RubyGems - caboose-cms - Versions diffs - 0.9.193 → 0.9.194 - Mend

caboose-cms 0.9.193 → 0.9.194

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

checksums.yaml +4 -4
data/app/assets/javascripts/caboose/main.js +35 -34
data/app/assets/stylesheets/caboose/login.scss +95 -0
data/app/controllers/caboose/application_controller.rb +1 -1
data/app/controllers/caboose/block_type_categories_controller.rb +25 -2
data/app/controllers/caboose/block_types_controller.rb +34 -35
data/app/controllers/caboose/login_controller.rb +33 -37
data/app/controllers/caboose/pages_controller.rb +2 -7
data/app/controllers/caboose/register_controller.rb +12 -14
data/app/controllers/caboose/users_controller.rb +40 -46
data/app/mailers/caboose/login_mailer.rb +3 -2
data/app/models/caboose/authenticator.rb +2 -2
data/app/models/caboose/block_type_category.rb +4 -2
data/app/models/caboose/schema.rb +4 -2
data/app/views/caboose/block_type_categories/admin_edit.html.erb +43 -0
data/app/views/caboose/block_type_categories/admin_index.html.erb +23 -0
data/app/{assets/javascripts/caboose/testing.js → views/caboose/block_type_categories/admin_new.html.erb} +0 -0
data/app/views/caboose/block_types/admin_edit.html.erb +8 -8
data/app/views/caboose/extras/error.html.erb +1 -1
data/app/views/caboose/login/forgot_password_form.html.erb +38 -51
data/app/views/caboose/login/index.html.erb +41 -64
data/app/views/caboose/login/reset_password_form.html.erb +35 -35
data/app/views/caboose/register/index.html.erb +51 -44
data/lib/caboose/version.rb +1 -1
metadata +6 -8
data/app/assets/javascripts/caboose/cart_old.js +0 -184
data/app/assets/javascripts/caboose/checkout_old.js +0 -151
data/app/assets/javascripts/caboose/product_new.js +0 -306
data/app/assets/javascripts/caboose/product_old.js +0 -324
data/app/assets/stylesheets/caboose/login.css +0 -134

