caboose-cms 0.0.2

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,4 @@
+Caboose
+=======
+
+Ruby on rails content management system

data/Rakefile

@@ -0,0 +1,40 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Caboose'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test

data/app/assets/javascripts/caboose/application.js

@@ -0,0 +1,36 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require caboose_before
+//= require jquery
+//= require jquery_ujs
+//= require jquery-ui
+//= require class
+//= require model/model
+//= require model/attribute
+//= require model/form
+//= require model/form/embedded
+//= require model/attribute/checkbox-multiple
+//= require model/attribute/checkbox
+//= require model/attribute/date-time
+//= require model/attribute/file
+//= require model/attribute/hidden
+//= require model/attribute/image
+//= require model/attribute/password
+//= require model/attribute/radio
+//= require model/attribute/rich-text
+//= require model/attribute/select
+//= require model/attribute/texarea
+//= require model/attribute/textjs
+//= require model/attribute/time
+//= require model/attribute/video
+//= require caboose_after

data/app/assets/javascripts/caboose/login.js

@@ -0,0 +1,21 @@
+
+function login()
+{
+  $('#message').html("<p class='loading'>Logging in...</p>");
+
+	$.ajax({
+		url: '/login',
+		type: 'post',
+		data: $('#login_form').serialize(),
+		success: function(resp) {
+		  if (resp.error)
+		    $('#message').html("<p class='note error'>" + resp.error + "</p>");
+			else if (resp.redirect != false)
+				window.location = resp.redirect;
+		},
+		error: function() {	
+			$('#message').html("<p class='note error'>Error</p>"); 
+		}
+	});
+}
+

data/app/assets/javascripts/caboose/roles.js

@@ -0,0 +1,35 @@
+
+Caboose.Role = function(){};
+
+Caboose.Role.add = function()
+{
+  $('#message').html("<p class='loading'>Adding role...</p>");
+  
+  $.ajax({
+    url: '/roles',
+    type: 'post',
+    data: $('#new_role_form').serialize(),
+    success: Caboose.ajax_success,
+    error: Caboose.ajax_error
+  });
+};
+
+Caboose.Role.delete = function(role_id, confirm)
+{
+  if (!confirm)
+  {
+    Caboose.confirm({
+        message: "Are you sure you want to delete the role?  This can't be undone.",
+        yes: function() { Caboose.Role.delete(role_id, true) }
+    });
+    return;    
+  }
+  $('#message').html("<p class='loading'>Deleting role...</p>");
+	
+	$.ajax({
+		url: '/roles/' + role_id, 
+		type: 'delete',
+		success: Caboose.ajax_success,
+		error: Caboose.ajax_error
+	}); 
+};

data/app/assets/javascripts/caboose/users.js

@@ -0,0 +1,38 @@
+
+/*
+Nine
+Caboose.User = function(){};
+
+Caboose.User.add = function()
+{
+  $('#message').html("<p class='loading'>Adding user...</p>");
+  
+  $.ajax({
+    url: '/users',
+    type: 'post',
+    data: $('#new_user_form').serialize(),
+    success: Caboose.ajax_success,
+    error: Caboose.ajax_error
+  });
+};
+
+Caboose.User.delete = function(user_id, confirm)
+{
+  if (!confirm)
+  {
+    Caboose.confirm({
+        message: "Are you sure you want to delete the user?  This can't be undone.",
+        yes: function() { Caboose.User.delete(user_id, true) }
+    });
+    return;    
+  }
+  $('#message').html("<p class='loading'>Deleting user...</p>");
+	
+	$.ajax({
+		url: '/users/' + user_id, 
+		type: 'delete',
+		success: Caboose.ajax_success,
+		error: Caboose.ajax_error
+	}); 
+};
+*/

data/app/assets/stylesheets/caboose/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require caboose_before
+ *= require model
+ *= require caboose/caboose
+ *= require caboose_after
+ */

