caboose-cms 0.9.193 → 0.9.194
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/assets/javascripts/caboose/main.js +35 -34
- data/app/assets/stylesheets/caboose/login.scss +95 -0
- data/app/controllers/caboose/application_controller.rb +1 -1
- data/app/controllers/caboose/block_type_categories_controller.rb +25 -2
- data/app/controllers/caboose/block_types_controller.rb +34 -35
- data/app/controllers/caboose/login_controller.rb +33 -37
- data/app/controllers/caboose/pages_controller.rb +2 -7
- data/app/controllers/caboose/register_controller.rb +12 -14
- data/app/controllers/caboose/users_controller.rb +40 -46
- data/app/mailers/caboose/login_mailer.rb +3 -2
- data/app/models/caboose/authenticator.rb +2 -2
- data/app/models/caboose/block_type_category.rb +4 -2
- data/app/models/caboose/schema.rb +4 -2
- data/app/views/caboose/block_type_categories/admin_edit.html.erb +43 -0
- data/app/views/caboose/block_type_categories/admin_index.html.erb +23 -0
- data/app/{assets/javascripts/caboose/testing.js → views/caboose/block_type_categories/admin_new.html.erb} +0 -0
- data/app/views/caboose/block_types/admin_edit.html.erb +8 -8
- data/app/views/caboose/extras/error.html.erb +1 -1
- data/app/views/caboose/login/forgot_password_form.html.erb +38 -51
- data/app/views/caboose/login/index.html.erb +41 -64
- data/app/views/caboose/login/reset_password_form.html.erb +35 -35
- data/app/views/caboose/register/index.html.erb +51 -44
- data/lib/caboose/version.rb +1 -1
- metadata +6 -8
- data/app/assets/javascripts/caboose/cart_old.js +0 -184
- data/app/assets/javascripts/caboose/checkout_old.js +0 -151
- data/app/assets/javascripts/caboose/product_new.js +0 -306
- data/app/assets/javascripts/caboose/product_old.js +0 -324
- data/app/assets/stylesheets/caboose/login.css +0 -134
@@ -11,37 +11,34 @@ module Caboose
|
|
11
11
|
end
|
12
12
|
@return_url = params[:return_url].nil? ? "/" : params[:return_url]
|
13
13
|
@modal = params[:modal].nil? ? false : params[:modal]
|
14
|
+
@page.title = "Login" if @page
|
14
15
|
redirect_to @return_url and return if logged_in?
|
15
|
-
render :layout =>
|
16
|
+
render :layout => "caboose/application"
|
16
17
|
end
|
17
18
|
|
18
19
|
# @route POST /login
|
19
20
|
def login
|
20
21
|
resp = StdClass.new('error' => '', 'redirect' => '')
|
21
22
|
return_url = params[:return_url].nil? ? "/" : params[:return_url]
|
22
|
-
|
23
23
|
if logged_in?
|
24
24
|
resp.redirect = return_url
|
25
|
+
elsif params[:username].blank?
|
26
|
+
resp.error = "Please provide a username."
|
27
|
+
elsif params[:password].blank?
|
28
|
+
resp.error = "Please provide a password."
|
25
29
|
else
|
26
30
|
username = params[:username].downcase
|
27
31
|
password = params[:password]
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
else
|
39
|
-
remember = params[:remember] && (params[:remember] == 1 || params[:remember] == "1")
|
40
|
-
login_user(login_resp.user, remember)
|
41
|
-
#resp.redirect = return_url
|
42
|
-
resp.redirect = Caboose.plugin_hook('login_success', return_url, login_resp.user)
|
43
|
-
resp.modal = false
|
44
|
-
end
|
32
|
+
bouncer_class = Caboose::authenticator_class.constantize
|
33
|
+
bouncer = bouncer_class.new
|
34
|
+
login_resp = bouncer.authenticate(username, password, @site, request)
|
35
|
+
if login_resp.error
|
36
|
+
resp.error = login_resp.error
|
37
|
+
else
|
38
|
+
remember = params[:remember] && (params[:remember] == 1 || params[:remember] == "1")
|
39
|
+
login_user(login_resp.user, remember)
|
40
|
+
resp.redirect = Caboose.plugin_hook('login_success', return_url, login_resp.user)
|
41
|
+
resp.modal = false
|
45
42
|
end
|
46
43
|
end
|
47
44
|
render :json => resp
|
@@ -51,29 +48,28 @@ module Caboose
|
|
51
48
|
def forgot_password_form
|
52
49
|
@return_url = params[:return_url].nil? ? "/" : params[:return_url]
|
53
50
|
@modal = params[:modal].nil? ? false : params[:modal]
|
54
|
-
redirect_to @return_url if logged_in?
