? && page.redirect_url.strip.length > 0)
+        redirect_to page.redirect_url
+        return
+      end
+      page.content = Caboose.plugin_hook('page_content', page.content)
+      @page = page
+      @user = user
+      @editmode = !params['edit'].nil? && user.is_allowed('pages', 'edit') ? true : false
+      @crumb_trail = Caboose::Page.crumb_trail(@page)
+      @subnav = Caboose::Page.subnav(@page, session['use_redirect_urls'], @user)
       #@subnav.links = @tasks.collect {|href, task| {'href' => href, 'text' => task, 'is_current' => uri == href}}
+      @resources = view_formatted_resources(@page)
     end
     def asset
       uri = uri.to_s.gsub(/^(.*?)\?.*?$/, '\1')
       uri.chop! if uri.end_with?('/')
       uri[0] = '' if uri.starts_with?('/')
       page = Page.page_with_uri(File.dirname(uri), false)
       if (page.nil? || !page)
         render :file => "caboose/extras/error404", :layout => "caboose/error404"
         return
       end
-		  asset = Asset.where(:page_id => page.id, :filename => File.basename(uri)).first
-		  if (asset.nil?)
-		    render :file => "caboose/extras/error404", :layout => "caboose/error404"
-		    return
-		  end
-		  user = logged_in_user
-		  if (!Page.is_allowed(user, asset.page_id, 'view'))
-		    render "caboose/pages/asset_no_permission"
-		    return
-		  end
-		  #Caboose.log(Caboose::assets_path, 'Caboose::assets_path')
-		  path = Caboose::assets_path.join("#{asset.id}.#{asset.extension}")
-		  #Caboose.log("Sending asset #{path}")
-		  #send_file(path)
-		  #send_file(path, :filename => "your_document.pdf", :type => "application/pdf")
-		  #
-		  #$path = ASSETS_PATH ."/". $asset->id .".". $asset->extension
-		  #
-		  #$finfo = finfo_open(FILEINFO_MIME_TYPE) // return mime type ala mimetype extension
-		  #$mime = finfo_file($finfo, $path)
-		  #finfo_close($finfo)
+      asset = Asset.where(:page_id => page.id, :filename => File.basename(uri)).first
+      if (asset.nil?)
+        render :file => "caboose/extras/error404", :layout => "caboose/error404"
+        return
+      end
+      user = logged_in_user
+      if (!Page.is_allowed(user, asset.page_id, 'view'))
+        render "caboose/pages/asset_no_permission"
+        return
+      end
+      #Caboose.log(Caboose::assets_path, 'Caboose::assets_path')
+      path = Caboose::assets_path.join("#{asset.id}.#{asset.extension}")
+      #Caboose.log("Sending asset #{path}")
+      #send_file(path)
+      #send_file(path, :filename => "your_document.pdf", :type => "application/pdf")
       #
-		  #header("X-Sendfile: $path")
-		  #header("Content-Type: $mime")
-		  #header("Content-Disposition: inline filename=\"$asset->filename\"")
+      #$path = ASSETS_PATH ."/". $asset->id .".". $asset->extension
+      #
+      #$finfo = finfo_open(FILEINFO_MIME_TYPE) // return mime type ala mimetype extension
+      #$mime = finfo_file($finfo, $path)
+      #finfo_close($finfo)
+      #
+      #header("X-Sendfile: $path")
+      #header("Content-Type: $mime")
+      #header("Content-Disposition: inline filename=\"$asset->filename\"")
     end
     # GET /pages/new
     def new
-      return if !user_is_allowed('pages', 'add')
+      return unless user_is_allowed('pages', 'add')
       @parent_id = params[:parent_id].nil? ? params[:parent_id] : 1
       @parent = Page.find(@parent_id)
       render :layout => 'caboose/modal'
@@ -107,64 +123,72 @@ module Caboose
     # GET /pages/1/edit
     def edit
-      return if !user_is_allowed('pages', 'edit')
+      return unless user_is_allowed('pages', 'edit')
       @page = Page.find(params[:id])
+      @resources = view_formatted_resources(@page)
     end
     # GET /pages/1/edit-title
     def edit_title
-      return if !user_is_allowed('pages', 'edit')
+      return unless user_is_allowed('pages', 'edit')
       @page = Page.find(params[:id])
       render :layout => 'caboose/modal'
     end
     # GET /pages/1/edit-content
     def edit_content
-      return if !user_is_allowed('pages', 'edit')
+      return unless user_is_allowed('pages', 'edit')
       @page = Page.find(params[:id])
       render :layout => 'caboose/modal'
     end
     # GET /pages/1/edit-settings
     def edit_settings
-      return if !user_is_allowed('pages', 'edit')
+      return unless user_is_allowed('pages', 'edit')