data/app/assets/stylesheets/caboose/caboose.css

@@ -0,0 +1,28 @@
+
+body {
+  font-family: Helvetica, Tahoma, Arial;  
+}
+
+#wrapper {
+  width: 960px; 
+}
+
+.page_links {
+  
+}
+
+.page_links a {
+  display: inline-block;
+  padding: 4px 8px;
+  border: #efefef 1px solid;
+}
+
+.page_links .middle_links a {
+  
+}
+
+.page_links span.current_page {
+  display: inline-block;
+  padding: 4px 8px;
+  font-weight: bold;
+}

data/app/controllers/caboose/admin_controller.rb

@@ -0,0 +1,19 @@
+
+module Caboose
+  class AdminController < ApplicationController
+      
+    # GET /admin
+    def index
+      return if !user_is_allowed('admin', 'view')
+      
+      @mods = [
+        { 'href' => '/admin/users'        , 'text' => 'Users' },
+        { 'href' => '/admin/roles'        , 'text' => 'Roles' },
+        { 'href' => '/admin/permissions'  , 'text' => 'Permissions' }
+      ]
+      @mods = Caboose.plugin_hook('admin_nav', @mods)
+      
+    end
+    
+  end
+end

data/app/controllers/caboose/application_controller.rb

@@ -0,0 +1,109 @@
+module Caboose
+  class ApplicationController < ActionController::Base
+
+    protect_from_forgery  
+    before_filter :before_before_action
+    
+    def before_before_action
+      
+      # Try to find the page 
+      @page = Page.page_with_uri(request.fullpath)
+      
+      session['use_redirect_urls'] = true if session['use_redirect_urls'].nil?
+      
+      @crumb_trail  = Caboose::Page.crumb_trail(@page)
+		  @subnav       = {}
+      @actions      = {}
+      @tasks        = {}
+      @page_tasks   = {}
+      @is_real_page = false
+      
+      # Sets an instance variable of the logged in user
+      @logged_in_user = logged_in_user
+      
+      before_action
+    end
+    
+    # To be overridden by the child controllers
+    def before_action      
+    end
+    
+    # Logs in a user
+    def login_user(user)
+      session["app_user"] = user
+    end
+    
+    # Returns whether or not a user is logged in
+    def logged_in?
+      #return true if !session["app_user"].nil? && session["app_user"].id != -1
+      validate_token
+      return true if !session["app_user"].nil? && session["app_user"].id != -1    
+      return false
+    end
+    
+    # Checks to see if a token is given. If so, it tries to validate the token 
+    # and log the user in.
+    def validate_token
+      token = params[:token]
+      return false if token.nil?
+      
+      user = User.validate_token(token)
+      return false if user.nil?
+     
+      login_user(user)
+      return true
+    end
+    
+    # Returns the currently logged in user
+    def logged_in_user
+      if (!logged_in?)
+        return User.find(User::LOGGED_OUT_USER_ID)
+      end
+      #return nil if !logged_in?
+      return session["app_user"]
+    end
+    
+    # Checks to see if a user has permission to perform the given action 
+    # on the given resource.
+    # Redirects to login if not logged in.
+    # Redirects to error page with message if not allowed.
+    def user_is_allowed(resource, action)
+      if (!logged_in?)
+        redirect_to "/login?return_url=" + URI.encode(request.fullpath)
+        return
+      end
+      
+      @user = logged_in_user
+      if (!@user.is_allowed(resource, action))
+        @error = "You don't have permission to " + action + " " + resource
+        render :template => "caboose/extras/error"
+        return false
+      end
+      
+      return true    
+    end
+    
+    # Removes a given parameter from a URL querystring
+    def reject_param(url, param)
+      arr = url.split('?')
+      return url if (arr.count == 1)
+      qs = arr[1].split('&').reject { |pair| pair.split(/[=;]/).first == param }
+      url2 = arr[0]
+      url2 += "?" + qs.join('&') if qs.count > 0 
+      return url2
+    end
+    
+    #def auth_or_error(message)
+    #  if (!logged_in?)
+    #    redirect_to "/login?return_url=#{request.request_uri}" and return false
+    #  end
+    #  redirect_to "/error?message=#{message}"
+    #end
+    
+    def var(key)
+      v = Var.where(:key => key).first
+        return "" if v.nil?    
+      return v.val
+    end
+  end
+end