|
55
|
-
|
51
|
+
redirect_to @return_url and return if logged_in?
|
52
|
+
@page.title = "Forgot Password" if @page
|
53
|
+
render :layout => "caboose/application"
|
56
54
|
end
|
57
55
|
|
58
56
|
# @route POST /login/forgot-password
|
59
57
|
def send_reset_email
|
60
58
|
@return_url = params[:return_url].nil? ? "/" : params[:return_url]
|
61
59
|
redirect_to @return_url if logged_in?
|
62
|
-
|
63
60
|
resp = Caboose::StdClass.new
|
64
61
|
username = params[:username]
|
65
|
-
|
66
|
-
|
67
|
-
resp.error = "You must enter a username."
|
62
|
+
if username.blank?
|
63
|
+
resp.error = "You must enter a username or email address."
|
68
64
|
render :json => resp
|
69
65
|
return
|
70
66
|
end
|
71
67
|
|
72
|
-
bob = Caboose::User.where(:site_id => @site.id, :username => username).first
|
73
|
-
bob = Caboose::User.where(:site_id => @site.id, :email => username).first if bob.nil?
|
68
|
+
bob = Caboose::User.where(:site_id => @site.id, :username => username.strip.downcase).first
|
69
|
+
bob = Caboose::User.where(:site_id => @site.id, :email => username.strip.downcase).first if bob.nil?
|
74
70
|
|
75
71
|
if bob.nil?
|
76
|
-
resp.error = "The given
|
72
|
+
resp.error = "The given username or email address does not exist."
|
77
73
|
render :json => resp
|
78
74
|
return
|
79
75
|
end
|
@@ -85,7 +81,7 @@ module Caboose
|
|
85
81
|
|
86
82
|
LoginMailer.configure_for_site(@site.id).forgot_password_email(bob).deliver
|
87
83
|
|
88
|
-
resp.success = "
|
84
|
+
resp.success = "Please check your email for a link to reset your password. This link is good for 3 days."
|
89
85
|
render :json => resp
|
90
86
|
end
|
91
87
|
|
@@ -98,7 +94,8 @@ module Caboose
|
|
98
94
|
end
|
99
95
|
@reset_id = params[:reset_id]
|
100
96
|
@user = Caboose::User.user_for_reset_id(@reset_id)
|
101
|
-
|
97
|
+
@page.title = "Reset Password" if @page
|
98
|
+
render :layout => "caboose/application"
|
102
99
|
end
|
103
100
|
|
104
101
|
# @route POST /login/reset-password
|
@@ -112,17 +109,16 @@ module Caboose
|
|
112
109
|
pass1 = params[:pass1]
|
113
110
|
pass2 = params[:pass2]
|
114
111
|
|
115
|
-
if reset_id.
|
116
|
-
resp.error = "
|
112
|
+
if reset_id.blank?
|
113
|
+
resp.error = "This password reset link is invalid."
|
117
114
|
else
|
118
115
|
user = Caboose::User.user_for_reset_id(reset_id)
|
119
|
-
|
120
116
|
if user.nil?
|
121
|
-
resp.error = "
|
122
|
-
elsif pass1 != pass2
|
123
|
-
resp.error = "Passwords don't match."
|
117
|
+
resp.error = "This password reset link is invalid."
|
124
118
|
elsif pass1.length < 8
|
125
|
-
resp.error = "Passwords must be at least 8 characters"
|
119
|
+
resp.error = "Passwords must be at least 8 characters."
|
120
|
+
elsif pass1 != pass2
|
121
|
+
resp.error = "Your passwords don't match."
