RubyGems - caboose-cms - Versions diffs - 0.9.193 → 0.9.194 - Mend

caboose-cms 0.9.193 → 0.9.194

Files changed (30) hide show

checksums.yaml +4 -4
data/app/assets/javascripts/caboose/main.js +35 -34
data/app/assets/stylesheets/caboose/login.scss +95 -0
data/app/controllers/caboose/application_controller.rb +1 -1
data/app/controllers/caboose/block_type_categories_controller.rb +25 -2
data/app/controllers/caboose/block_types_controller.rb +34 -35
data/app/controllers/caboose/login_controller.rb +33 -37
data/app/controllers/caboose/pages_controller.rb +2 -7
data/app/controllers/caboose/register_controller.rb +12 -14
data/app/controllers/caboose/users_controller.rb +40 -46
data/app/mailers/caboose/login_mailer.rb +3 -2
data/app/models/caboose/authenticator.rb +2 -2
data/app/models/caboose/block_type_category.rb +4 -2
data/app/models/caboose/schema.rb +4 -2
data/app/views/caboose/block_type_categories/admin_edit.html.erb +43 -0
data/app/views/caboose/block_type_categories/admin_index.html.erb +23 -0
data/app/{assets/javascripts/caboose/testing.js → views/caboose/block_type_categories/admin_new.html.erb} +0 -0
data/app/views/caboose/block_types/admin_edit.html.erb +8 -8
data/app/views/caboose/extras/error.html.erb +1 -1
data/app/views/caboose/login/forgot_password_form.html.erb +38 -51
data/app/views/caboose/login/index.html.erb +41 -64
data/app/views/caboose/login/reset_password_form.html.erb +35 -35
data/app/views/caboose/register/index.html.erb +51 -44
data/lib/caboose/version.rb +1 -1
metadata +6 -8
data/app/assets/javascripts/caboose/cart_old.js +0 -184
data/app/assets/javascripts/caboose/checkout_old.js +0 -151
data/app/assets/javascripts/caboose/product_new.js +0 -306
data/app/assets/javascripts/caboose/product_old.js +0 -324
data/app/assets/stylesheets/caboose/login.css +0 -134