data/app/controllers/caboose/login_controller.rb

@@ -0,0 +1,40 @@
+module Caboose
+  class LoginController < Caboose::ApplicationController
+    
+    # GET /login
+    def index
+      @return_url = params[:return_url].nil? ? "/" : params[:return_url];
+      redirect_to @return_url if logged_in?
+    end
+    
+    # POST /login
+    def login
+      
+      @resp = StdClass.new('error' => '', 'redirect' => '')
+      @return_url = params[:return_url].nil? ? "/" : params[:return_url]
+      
+      if (logged_in?)
+        @resp.error = "Already logged in"
+      else
+        @username = params[:username]
+        @password = params[:password]
+                           
+        if (@username.nil? || @password.nil? || @password.strip.length == 0)
+          @resp.error = "Invalid credentials"
+        else
+          
+          @password = Digest::SHA1.hexdigest(Caboose::salt + @password)
+          user = User.where(:username => @username, :password => @password).first
+          
+          if (user.nil?)
+            @resp.error = "Invalid credentials"
+          else
+            login_user(user)
+            @resp.redirect = @return_url
+          end
+        end
+      end
+      render json: @resp
+    end
+  end
+end

data/app/controllers/caboose/logout_controller.rb

@@ -0,0 +1,9 @@
+module Caboose
+  class LogoutController < ApplicationController
+    # GET /logout
+    def index
+      reset_session
+      redirect_to "/"    
+    end
+  end
+end