|
126
122
|
else
|
127
123
|
user.password = Digest::SHA1.hexdigest(Caboose::salt + pass1)
|
128
124
|
user.password_reset_id = ''
|
@@ -58,12 +58,11 @@ module Caboose
|
|
58
58
|
asset
|
59
59
|
return
|
60
60
|
end
|
61
|
-
|
62
61
|
|
63
62
|
user = logged_in_user
|
64
63
|
if !user.is_allowed(page, 'view')
|
65
64
|
if user.id == User.logged_out_user_id(@site.id)
|
66
|
-
redirect_to "/
|
65
|
+
redirect_to "/login?return_url=" + URI.encode(request.fullpath)
|
67
66
|
return
|
68
67
|
else
|
69
68
|
# go to 404 page
|
@@ -81,11 +80,7 @@ module Caboose
|
|
81
80
|
@user = user
|
82
81
|
@editing = false
|
83
82
|
@preview = false
|
84
|
-
|
85
|
-
# @crumb_trail = Caboose::Page.crumb_trail(@page)
|
86
|
-
# @subnav = Caboose::Page.subnav(@page, session['use_redirect_urls'], @user)
|
87
|
-
#@subnav.links = @tasks.collect {|href, task| {'href' => href, 'text' => task, 'is_current' => uri == href}}
|
88
|
-
|
83
|
+
|
89
84
|
end
|
90
85
|
|
91
86
|
def asset
|
@@ -6,36 +6,34 @@ module Caboose
|
|
6
6
|
def index
|
7
7
|
@return_url = params[:return_url].nil? ? "/" : params[:return_url];
|
8
8
|
@modal = params[:modal].nil? ? false : params[:modal]
|
9
|
-
redirect_to @return_url if logged_in?
|
10
|
-
|
9
|
+
redirect_to @return_url and return if logged_in?
|
10
|
+
@page.title = "Create an Account" if @page
|
11
|
+
render :layout => "caboose/application"
|
11
12
|
end
|
12
13
|
|
13
14
|
# @route POST /register
|
14
15
|
def register
|
15
|
-
|
16
16
|
resp = StdClass.new('error' => '', 'redirect' => '')
|
17
17
|
return_url = params[:return_url].nil? ? "/" : params[:return_url];
|
18
|
-
|
19
18
|
if logged_in?
|
20
19
|
resp.error = "Already logged in"
|
21
20
|
elsif !@site.allow_self_registration
|
22
21
|
resp.error = "This site doesn't allow self registration."
|
23
22
|
else
|
24
|
-
|
25
23
|
first_name = params[:first_name]
|
26
24
|
last_name = params[:last_name]
|
27
25
|
email = params[:email]
|
28
26
|
phone = params[:phone]
|
29
27
|
pass1 = params[:pass1]
|
30
|
-
pass2 = params[:pass2]
|
31
|
-
|
32
|
-
|
33
|
-
elsif
|
34
|
-
elsif email.
|
28
|
+
pass2 = params[:pass2]
|
29
|
+
if first_name.blank? then resp.error = "Your first name is required."
|
30
|
+
elsif last_name.blank? then resp.error = "Your last name is required."
|
31
|
+
elsif !(email.strip.downcase).match(URI::MailTo::EMAIL_REGEXP).present? then resp.error = "Email address is invalid."
|
32
|
+
elsif email.blank? then resp.error = "Your email address is required."
|
35
33
|
elsif User.where(:site_id => @site.id, :email => email.strip.downcase).exists? then resp.error = "A user with that email address already exists."
|
36
|
-
|
37
|
-
elsif pass1.
|
38
|
-
elsif pass2.
|
34
|
+
# elsif phone.nil? || phone.strip.length < 10 then resp.error = "Your phone number is required. Please include your area code."
|
35
|
+
elsif pass1.blank? || pass1.strip.length < 8 then resp.error = "Your password must be at least 8 characters."
|
36
|
+
elsif pass2.blank? || pass1 != pass2 then resp.error = "Your passwords don't match."