data/app/controllers/caboose/login_controller.rb CHANGED

@@ -11,37 +11,34 @@ module Caboose
       end
       @return_url = params[:return_url].nil? ? "/" : params[:return_url]
       @modal = params[:modal].nil? ? false : params[:modal]
+      @page.title = "Login" if @page
       redirect_to @return_url and return if logged_in?
-      render :layout => Caboose::login_layout
+      render :layout => "caboose/application"
     end
     # @route POST /login
     def login
       resp = StdClass.new('error' => '', 'redirect' => '')
       return_url = params[:return_url].nil? ? "/" : params[:return_url]
       if logged_in?
         resp.redirect = return_url
+      elsif params[:username].blank?
+        resp.error = "Please provide a username."
+      elsif params[:password].blank?
+        resp.error = "Please provide a password."
       else
         username = params[:username].downcase
         password = params[:password]
-        if username.nil? || password.nil? || password.strip.length == 0
-          resp.error = "Invalid credentials"
-        else
-          bouncer_class = Caboose::authenticator_class.constantize
-          bouncer = bouncer_class.new
-          login_resp = bouncer.authenticate(username, password, @site, request)
-          if login_resp.error
-            resp.error = login_resp.error
-          else
-            remember = params[:remember] && (params[:remember] == 1 || params[:remember] == "1")
-            login_user(login_resp.user, remember)
-            #resp.redirect = return_url
-            resp.redirect = Caboose.plugin_hook('login_success', return_url, login_resp.user)
-            resp.modal = false
-          end
+        bouncer_class = Caboose::authenticator_class.constantize
+        bouncer = bouncer_class.new
+        login_resp = bouncer.authenticate(username, password, @site, request)
+        if login_resp.error
+          resp.error = login_resp.error
+        else
+          remember = params[:remember] && (params[:remember] == 1 || params[:remember] == "1")
+          login_user(login_resp.user, remember)
+          resp.redirect = Caboose.plugin_hook('login_success', return_url, login_resp.user)
+          resp.modal = false
         end
       end
       render :json => resp
@@ -51,29 +48,28 @@ module Caboose
     def forgot_password_form
       @return_url = params[:return_url].nil? ? "/" : params[:return_url]
       @modal = params[:modal].nil? ? false : params[:modal]
-      redirect_to @return_url if logged_in?
-      render :layout => Caboose::login_layout
+      redirect_to @return_url and return if logged_in?
+      @page.title = "Forgot Password" if @page
+      render :layout => "caboose/application"
     end
     # @route POST /login/forgot-password
     def send_reset_email
       @return_url = params[:return_url].nil? ? "/" : params[:return_url]
       redirect_to @return_url if logged_in?
       resp = Caboose::StdClass.new
       username = params[:username]
-		  if username.nil? || username.strip.length == 0
-		  	resp.error = "You must enter a username."
+		  if username.blank?
+		  	resp.error = "You must enter a username or email address."
         render :json => resp
 		  	return
 		  end
-		  bob = Caboose::User.where(:site_id => @site.id, :username => username).first
-		  bob = Caboose::User.where(:site_id => @site.id, :email    => username).first if bob.nil?
+		  bob = Caboose::User.where(:site_id => @site.id, :username => username.strip.downcase).first
+		  bob = Caboose::User.where(:site_id => @site.id, :email    => username.strip.downcase).first if bob.nil?
 		  if bob.nil?
-			  resp.error = "The given email or username is not in our system."
+			  resp.error = "The given username or email address does not exist."
 			  render :json => resp
 			  return
 			end
@@ -85,7 +81,7 @@ module Caboose
 		  LoginMailer.configure_for_site(@site.id).forgot_password_email(bob).deliver
-		  resp.success = "We just sent you an email. The reset link inside is good for 3 days."
+		  resp.success = "Please check your email for a link to reset your password. This link is good for 3 days."
 		  render :json => resp
 		end
@@ -98,7 +94,8 @@ module Caboose
 		  end
       @reset_id = params[:reset_id]
       @user = Caboose::User.user_for_reset_id(@reset_id)
-      render :layout => Caboose::login_layout
+      @page.title = "Reset Password" if @page
+      render :layout => "caboose/application"
     end
     # @route POST /login/reset-password
@@ -112,17 +109,16 @@ module Caboose
 	    pass1    = params[:pass1]
 	    pass2    = params[:pass2]
-	    if reset_id.nil? || reset_id.strip.length == 0
-	      resp.error = "No reset ID was given."
+	    if reset_id.blank?
+	      resp.error = "This password reset link is invalid."
 	    else
 	      user = Caboose::User.user_for_reset_id(reset_id)
 	    	if user.nil?
-	    	  resp.error = "The given reset ID is invalid."
-	    	elsif pass1 != pass2
-	    		resp.error = "Passwords don't match."
+	    	  resp.error = "This password reset link is invalid."
 	    	elsif pass1.length < 8
-	    	  resp.error = "Passwords must be at least 8 characters"
+	    	  resp.error = "Passwords must be at least 8 characters."
+        elsif pass1 != pass2
+          resp.error = "Your passwords don't match."
 	    	else
 	    	  user.password = Digest::SHA1.hexdigest(Caboose::salt + pass1)
 	    	  user.password_reset_id = ''

data/app/controllers/caboose/pages_controller.rb CHANGED

@@ -58,12 +58,11 @@ module Caboose
         asset
         return
       end
       user = logged_in_user
       if !user.is_allowed(page, 'view')
         if user.id == User.logged_out_user_id(@site.id)
-          redirect_to "/modal/login?return_url=" + URI.encode(request.fullpath)
+          redirect_to "/login?return_url=" + URI.encode(request.fullpath)
           return
         else
           # go to 404 page
@@ -81,11 +80,7 @@ module Caboose
       @user = user
       @editing = false
       @preview = false
-   #   @editmode = !params['edit'].nil? && user.is_allowed('pages', 'edit') ? true : false
-   #   @crumb_trail = Caboose::Page.crumb_trail(@page)
-   #   @subnav = Caboose::Page.subnav(@page, session['use_redirect_urls'], @user)
-      #@subnav.links = @tasks.collect {|href, task| {'href' => href, 'text' => task, 'is_current' => uri == href}}
     end
     def asset