       @page = Page.find(params[:id])
       render :layout => 'caboose/modal'
     end
     # GET /pages/1/edit-css
     def edit_css
-      return if !user_is_allowed('pages', 'edit')
+      return unless user_is_allowed('pages', 'edit')
       @page = Page.find(params[:id])
       render :layout => 'caboose/modal'
     end
     # GET /pages/1/edit-js
     def edit_js
-      return if !user_is_allowed('pages', 'edit')
+      return unless user_is_allowed('pages', 'edit')
       @page = Page.find(params[:id])
       render :layout => 'caboose/modal'
     end
     # GET /pages/1/edit-seo
     def edit_seo
-      return if !user_is_allowed('pages', 'edit')
+      return unless user_is_allowed('pages', 'edit')
+      @page = Page.find(params[:id])
+      render :layout => 'caboose/modal'
+    end
+    # GET /pages/1/edit-resources
+    def edit_resources
+      return unless user_is_allowed('pages', 'edit')
       @page = Page.find(params[:id])
       render :layout => 'caboose/modal'
     end
     # POST /pages
     def create
-      return if !user_is_allowed('pages', 'add')
+      return unless user_is_allowed('pages', 'add')
       resp = Caboose::StdClass.new({
           'error' => nil,
           'redirect' => nil
       })
       parent_id = params[:parent_id]
       title = params[:title]
       if (title.strip.length == 0)
         resp.error = "A page title is required."
       elsif (!logged_in_user.is_allowed('all', 'all') &&
@@ -176,119 +200,155 @@ module Caboose
         render json: resp
         return
       end
-		  parent = Caboose::Page.find(parent_id)
-		  page = Caboose::Page.new
-		  page.title = title
-		  page.parent_id = parent_id
-		  page.hide = true
-		  page.content_format = Caboose::Page::CONTENT_FORMAT_HTML
-		  i = 0
-		  begin
-		    page.slug = Page.slug(page.title + (i > 0 ? " #{i}" : ""))
-		    page.uri = parent.parent_id == -1 ? page.slug : "#{parent.uri}/#{page.slug}"
-		    i = i+1
-		  end while (Page.where(:uri => page.uri).count > 0 && i < 10)
-		  page.save
-		  # Set the new page's permissions
-		  viewers = Caboose::PagePermission.where({ :page_id => parent.id, :action => 'view' }).pluck(:role_id)
-		  editors = Caboose::PagePermission.where({ :page_id => parent.id, :action => 'edit' }).pluck(:role_id)
-		  Caboose::Page.update_authorized_for_action(page.id, 'view', viewers)
-		  Caboose::Page.update_authorized_for_action(page.id, 'edit', editors)
-		  # Send back the response
-		  resp.redirect = "/pages/#{page.id}/edit"
+      parent = Caboose::Page.find(parent_id)
+      page = Caboose::Page.new
+      page.title = title
+      page.parent_id = parent_id
+      page.hide = true
+      page.content_format = Caboose::Page::CONTENT_FORMAT_HTML
+      i = 0
+      begin
+        page.slug = Page.slug(page.title + (i > 0 ? " #{i}" : ""))
+        page.uri = parent.parent_id == -1 ? page.slug : "#{parent.uri}/#{page.slug}"
+        i = i+1
+      end while (Page.where(:uri => page.uri).count > 0 && i < 10)
+      page.save
+      # Set the new page's permissions
+      viewers = Caboose::PagePermission.where({ :page_id => parent.id, :action => 'view' }).pluck(:role_id)
+      editors = Caboose::PagePermission.where({ :page_id => parent.id, :action => 'edit' }).pluck(:role_id)
+      Caboose::Page.update_authorized_for_action(page.id, 'view', viewers)
+      Caboose::Page.update_authorized_for_action(page.id, 'edit', editors)
+      # Send back the response
+      resp.redirect = "/pages/#{page.id}/edit"
       render json: resp
     end
     # PUT /pages/1
     def update
-      return if !user_is_allowed('pages', 'edit')
+      return unless user_is_allowed('pages', 'edit')
       resp = StdClass.new({'attributes' => {}})
       page = Page.find(params[:id])
       save = true
       user = logged_in_user
-      params.each do |name,value|
-    	  case name
-    	    when 'parent_id'
-		    		if (page.id == value)
-		    			resp.error = "The page's parent cannot be itself."
-		    		elsif (Page.is_child(page.id, value))
-		    			resp.error = "You can't set the current page's parent to be one of its child pages."
-		    		elsif (value != page.parent_id)
-		    		  p = Page.find(value)
-		    		  if (!user.is_allowed(p, 'edit'))
-		    		    resp.error = "You don't have access to put the current page there."