data/app/controllers/caboose/login_controller.rb CHANGED

@@ -11,37 +11,34 @@ module Caboose
       end
       @return_url = params[:return_url].nil? ? "/" : params[:return_url]
       @modal = params[:modal].nil? ? false : params[:modal]
+      @page.title = "Login" if @page
       redirect_to @return_url and return if logged_in?
-      render :layout => Caboose::login_layout
+      render :layout => "caboose/application"
     end
     # @route POST /login
     def login
       resp = StdClass.new('error' => '', 'redirect' => '')
       return_url = params[:return_url].nil? ? "/" : params[:return_url]
       if logged_in?
         resp.redirect = return_url
+      elsif params[:username].blank?
+        resp.error = "Please provide a username."
+      elsif params[:password].blank?
+        resp.error = "Please provide a password."
       else
         username = params[:username].downcase
         password = params[:password]
-        if username.nil? || password.nil? || password.strip.length == 0
-          resp.error = "Invalid credentials"
-        else
-          bouncer_class = Caboose::authenticator_class.constantize
-          bouncer = bouncer_class.new
-          login_resp = bouncer.authenticate(username, password, @site, request)
-          if login_resp.error
-            resp.error = login_resp.error
-          else
-            remember = params[:remember] && (params[:remember] == 1 || params[:remember] == "1")
-            login_user(login_resp.user, remember)
-            #resp.redirect = return_url
-            resp.redirect = Caboose.plugin_hook('login_success', return_url, login_resp.user)
-            resp.modal = false
-          end
+        bouncer_class = Caboose::authenticator_class.constantize
+        bouncer = bouncer_class.new
+        login_resp = bouncer.authenticate(username, password, @site, request)
+        if login_resp.error
+          resp.error = login_resp.error
+        else
+          remember = params[:remember] && (params[:remember] == 1 || params[:remember] == "1")
+          login_user(login_resp.user, remember)
+          resp.redirect = Caboose.plugin_hook('login_success', return_url, login_resp.user)
+          resp.modal = false
         end
       end
       render :json => resp
@@ -51,29 +48,28 @@ module Caboose
     def forgot_password_form
       @return_url = params[:return_url].nil? ? "/" : params[:return_url]
       @modal = params[:modal].nil? ? false : params[:modal]
-      redirect_to @return_url if logged_in?
-      render :layout => Caboose::login_layout
+      redirect_to @return_url and return if logged_in?
+      @page.title = "Forgot Password" if @page
+      render :layout => "caboose/application"
     end
     # @route POST /login/forgot-password
     def send_reset_email
       @return_url = params[:return_url].nil? ? "/" : params[:return_url]
       redirect_to @return_url if logged_in?
       resp = Caboose::StdClass.new
       username = params[:username]
-		  if username.nil? || username.strip.length == 0
-		  	resp.error = "You must enter a username."
+		  if username.blank?
+		  	resp.error = "You must enter a username or email address."
         render :json => resp
 		  	return
 		  end
-		  bob = Caboose::User.where(:site_id => @site.id, :username => username).first
-		  bob = Caboose::User.where(:site_id => @site.id, :email    => username).first if bob.nil?
+		  bob = Caboose::User.where(:site_id => @site.id, :username => username.strip.downcase).first
+		  bob = Caboose::User.where(:site_id => @site.id, :email    => username.strip.downcase).first if bob.nil?
 		  if bob.nil?
-			  resp.error = "The given email or username is not in our system."
+			  resp.error = "The given username or email address does not exist."
 			  render :json => resp
 			  return
 			end
@@ -85,7 +81,7 @@ module Caboose
 		  LoginMailer.configure_for_site(@site.id).forgot_password_email(bob).deliver
-		  resp.success = "We just sent you an email. The reset link inside is good for 3 days."
+		  resp.success = "Please check your email for a link to reset your password. This link is good for 3 days."
 		  render :json => resp
 		end
@@ -98,7 +94,8 @@ module Caboose
 		  end
       @reset_id = params[:reset_id]
       @user = Caboose::User.user_for_reset_id(@reset_id)
-      render :layout => Caboose::login_layout
+      @page.title = "Reset Password" if @page
+      render :layout => "caboose/application"
     end
     # @route POST /login/reset-password
@@ -112,17 +109,16 @@ module Caboose
 	    pass1    = params[:pass1]
 	    pass2    = params[:pass2]
-	    if reset_id.nil? || reset_id.strip.length == 0
-	      resp.error = "No reset ID was given."
+	    if reset_id.blank?
+	      resp.error = "This password reset link is invalid."
 	    else
 	      user = Caboose::User.user_for_reset_id(reset_id)
 	    	if user.nil?
-	    	  resp.error = "The given reset ID is invalid."
-	    	elsif pass1 != pass2
-	    		resp.error = "Passwords don't match."
+	    	  resp.error = "This password reset link is invalid."
 	    	elsif pass1.length < 8
-	    	  resp.error = "Passwords must be at least 8 characters"
+	    	  resp.error = "Passwords must be at least 8 characters."
+        elsif pass1 != pass2
+          resp.error = "Your passwords don't match."
 	    	else
 	    	  user.password = Digest::SHA1.hexdigest(Caboose::salt + pass1)
 	    	  user.password_reset_id = ''

data/app/controllers/caboose/pages_controller.rb CHANGED

@@ -58,12 +58,11 @@ module Caboose
         asset
         return
       end
       user = logged_in_user
       if !user.is_allowed(page, 'view')
         if user.id == User.logged_out_user_id(@site.id)
-          redirect_to "/modal/login?return_url=" + URI.encode(request.fullpath)
+          redirect_to "/login?return_url=" + URI.encode(request.fullpath)
           return
         else
           # go to 404 page
@@ -81,11 +80,7 @@ module Caboose
       @user = user
       @editing = false
       @preview = false
-   #   @editmode = !params['edit'].nil? && user.is_allowed('pages', 'edit') ? true : false
-   #   @crumb_trail = Caboose::Page.crumb_trail(@page)
-   #   @subnav = Caboose::Page.subnav(@page, session['use_redirect_urls'], @user)
-      #@subnav.links = @tasks.collect {|href, task| {'href' => href, 'text' => task, 'is_current' => uri == href}}
     end
     def asset