|
39
37
|
else
|
40
38
|
|
41
39
|
u = Caboose::User.new
|
@@ -52,7 +50,7 @@ module Caboose
|
|
52
50
|
u = Caboose::User.find(u.id)
|
53
51
|
login_user(u, true)
|
54
52
|
|
55
|
-
resp.redirect =
|
53
|
+
resp.redirect = return_url
|
56
54
|
|
57
55
|
end
|
58
56
|
end
|
@@ -12,7 +12,6 @@ module Caboose
|
|
12
12
|
# Non-admin actions
|
13
13
|
#===========================================================================
|
14
14
|
|
15
|
-
|
16
15
|
|
17
16
|
#===========================================================================
|
18
17
|
# Admin actions
|
@@ -27,7 +26,6 @@ module Caboose
|
|
27
26
|
# @route GET /admin/users/json
|
28
27
|
def admin_json
|
29
28
|
return if !user_is_allowed('users', 'view')
|
30
|
-
|
31
29
|
pager = PageBarGenerator.new(params, {
|
32
30
|
'site_id' => @site.id,
|
33
31
|
'first_name_like' => '',
|
@@ -50,7 +48,7 @@ module Caboose
|
|
50
48
|
# @route GET /admin/users/:id/json
|
51
49
|
def admin_json_single
|
52
50
|
return if !user_is_allowed('users', 'view')
|
53
|
-
u =
|
51
|
+
u = get_edit_user(params[:id], @site.id)
|
54
52
|
render :json => u.as_json(:include => :roles)
|
55
53
|
end
|
56
54
|
|
@@ -58,7 +56,7 @@ module Caboose
|
|
58
56
|
def admin_stripe_json_single
|
59
57
|
return if !user_is_allowed('users', 'view')
|
60
58
|
sc = @site.store_config
|
61
|
-
u =
|
59
|
+
u = get_edit_user(params[:id], @site.id)
|
62
60
|
render :json => {
|
63
61
|
:stripe_key => sc.stripe_publishable_key.strip,
|
64
62
|
:customer_id => u.stripe_customer_id,
|
@@ -83,17 +81,19 @@ module Caboose
|
|
83
81
|
# @route GET /admin/users/:id
|
84
82
|
def admin_edit
|
85
83
|
return if !user_is_allowed('users', 'edit')
|
86
|
-
@edituser =
|
84
|
+
@edituser = get_edit_user(params[:id], @site.id)
|
87
85
|
@all_roles = Role.tree(@site.id)
|
88
|
-
@roles = Role.roles_with_user(@edituser.id)
|
86
|
+
@roles = Role.roles_with_user(@edituser.id) if @edituser
|
87
|
+
redirect_to '/admin/users' if @edituser.nil?
|
89
88
|
end
|
90
89
|
|
91
90
|
# @route GET /admin/users/:id/roles
|
92
91
|
def admin_edit_roles
|
93
92
|
return if !user_is_allowed('users', 'edit')
|
94
|
-
@edituser =
|
93
|
+
@edituser = get_edit_user(params[:id], @site.id)
|
95
94
|
@all_roles = Role.tree(@site.id)
|
96
|
-
@roles = Role.roles_with_user(@edituser.id)
|
95
|
+
@roles = Role.roles_with_user(@edituser.id) if @edituser
|
96
|
+
redirect_to '/admin/users' if @edituser.nil?
|
97
97
|
end
|
98
98
|
|
99
99
|
# @route GET /admin/users/exports/:id/json
|
@@ -123,13 +123,14 @@ module Caboose
|
|
123
123
|
# @route GET /admin/users/:id/payment-method
|
124
124
|
def admin_edit_payment_method
|
125
125
|
return if !user_is_allowed('users', 'edit')
|
126
|
-
@edituser =
|
126
|
+
@edituser = get_edit_user(params[:id], @site.id)
|
127
127
|
end
|
128
128
|
|
129
129
|
# @route GET /admin/users/:id/password
|
130
130
|
def admin_edit_password
|
131
131
|
return if !user_is_allowed('users', 'edit')
|
132
|
-
@edituser =
|
132
|
+
@edituser = get_edit_user(params[:id], @site.id)
|
133
|
+
redirect_to '/admin/users' if @edituser.nil?