-		    		  end
-		    		end
-		    		if (resp.error.length > 0)
-		    		  save = false
-		    		else
-		    			parent = Page.find(value)
-		    			Page.update_parent(page.id, value)
-		    			resp.attributes['parent_id'] = { 'text' => parent.title }
-		    		end
-		    	when 'title', 'menu_title', 'alias', 'hide',
-		    	  'custom_css', 'custom_js', 'layout', 'redirect_url',
-		    	  'seo_title', 'meta_description', 'fb_description', 'gp_description', 'canonical_url'
-		    	  page[name.to_sym] = value
-		    	when 'content_format'
-		    	  page.content_format = value
-		    	  resp.attributes['content_format'] = { 'text' => value }
-		    	when 'meta_robots'
-		    	  if (value.include?('index') && value.include?('noindex'))
-		    	    resp.error = "You can't have both index and noindex"
-		    	    save = false
-		    	  elsif (value.include?('follow') && value.include?('nofollow'))
-		    	    resp.error = "You can't have both follow and nofollow"
-		    	    save = false
-		    	  else
-		    	    page.meta_robots = value.join(', ')
-		    	    resp.attributes['meta_robots'] = { 'text' => page.meta_robots }
-		    	  end
-		    	when 'content'
-		    		page.content = value.strip.gsub(/<meta.*?>/, '').gsub(/<link.*?>/, '').gsub(/\<\!--[\S\s]*?--\>/, '')
-		    	when 'slug'
-		    		page.slug = Page.slug(value.strip.length > 0 ? value : page.title)
-		    		resp.attributes['slug'] = { 'value' => page.slug }
-		    	when 'custom_sort_children'
-		    		if (value == 0)
-		    		  page.children.each do |p|
-		    				p.sort_order = 1
-		    				p.save
-		    			end
-		    		end
-		    		page.custom_sort_children = value
-		    	when 'viewers'
-		    	  Page.update_authorized_for_action(page.id, 'view', value)
-		    	when 'editors'
-		    	  Page.update_authorized_for_action(page.id, 'edit', value)
-		    	when 'approvers'
-		    	  Page.update_authorized_for_action(page.id, 'approve', value)
-		    end
-		  end
-    	resp.success = save && page.save
-    	render json: resp
+      params.each do |name, value|
+        case name
+        when 'parent_id'
+          if (page.id == value)
+            resp.error = "The page's parent cannot be itself."
+          elsif (Page.is_child(page.id, value))
+            resp.error = "You can't set the current page's parent to be one of its child pages."
+          elsif (value != page.parent_id)
+            p = Page.find(value)
+            if (!user.is_allowed(p, 'edit'))
+              resp.error = "You don't have access to put the current page there."
+            end
+          end
+          if (resp.error.length > 0)
+            save = false
+          else
+            parent = Page.find(value)
+            Page.update_parent(page.id, value)
+            resp.attributes['parent_id'] = { 'text' => parent.title }
+          end
+        when 'custom_css', 'custom_js'
+          value.strip!
+          page[name.to_sym] = value
+        when 'title', 'menu_title', 'alias', 'hide', 'layout', 'redirect_url',
+          'seo_title', 'meta_description', 'fb_description', 'gp_description', 'canonical_url'
+          page[name.to_sym] = value
+        when 'linked_resources'
+          result = ''
+          value.each_line do |line|
+            line.strip!
+            next if line.empty?
+            comps = line.split('.')
+            if comps.length < 2
+              resp.error = "Resource '#{line}' has an unspecified file type.  (e.g. given 'myScript.js', '.js' would specify a javascript file type.)"
+              save = false
+              next
+            end
+            case comps.last
+            when 'js', 'css'
+              if value =~ URI::regexp()
+                uri = URI.parse(value)
+                if !(uri =~ URI::HTTP || uri =~ URI::HTTPS)
+                  resp.error = "Resource '#{line}' is an unrecognized URI format."
+                  save = false
+                end
+              end
+            else
+              resp.error = "Resource '#{line}' has an unsupported file type ('#{comps.last}')."
+              save = false
+              next
+            end
+            result += "\n" unless result.empty?