data/app/controllers/caboose/register_controller.rb CHANGED

@@ -6,36 +6,34 @@ module Caboose
     def index
       @return_url = params[:return_url].nil? ? "/" : params[:return_url];
       @modal = params[:modal].nil? ? false : params[:modal]
-      redirect_to @return_url if logged_in?
-      render :layout => Caboose::register_layout
+      redirect_to @return_url and return if logged_in?
+      @page.title = "Create an Account" if @page
+      render :layout => "caboose/application"
     end
     # @route POST /register
     def register
       resp = StdClass.new('error' => '', 'redirect' => '')
       return_url = params[:return_url].nil? ? "/" : params[:return_url];
       if logged_in?
         resp.error = "Already logged in"
       elsif !@site.allow_self_registration
         resp.error = "This site doesn't allow self registration."
       else
         first_name  = params[:first_name]
         last_name   = params[:last_name]
         email       = params[:email]
         phone       = params[:phone]
         pass1       = params[:pass1]
-        pass2       = params[:pass2]
-        if first_name.nil? || first_name.strip.length == 0                             then resp.error = "Your first name is required."
-        elsif last_name.nil? || last_name.strip.length == 0                            then resp.error = "Your last name is required."
-        elsif email.nil? || email.strip.length == 0                                    then resp.error = "Your email address is required."
+        pass2       = params[:pass2]
+        if first_name.blank?                          then resp.error = "Your first name is required."
+        elsif last_name.blank?                         then resp.error = "Your last name is required."
+        elsif !(email.strip.downcase).match(URI::MailTo::EMAIL_REGEXP).present? then resp.error = "Email address is invalid."
+        elsif email.blank?                             then resp.error = "Your email address is required."
         elsif User.where(:site_id => @site.id, :email => email.strip.downcase).exists? then resp.error = "A user with that email address already exists."
-        elsif phone.nil? || phone.strip.length < 10                                    then resp.error = "Your phone number is required. Please include your area code."
-        elsif pass1.nil? || pass1.strip.length < 8                                     then resp.error = "Your password must be at least 8 characters."
-        elsif pass2.nil? || pass1 != pass2                                             then resp.error = "Your passwords don't match."
+   #     elsif phone.nil? || phone.strip.length < 10                                    then resp.error = "Your phone number is required. Please include your area code."
+        elsif pass1.blank? || pass1.strip.length < 8                                     then resp.error = "Your password must be at least 8 characters."
+        elsif pass2.blank? || pass1 != pass2                                             then resp.error = "Your passwords don't match."
         else
           u = Caboose::User.new
@@ -52,7 +50,7 @@ module Caboose
           u = Caboose::User.find(u.id)
           login_user(u, true)
-          resp.redirect = "/login?return_url=#{return_url}"
+          resp.redirect = return_url
         end
       end