|
133
134
|
end
|
134
135
|
|
135
136
|
def random_string(length)
|
@@ -140,7 +141,8 @@ module Caboose
|
|
140
141
|
# @route GET /admin/users/:id/delete
|
141
142
|
def admin_delete_form
|
142
143
|
return if !user_is_allowed('users', 'edit')
|
143
|
-
@edituser =
|
144
|
+
@edituser = get_edit_user(params[:id], @site.id)
|
145
|
+
redirect_to '/admin/users' if @edituser.nil?
|
144
146
|
end
|
145
147
|
|
146
148
|
# @route POST /admin/users/import
|
@@ -237,7 +239,7 @@ module Caboose
|
|
237
239
|
return if !user_is_allowed('users', 'edit')
|
238
240
|
|
239
241
|
resp = StdClass.new
|
240
|
-
user =
|
242
|
+
user = get_edit_user(params[:id], @site.id)
|
241
243
|
|
242
244
|
save = true
|
243
245
|
params.each do |name,value|
|
@@ -318,18 +320,12 @@ module Caboose
|
|
318
320
|
resp.success = save && user.save
|
319
321
|
render json: resp
|
320
322
|
end
|
321
|
-
|
322
|
-
# @route POST /admin/users/:id/update-pic
|
323
|
-
def admin_update_pic
|
324
|
-
@edituser = User.find(params[:id])
|
325
|
-
@new_value = "Testing"
|
326
|
-
end
|
327
323
|
|
328
324
|
# @route DELETE /admin/users/bulk
|
329
325
|
def admin_bulk_delete
|
330
326
|
return unless user_is_allowed_to 'delete', 'users'
|
331
327
|
params[:model_ids].each do |user_id|
|
332
|
-
user =
|
328
|
+
user = get_edit_user(user_id, @site.id)
|
333
329
|
user.destroy if user
|
334
330
|
end
|
335
331
|
resp = Caboose::StdClass.new('success' => true)
|
@@ -339,9 +335,8 @@ module Caboose
|
|
339
335
|
# @route DELETE /admin/users/:id
|
340
336
|
def admin_delete
|
341
337
|
return if !user_is_allowed('users', 'delete')
|
342
|
-
user =
|
338
|
+
user = get_edit_user(params[:id], @site.id)
|
343
339
|
user.destroy
|
344
|
-
|
345
340
|
resp = StdClass.new({
|
346
341
|
'redirect' => '/admin/users'
|
347
342
|
})
|
@@ -351,8 +346,10 @@ module Caboose
|
|
351
346
|
# @route POST /admin/users/:id/roles/:role_id
|
352
347
|
def admin_add_to_role
|
353
348
|
return if !user_is_allowed('users', 'edit')
|
354
|
-
|
355
|
-
|
349
|
+
user = get_edit_user(params[:id], @site.id)
|
350
|
+
role = Role.where(:id => params[:role_id], :site_id => @site.id).first
|
351
|
+
if user && role && !RoleMembership.where(:user_id => user.id, :role_id => role.id).exists?
|
352
|
+
RoleMembership.create(:user_id => user.id, :role_id => role.id)
|
356
353
|
end
|
357
354
|
render :json => true
|
358
355
|
end
|
@@ -360,7 +357,11 @@ module Caboose
|
|
360
357
|
# @route DELETE /admin/users/:id/roles/:role_id
|
361
358
|
def admin_remove_from_role
|
362
359
|
return if !user_is_allowed('users', 'edit')
|
363
|
-
|
360
|
+
user = get_edit_user(params[:id], @site.id)
|
361
|
+
role = Role.where(:id => params[:role_id], :site_id => @site.id).first
|
362
|
+
if user && role
|
363
|
+
RoleMembership.where(:user_id => user.id, :role_id => role.id).destroy_all
|
364
|
+
end
|
364
365
|
render :json => true
|
365
366
|
end
|
366
367
|
|
@@ -377,33 +378,18 @@ module Caboose
|
|
377
378
|
# @route GET /admin/users/:id/su
|
378
379
|
def admin_su
|
379
380
|
return if !user_is_allowed('users', 'sudo')
|
380
|
-
user =
|
381
|
-
|
382
|
-
|
383
|
-
|
384
|
-
|
385
|
-
|
386
|
-
# logout_user
|
387
|
-
# login_user(user, false) # Login the new user
|
388
|
-
# redirect_to "/"
|
389
|
-
#end
|
390
|
-
#
|
391
|
-
## Set a random token for the user
|
392
|
-
#user.token = (0...20).map { ('a'..'z').to_a[rand(26)] }.join
|
393
|
-
#user.save
|
394
|
-
#
|
395
|
-
#redirect_to "http://#{d.site.primary_domain.domain}/admin/users/#{params[:id]}/su/#{user.token}"
|
396
|
-
|
397
|
-
logout_user
|
398
|
-
login_user(user, false) # Login the new user
|
399
|
-
redirect_to "/"
|
381
|
+
user = get_edit_user(params[:id], @site.id)
|
382
|
+
if user
|
383
|
+
logout_user
|
384
|
+
login_user(user, false)
|
385
|
+
redirect_to "/"
|
386
|
+
end
|
400
387
|
end
|
401
388
|
|
402
389
|
# @route GET /admin/users/:id/su/:token
|
403
390
|
def admin_su_token
|
404
391
|
return if params[:token].nil?