+            result += line
+          end
+          page.linked_resources = result
+        when 'content_format'
+          page.content_format = value
+          resp.attributes['content_format'] = { 'text' => value }
+        when 'meta_robots'
+          if (value.include?('index') && value.include?('noindex'))
+            resp.error = "You can't have both index and noindex"
+            save = false
+          elsif (value.include?('follow') && value.include?('nofollow'))
+            resp.error = "You can't have both follow and nofollow"
+            save = false
+          else
+            page.meta_robots = value.join(', ')
+            resp.attributes['meta_robots'] = { 'text' => page.meta_robots }
+          end
+        when 'content'
+          page.content = value.strip.gsub(/<meta.*?>/, '').gsub(/<link.*?>/, '').gsub(/\<\!--[\S\s]*?--\>/, '')
+        when 'slug'
+          page.slug = Page.slug(value.strip.length > 0 ? value : page.title)
+          resp.attributes['slug'] = { 'value' => page.slug }
+        when 'custom_sort_children'
+          if (value == 0)
+            page.children.each do |p|
+              p.sort_order = 1
+              p.save
+            end
+          end
+          page.custom_sort_children = value
+        when 'viewers'
+          Page.update_authorized_for_action(page.id, 'view', value)
+        when 'editors'
+          Page.update_authorized_for_action(page.id, 'edit', value)
+        when 'approvers'
+          Page.update_authorized_for_action(page.id, 'approve', value)
+        end
+      end
+      resp.success = save && page.save
+      render json: resp
     end
     # DELETE /pages/1
     def destroy
-      return if !user_is_allowed('pages', 'delete')
+      return unless user_is_allowed('pages', 'delete')
       user = Page.find(params[:id])
       user.destroy
@@ -300,58 +360,58 @@ module Caboose
     def sitemap
       parent_id = params[:parent_id]
-		  top_page = Page.index_page
-		  p = !parent_id.nil? ? Page.find(parent_id) : top_page
-		  options = []
-		  sitemap_helper2(top_page, options)
-		  @options = options
+      top_page = Page.index_page
+      p = !parent_id.nil? ? Page.find(parent_id) : top_page
+      options = []
+      sitemap_helper2(top_page, options)
+      @options = options
     end
     def sitemap_helper2(page, options, prefix = '')
-		  options << { 'value' => page.id, 'text' => prefix + page.title }
-		  page.children.each do |kid|
-		    sitemap_helper(kid, options, prefix + ' - ')
-		  end
-		end
+      options << { 'value' => page.id, 'text' => prefix + page.title }
+      page.children.each do |kid|
+        sitemap_helper(kid, options, prefix + ' - ')
+      end
+    end
     def sitemap_options
-		  parent_id = params[:parent_id]
-		  top_page = Page.index_page
-		  p = !parent_id.nil? ? Page.find(parent_id) : top_page
-		  options = []
-		  sitemap_helper(top_page, options)
-		  render json: options
-		end
-		def sitemap_helper(page, options, prefix = '')
-		  options << { 'value' => page.id, 'text' => prefix + page.title }
-		  page.children.each do |kid|
-		    sitemap_helper(kid, options, prefix + ' - ')
-		  end
-		end
-		def robots_options
-		  options = [
-		    { 'value' => 'index'      , 'text' => 'index'      },
-		    { 'value' => 'noindex'    , 'text' => 'noindex'    },
-		    { 'value' => 'follow'     , 'text' => 'follow'     },
-		    { 'value' => 'nofollow'   , 'text' => 'nofollow'   },
-		    { 'value' => 'nosnippet'  , 'text' => 'nosnippet'  },
-		    { 'value' => 'noodp'      , 'text' => 'noodp'      },
-		    { 'value' => 'noarchive'  , 'text' => 'noarchive'  }
-		  ]
-		  render json: options
-		end
-		def content_format_options
-		  options = [
-		    { 'value' => 'html', 'text' => 'html' },
-		    { 'value' => 'text', 'text' => 'text' },
-		    { 'value' => 'ruby', 'text' => 'ruby' }
-		  ]
-		  render json: options
-		end
+      parent_id = params[:parent_id]
+      top_page = Page.index_page
+      p = !parent_id.nil? ? Page.find(parent_id) : top_page
+      options = []
+      sitemap_helper(top_page, options)
+      render json: options
+    end
+    def sitemap_helper(page, options, prefix = '')
+      options << { 'value' => page.id, 'text' => prefix + page.title }
+      page.children.each do |kid|
+        sitemap_helper(kid, options, prefix + ' - ')
+      end
+    end
+    def robots_options
+      options = [
+        { 'value' => 'index'      , 'text' => 'index'     },
+        { 'value' => 'noindex'    , 'text' => 'noindex'   },
+        { 'value' => 'follow'     , 'text' => 'follow'    },
+        { 'value' => 'nofollow'   , 'text' => 'nofollow'  },
+        { 'value' => 'nosnippet'  , 'text' => 'nosnippet' },
+        { 'value' => 'noodp'      , 'text' => 'noodp'     },
+        { 'value' => 'noarchive'  , 'text' => 'noarchive' }
+      ]
+      render json: options
+    end
+    def content_format_options
+      options = [
+        { 'value' => 'html', 'text' => 'html' },
+        { 'value' => 'text', 'text' => 'text' },
+        { 'value' => 'ruby', 'text' => 'ruby' }
+      ]
+      render json: options
+    end
   end
 end