data/app/controllers/caboose/register_controller.rb CHANGED

@@ -6,36 +6,34 @@ module Caboose
     def index
       @return_url = params[:return_url].nil? ? "/" : params[:return_url];
       @modal = params[:modal].nil? ? false : params[:modal]
-      redirect_to @return_url if logged_in?
-      render :layout => Caboose::register_layout
+      redirect_to @return_url and return if logged_in?
+      @page.title = "Create an Account" if @page
+      render :layout => "caboose/application"
     end
     # @route POST /register
     def register
       resp = StdClass.new('error' => '', 'redirect' => '')
       return_url = params[:return_url].nil? ? "/" : params[:return_url];
       if logged_in?
         resp.error = "Already logged in"
       elsif !@site.allow_self_registration
         resp.error = "This site doesn't allow self registration."
       else
         first_name  = params[:first_name]
         last_name   = params[:last_name]
         email       = params[:email]
         phone       = params[:phone]
         pass1       = params[:pass1]
-        pass2       = params[:pass2]
-        if first_name.nil? || first_name.strip.length == 0                             then resp.error = "Your first name is required."
-        elsif last_name.nil? || last_name.strip.length == 0                            then resp.error = "Your last name is required."
-        elsif email.nil? || email.strip.length == 0                                    then resp.error = "Your email address is required."
+        pass2       = params[:pass2]
+        if first_name.blank?                          then resp.error = "Your first name is required."
+        elsif last_name.blank?                         then resp.error = "Your last name is required."
+        elsif !(email.strip.downcase).match(URI::MailTo::EMAIL_REGEXP).present? then resp.error = "Email address is invalid."
+        elsif email.blank?                             then resp.error = "Your email address is required."
         elsif User.where(:site_id => @site.id, :email => email.strip.downcase).exists? then resp.error = "A user with that email address already exists."
-        elsif phone.nil? || phone.strip.length < 10                                    then resp.error = "Your phone number is required. Please include your area code."
-        elsif pass1.nil? || pass1.strip.length < 8                                     then resp.error = "Your password must be at least 8 characters."
-        elsif pass2.nil? || pass1 != pass2                                             then resp.error = "Your passwords don't match."
+   #     elsif phone.nil? || phone.strip.length < 10                                    then resp.error = "Your phone number is required. Please include your area code."
+        elsif pass1.blank? || pass1.strip.length < 8                                     then resp.error = "Your password must be at least 8 characters."
+        elsif pass2.blank? || pass1 != pass2                                             then resp.error = "Your passwords don't match."
         else
           u = Caboose::User.new
@@ -52,7 +50,7 @@ module Caboose
           u = Caboose::User.find(u.id)
           login_user(u, true)
-          resp.redirect = "/login?return_url=#{return_url}"
+          resp.redirect = return_url
         end
       end