data/app/controllers/caboose/users_controller.rb CHANGED

@@ -12,7 +12,6 @@ module Caboose
     # Non-admin actions
     #===========================================================================
     #===========================================================================
     # Admin actions
@@ -27,7 +26,6 @@ module Caboose
     # @route GET /admin/users/json
     def admin_json
       return if !user_is_allowed('users', 'view')
       pager = PageBarGenerator.new(params, {
           'site_id'         => @site.id,
     		  'first_name_like' => '',
@@ -50,7 +48,7 @@ module Caboose
     # @route GET /admin/users/:id/json
     def admin_json_single
       return if !user_is_allowed('users', 'view')
-      u = User.find(params[:id])
+      u = get_edit_user(params[:id], @site.id)
       render :json => u.as_json(:include => :roles)
     end
@@ -58,7 +56,7 @@ module Caboose
     def admin_stripe_json_single
       return if !user_is_allowed('users', 'view')
       sc = @site.store_config
-      u = User.find(params[:id])
+      u = get_edit_user(params[:id], @site.id)
       render :json => {
         :stripe_key     => sc.stripe_publishable_key.strip,
         :customer_id    => u.stripe_customer_id,
@@ -83,17 +81,19 @@ module Caboose
     # @route GET /admin/users/:id
     def admin_edit
       return if !user_is_allowed('users', 'edit')
-      @edituser = User.find(params[:id])
+      @edituser = get_edit_user(params[:id], @site.id)
       @all_roles = Role.tree(@site.id)
-      @roles = Role.roles_with_user(@edituser.id)
+      @roles = Role.roles_with_user(@edituser.id) if @edituser
+      redirect_to '/admin/users' if @edituser.nil?
     end
     # @route GET /admin/users/:id/roles
     def admin_edit_roles
       return if !user_is_allowed('users', 'edit')
-      @edituser = User.find(params[:id])
+      @edituser = get_edit_user(params[:id], @site.id)
       @all_roles = Role.tree(@site.id)
-      @roles = Role.roles_with_user(@edituser.id)
+      @roles = Role.roles_with_user(@edituser.id) if @edituser
+      redirect_to '/admin/users' if @edituser.nil?
     end
     # @route GET /admin/users/exports/:id/json
@@ -123,13 +123,14 @@ module Caboose
     # @route GET /admin/users/:id/payment-method
     def admin_edit_payment_method
       return if !user_is_allowed('users', 'edit')
-      @edituser = User.find(params[:id])
+      @edituser = get_edit_user(params[:id], @site.id)
     end
     # @route GET /admin/users/:id/password
     def admin_edit_password
       return if !user_is_allowed('users', 'edit')
-      @edituser = User.find(params[:id])
+      @edituser = get_edit_user(params[:id], @site.id)
+      redirect_to '/admin/users' if @edituser.nil?
     end
     def random_string(length)
@@ -140,7 +141,8 @@ module Caboose
     # @route GET /admin/users/:id/delete
     def admin_delete_form
       return if !user_is_allowed('users', 'edit')
-      @edituser = User.find(params[:id])
+      @edituser = get_edit_user(params[:id], @site.id)
+      redirect_to '/admin/users' if @edituser.nil?
     end
     # @route POST /admin/users/import
@@ -237,7 +239,7 @@ module Caboose
       return if !user_is_allowed('users', 'edit')
       resp = StdClass.new
-      user = User.find(params[:id])
+      user = get_edit_user(params[:id], @site.id)
       save = true
       params.each do |name,value|
@@ -318,18 +320,12 @@ module Caboose
     	resp.success = save && user.save
     	render json: resp
     end
-    # @route POST /admin/users/:id/update-pic
-    def admin_update_pic
-      @edituser = User.find(params[:id])
-      @new_value = "Testing"
-    end
     # @route DELETE /admin/users/bulk
     def admin_bulk_delete
       return unless user_is_allowed_to 'delete', 'users'
       params[:model_ids].each do |user_id|
-        user = User.where(:id => user_id).first
+        user = get_edit_user(user_id, @site.id)
         user.destroy if user
       end
       resp = Caboose::StdClass.new('success' => true)
@@ -339,9 +335,8 @@ module Caboose
     # @route DELETE /admin/users/:id
     def admin_delete
       return if !user_is_allowed('users', 'delete')
-      user = User.find(params[:id])
+      user = get_edit_user(params[:id], @site.id)
       user.destroy
       resp = StdClass.new({
         'redirect' => '/admin/users'
       })
@@ -351,8 +346,10 @@ module Caboose
     # @route POST /admin/users/:id/roles/:role_id
     def admin_add_to_role
       return if !user_is_allowed('users', 'edit')
-      if !RoleMembership.where(:user_id => params[:id], :role_id => params[:role_id]).exists?
-        RoleMembership.create(:user_id => params[:id], :role_id => params[:role_id])
+      user = get_edit_user(params[:id], @site.id)
+      role = Role.where(:id => params[:role_id], :site_id => @site.id).first
+      if user && role && !RoleMembership.where(:user_id => user.id, :role_id => role.id).exists?
+        RoleMembership.create(:user_id => user.id, :role_id => role.id)
       end
       render :json => true
     end
@@ -360,7 +357,11 @@ module Caboose
     # @route DELETE /admin/users/:id/roles/:role_id
     def admin_remove_from_role
       return if !user_is_allowed('users', 'edit')
-      RoleMembership.where(:user_id => params[:id], :role_id => params[:role_id]).destroy_all
+      user = get_edit_user(params[:id], @site.id)
+      role = Role.where(:id => params[:role_id], :site_id => @site.id).first
+      if user && role
+        RoleMembership.where(:user_id => user.id, :role_id => role.id).destroy_all
+      end
       render :json => true
     end
@@ -377,33 +378,18 @@ module Caboose
     # @route GET /admin/users/:id/su
     def admin_su
       return if !user_is_allowed('users', 'sudo')
-      user = User.find(params[:id])
-      ## See if we're on the default domain
-      #d = Caboose::Domain.where(:domain => request.host_with_port).first
-      #
-      #if d.primary == true
-      #  logout_user
-      #  login_user(user, false) # Login the new user
-      #  redirect_to "/"
-      #end
-      #
-      ## Set a random token for the user
-      #user.token = (0...20).map { ('a'..'z').to_a[rand(26)] }.join
-      #user.save
-      #
-      #redirect_to "http://#{d.site.primary_domain.domain}/admin/users/#{params[:id]}/su/#{user.token}"
-      logout_user
-      login_user(user, false) # Login the new user
-      redirect_to "/"
+      user = get_edit_user(params[:id], @site.id)
+      if user
+        logout_user
+        login_user(user, false)
+        redirect_to "/"
+      end
     end
     # @route GET /admin/users/:id/su/:token
     def admin_su_token
       return if params[:token].nil?
-      user = User.find(params[:id])
+      user = get_edit_user(params[:id], @site.id)
       token = params[:token]
       if user.token == params[:token]
         if logged_in? || logged_in_user.id == User::LOGGED_OUT_USER_ID
@@ -420,6 +406,14 @@ module Caboose
         render :json => false
       end
     end
+    private
+    def get_edit_user(user_id, site_id)
+      user = User.find(user_id)
+      return user if user && (user.site_id == site_id || logged_in_user.is_super_admin?)
+      return nil
+    end
   end
 end