|
405
|
-
user =
|
406
|
-
|
392
|
+
user = get_edit_user(params[:id], @site.id)
|
407
393
|
token = params[:token]
|
408
394
|
if user.token == params[:token]
|
409
395
|
if logged_in? || logged_in_user.id == User::LOGGED_OUT_USER_ID
|
@@ -420,6 +406,14 @@ module Caboose
|
|
420
406
|
render :json => false
|
421
407
|
end
|
422
408
|
end
|
409
|
+
|
410
|
+
private
|
411
|
+
|
412
|
+
def get_edit_user(user_id, site_id)
|
413
|
+
user = User.find(user_id)
|
414
|
+
return user if user && (user.site_id == site_id || logged_in_user.is_super_admin?)
|
415
|
+
return nil
|
416
|
+
end
|
423
417
|
|
424
418
|
end
|
425
419
|
end
|
@@ -8,8 +8,9 @@ module Caboose
|
|
8
8
|
|
9
9
|
def locked_account(user)
|
10
10
|
@user = user
|
11
|
-
|
12
|
-
|
11
|
+
admin_email = user.site.contact_email
|
12
|
+
mail(:to => admin_email, :subject => "#{user.site.description} Locked Account") if !admin_email.blank?
|
13
|
+
end
|
13
14
|
|
14
15
|
end
|
15
16
|
end
|
@@ -51,12 +51,12 @@ module Caboose
|
|
51
51
|
resp.user = user
|
52
52
|
ll.success = true
|
53
53
|
else
|
54
|
-
resp.error = "
|
54
|
+
resp.error = "Your username or password is incorrect."
|
55
55
|
ll.success = false
|
56
56
|
end
|
57
57
|
|
58
58
|
else
|
59
|
-
resp.error = "
|
59
|
+
resp.error = "Your username or password is incorrect."
|
60
60
|
ll.success = false
|
61
61
|
end
|
62
62
|
|
@@ -3,11 +3,13 @@ class Caboose::BlockTypeCategory < ActiveRecord::Base
|
|
3
3
|
self.table_name = "block_type_categories"
|
4
4
|
|
5
5
|
belongs_to :parent, :foreign_key => 'parent_id', :class_name => 'Caboose::BlockTypeCategory'
|
6
|
-
has_many :children, :foreign_key => 'parent_id', :class_name => 'Caboose::BlockTypeCategory', :dependent => :destroy, :order => :
|
6
|
+
has_many :children, :foreign_key => 'parent_id', :class_name => 'Caboose::BlockTypeCategory', :dependent => :destroy, :order => :sort_order
|
7
7
|
has_many :block_types
|
8
8
|
attr_accessible :id,
|
9
9
|
:parent_id,
|
10
|
-
:name
|
10
|
+
:name,
|
11
|
+
:sort_order,
|
12
|
+
:show_in_sidebar
|
11
13
|
|
12
14
|
def self.layouts
|
13
15
|
self.where("name = ? and parent_id is null", 'Layouts').reorder(:name).all
|