data/app/controllers/caboose/users_controller.rb CHANGED

@@ -12,7 +12,6 @@ module Caboose
     # Non-admin actions
     #===========================================================================
     #===========================================================================
     # Admin actions
@@ -27,7 +26,6 @@ module Caboose
     # @route GET /admin/users/json
     def admin_json
       return if !user_is_allowed('users', 'view')
       pager = PageBarGenerator.new(params, {
           'site_id'         => @site.id,
     		  'first_name_like' => '',
@@ -50,7 +48,7 @@ module Caboose
     # @route GET /admin/users/:id/json
     def admin_json_single
       return if !user_is_allowed('users', 'view')
-      u = User.find(params[:id])
+      u = get_edit_user(params[:id], @site.id)
       render :json => u.as_json(:include => :roles)
     end
@@ -58,7 +56,7 @@ module Caboose
     def admin_stripe_json_single
       return if !user_is_allowed('users', 'view')
       sc = @site.store_config
-      u = User.find(params[:id])
+      u = get_edit_user(params[:id], @site.id)
       render :json => {
         :stripe_key     => sc.stripe_publishable_key.strip,
         :customer_id    => u.stripe_customer_id,
@@ -83,17 +81,19 @@ module Caboose
     # @route GET /admin/users/:id
     def admin_edit
       return if !user_is_allowed('users', 'edit')
-      @edituser = User.find(params[:id])
+      @edituser = get_edit_user(params[:id], @site.id)
       @all_roles = Role.tree(@site.id)
-      @roles = Role.roles_with_user(@edituser.id)
+      @roles = Role.roles_with_user(@edituser.id) if @edituser
+      redirect_to '/admin/users' if @edituser.nil?
     end
     # @route GET /admin/users/:id/roles
     def admin_edit_roles
       return if !user_is_allowed('users', 'edit')
-      @edituser = User.find(params[:id])
+      @edituser = get_edit_user(params[:id], @site.id)
       @all_roles = Role.tree(@site.id)
-      @roles = Role.roles_with_user(@edituser.id)
+      @roles = Role.roles_with_user(@edituser.id) if @edituser
+      redirect_to '/admin/users' if @edituser.nil?
     end
     # @route GET /admin/users/exports/:id/json
@@ -123,13 +123,14 @@ module Caboose
     # @route GET /admin/users/:id/payment-method
     def admin_edit_payment_method
       return if !user_is_allowed('users', 'edit')
-      @edituser = User.find(params[:id])
+      @edituser = get_edit_user(params[:id], @site.id)
     end
     # @route GET /admin/users/:id/password
     def admin_edit_password
       return if !user_is_allowed('users', 'edit')
-      @edituser = User.find(params[:id])
+      @edituser = get_edit_user(params[:id], @site.id)
+      redirect_to '/admin/users' if @edituser.nil?
     end
     def random_string(length)
@@ -140,7 +141,8 @@ module Caboose
     # @route GET /admin/users/:id/delete
     def admin_delete_form
       return if !user_is_allowed('users', 'edit')
-      @edituser = User.find(params[:id])
+      @edituser = get_edit_user(params[:id], @site.id)
+      redirect_to '/admin/users' if @edituser.nil?
     end
     # @route POST /admin/users/import
@@ -237,7 +239,7 @@ module Caboose
       return if !user_is_allowed('users', 'edit')
       resp = StdClass.new
-      user = User.find(params[:id])
+      user = get_edit_user(params[:id], @site.id)
       save = true
       params.each do |name,value|
@@ -318,18 +320,12 @@ module Caboose
     	resp.success = save && user.save
     	render json: resp
     end
-    # @route POST /admin/users/:id/update-pic
-    def admin_update_pic
-      @edituser = User.find(params[:id])
-      @new_value = "Testing"
-    end
     # @route DELETE /admin/users/bulk
     def admin_bulk_delete
       return unless user_is_allowed_to 'delete', 'users'
       params[:model_ids].each do |user_id|
-        user = User.where(:id => user_id).first
+        user = get_edit_user(user_id, @site.id)
         user.destroy if user
       end
       resp = Caboose::StdClass.new('success' => true)
@@ -339,9 +335,8 @@ module Caboose
     # @route DELETE /admin/users/:id
     def admin_delete
       return if !user_is_allowed('users', 'delete')
-      user = User.find(params[:id])
+      user = get_edit_user(params[:id], @site.id)
       user.destroy
       resp = StdClass.new({
         'redirect' => '/admin/users'
       })
@@ -351,8 +346,10 @@ module Caboose
     # @route POST /admin/users/:id/roles/:role_id
     def admin_add_to_role
       return if !user_is_allowed('users', 'edit')
-      if !RoleMembership.where(:user_id => params[:id], :role_id => params[:role_id]).exists?
-        RoleMembership.create(:user_id => params[:id], :role_id => params[:role_id])
+      user = get_edit_user(params[:id], @site.id)
+      role = Role.where(:id => params[:role_id], :site_id => @site.id).first
+      if user && role && !RoleMembership.where(:user_id => user.id, :role_id => role.id).exists?
+        RoleMembership.create(:user_id => user.id, :role_id => role.id)
       end
       render :json => true
     end
@@ -360,7 +357,11 @@ module Caboose
     # @route DELETE /admin/users/:id/roles/:role_id
     def admin_remove_from_role
       return if !user_is_allowed('users', 'edit')
-      RoleMembership.where(:user_id => params[:id], :role_id => params[:role_id]).destroy_all
+      user = get_edit_user(params[:id], @site.id)
+      role = Role.where(:id => params[:role_id], :site_id => @site.id).first
+      if user && role
+        RoleMembership.where(:user_id => user.id, :role_id => role.id).destroy_all
+      end
       render :json => true
     end
@@ -377,33 +378,18 @@ module Caboose
     # @route GET /admin/users/:id/su
     def admin_su
       return if !user_is_allowed('users', 'sudo')
-      user = User.find(params[:id])
-      ## See if we're on the default domain
-      #d = Caboose::Domain.where(:domain => request.host_with_port).first
-      #
-      #if d.primary == true
-      #  logout_user
-      #  login_user(user, false) # Login the new user
-      #  redirect_to "/"
-      #end
-      #
-      ## Set a random token for the user
-      #user.token = (0...20).map { ('a'..'z').to_a[rand(26)] }.join
-      #user.save
-      #
-      #redirect_to "http://#{d.site.primary_domain.domain}/admin/users/#{params[:id]}/su/#{user.token}"
-      logout_user
-      login_user(user, false) # Login the new user
-      redirect_to "/"
+      user = get_edit_user(params[:id], @site.id)
+      if user
+        logout_user
+        login_user(user, false)
+        redirect_to "/"
+      end
     end
     # @route GET /admin/users/:id/su/:token
     def admin_su_token
       return if params[:token].nil?
-      user = User.find(params[:id])
+      user = get_edit_user(params[:id], @site.id)
       token = params[:token]
       if user.token == params[:token]
         if logged_in? || logged_in_user.id == User::LOGGED_OUT_USER_ID
@@ -420,6 +406,14 @@ module Caboose
         render :json => false
       end
     end
+    private
+    def get_edit_user(user_id, site_id)
+      user = User.find(user_id)
+      return user if user && (user.site_id == site_id || logged_in_user.is_super_admin?)
+      return nil
+    end
   end
 end