data/app/mailers/caboose/login_mailer.rb CHANGED

@@ -8,8 +8,9 @@ module Caboose
     def locked_account(user)
       @user = user
-      mail(:to => user.email, :subject => "#{user.site.description} Locked Account")
-    end
+      admin_email = user.site.contact_email
+      mail(:to => admin_email, :subject => "#{user.site.description} Locked Account") if !admin_email.blank?
+    end
   end
 end

data/app/models/caboose/authenticator.rb CHANGED

@@ -51,12 +51,12 @@ module Caboose
           resp.user = user
           ll.success = true
         else
-          resp.error = "Invalid credentials"
+          resp.error = "Your username or password is incorrect."
           ll.success = false
         end
       else
-        resp.error = "Invalid credentials"
+        resp.error = "Your username or password is incorrect."
         ll.success = false
       end

data/app/models/caboose/block_type_category.rb CHANGED

@@ -3,11 +3,13 @@ class Caboose::BlockTypeCategory < ActiveRecord::Base
   self.table_name = "block_type_categories"
   belongs_to :parent, :foreign_key => 'parent_id', :class_name => 'Caboose::BlockTypeCategory'
-  has_many :children, :foreign_key => 'parent_id', :class_name => 'Caboose::BlockTypeCategory', :dependent => :destroy, :order => :name
+  has_many :children, :foreign_key => 'parent_id', :class_name => 'Caboose::BlockTypeCategory', :dependent => :destroy, :order => :sort_order
   has_many :block_types
   attr_accessible :id,
     :parent_id,
-    :name
+    :name,
+    :sort_order,
+    :show_in_sidebar
   def self.layouts
     self.where("name = ? and parent_id is null", 'Layouts').reorder(:name).all