data/app/mailers/caboose/login_mailer.rb CHANGED

@@ -8,8 +8,9 @@ module Caboose
     def locked_account(user)
       @user = user
-      mail(:to => user.email, :subject => "#{user.site.description} Locked Account")
-    end
+      admin_email = user.site.contact_email
+      mail(:to => admin_email, :subject => "#{user.site.description} Locked Account") if !admin_email.blank?
+    end
   end
 end

data/app/models/caboose/authenticator.rb CHANGED

@@ -51,12 +51,12 @@ module Caboose
           resp.user = user
           ll.success = true
         else
-          resp.error = "Invalid credentials"
+          resp.error = "Your username or password is incorrect."
           ll.success = false
         end
       else
-        resp.error = "Invalid credentials"
+        resp.error = "Your username or password is incorrect."
         ll.success = false
       end

data/app/models/caboose/block_type_category.rb CHANGED

@@ -3,11 +3,13 @@ class Caboose::BlockTypeCategory < ActiveRecord::Base
   self.table_name = "block_type_categories"
   belongs_to :parent, :foreign_key => 'parent_id', :class_name => 'Caboose::BlockTypeCategory'
-  has_many :children, :foreign_key => 'parent_id', :class_name => 'Caboose::BlockTypeCategory', :dependent => :destroy, :order => :name
+  has_many :children, :foreign_key => 'parent_id', :class_name => 'Caboose::BlockTypeCategory', :dependent => :destroy, :order => :sort_order
   has_many :block_types
   attr_accessible :id,
     :parent_id,
-    :name
+    :name,
+    :sort_order,
+    :show_in_sidebar
   def self.layouts
     self.where("name = ? and parent_id is null", 'Layouts').reorder(:name).all