data/app/controllers/caboose/pages_controller.rb

@@ -0,0 +1,304 @@
+
+module Caboose
+  class PagesController < ApplicationController
+    
+    def before_action
+      @page = Page.page_with_uri('/admin')
+    end
+    
+    # GET /pages
+    def index      
+    end
+    
+    # GET /pages/:id
+    def show
+      
+      # Find the page with an exact URI match 
+      page = Page.page_with_uri(request.fullpath, false)
+      Caboose.log(page)
+      
+		  if (!page)
+		  	asset
+		  	return
+		  end		  
+		  
+		  user = logged_in_user
+		  if (!user.is_allowed(page, 'view'))
+		  	if (user.id == User.LOGGED_OUT_USER_ID)	
+		  	  redirect_to "/login?return_url=" + URI.encode(request.fullpath)		  		
+		  		return
+		  	else
+		  		page.title = 'Access Denied'
+		  		page.content = "<p class='note error'>You do not have access to view this page.</p>"
+		  	end
+		  end
+      
+		  if (session['use_redirect_urls'] && !page.redirect_url.nil? && page.redirect_url.strip.length > 0)
+		    redirect_to page.redirect_url
+		  	return
+		  end
+		  
+		  page.content = Caboose.plugin_hook('page_content', page.content)
+		  @page = page
+		  @user = user
+		  is_admin = @user.is_allowed('all', 'all')
+		  
+		  @crumb_trail = Caboose::Page.crumb_trail(@page)
+		  @subnav = Caboose::Page.subnav(@page, session['use_redirect_urls'], @user)
+      @actions = Caboose::Page.permissible_actions(@user.id, @page.id)
+      @tasks = {}
+      @page_tasks = {}
+      
+      if (@actions.include?('edit') || is_admin)
+      	@page_tasks["/pages/#{@page.id}/sitemap"]       = 'Site Map This Page'
+      	@page_tasks["/pages/#{@page.id}/edit"]          = 'Edit Page Content'
+      	@page_tasks["/pages/#{@page.id}/edit-settings"] = 'Edit Page Settings'
+      end
+      if (@user.is_allowed('pages', 'add') || is_admin)
+        @page_tasks["/pages/new?parent_id=#{@page.id}"] = 'New Page'
+      end
+      
+      #@subnav.links = @tasks.collect {|href, task| {'href' => href, 'text' => task, 'is_current' => uri == href}}
+  
+    end
+    
+    def asset   
+         
+      uri = uri.to_s.gsub(/^(.*?)\?.*?$/, '\1')
+      uri.chop! if uri.end_with?('/')
+      uri[0] = '' if uri.starts_with?('/')
+    	
+      page = Page.page_with_uri(File.dirname(uri), false)
+      if (page.nil? || !page)
+        render :file => "caboose/extras/error404", :layout => "caboose/error404" 
+        return
+      end
+        
+		  asset = Asset.where(:page_id => page.id, :filename => File.basename(uri)).first
+		  if (asset.nil?)
+		    render :file => "caboose/extras/error404", :layout => "caboose/error404"
+		    return
+		  end
+		  
+		  user = logged_in_user
+		  if (!Page.is_allowed(user, asset.page_id, 'view'))
+		    render "caboose/pages/asset_no_permission"
+		    return
+		  end
+		  
+		  Caboose.log(Caboose::assets_path, 'Caboose::assets_path')
+		  path = Caboose::assets_path.join("#{asset.id}.#{asset.extension}")
+		  Caboose.log("Sending asset #{path}")
+		  #send_file(path)
+		  #send_file(path, :filename => "your_document.pdf", :type => "application/pdf")
+		  		    
+		  #
+		  #$path = ASSETS_PATH ."/". $asset->id .".". $asset->extension
+		  #		
+		  #$finfo = finfo_open(FILEINFO_MIME_TYPE) // return mime type ala mimetype extension
+		  #$mime = finfo_file($finfo, $path)
+		  #finfo_close($finfo)
+      #
+		  #header("X-Sendfile: $path")
+		  #header("Content-Type: $mime")
+		  #header("Content-Disposition: inline filename=\"$asset->filename\"")
+
+    end
+    
+    # GET /pages/new
+    def new
+      return if !user_is_allowed('pages', 'add')
+      @pages = Page.new
+      @parent_id = params[:parent_id].nil? ? params[:parent_id] : -1
+      render :layout => 'caboose/caboose'
+    end
+    
+    # GET /pages/1/edit
+    def edit
+      return if !user_is_allowed('pages', 'edit')
+      @page = Page.find(params[:id])
+      render :layout => 'caboose/caboose'
+    end
+    
+    # POST /pages
+    def create
+      return if !user_is_allowed('pages', 'add')
+      
+      resp = Caboose::StdClass.new({
+          'error' => nil,
+          'redirect' => nil
+      })
+      
+      parent_id = params[:parent_id]
+      title = params[:title] 
+      
+      if (title.strip.length == 0)
+        resp.error = "A page title is required."
+      elsif (!logged_in_user.is_allowed('all', 'all') && 
+        !Page.page_ids_with_permission(logged_in_user, 'edit'   ).include?(parent_id) &&
+        !Page.page_ids_with_permission(logged_in_user, 'approve').include?(parent_id))
+        resp.error = "You don't have permission to add a page there."
+      end
+      if (!resp.error.nil?)
+        render json: resp
+        return
+      end
+				
+		  parent = Caboose::Page.find(parent_id)
+		  		
+		  page = Caboose::Page.new
+		  page.title = title
+		  page.parent_id = parent_id
+		  page.hide = true
+		  page.content_format = Caboose::Page::CONTENT_FORMAT_HTML
+		  
+		  i = 0
+		  begin 
+		    page.slug = Page.slug(page.title + (i > 0 ? " #{i}" : ""))
+		    page.uri = parent.parent_id == -1 ? page.slug : "#{parent.uri}/#{page.slug}"
+		    i = i+1
+		  end while (Page.where(:uri => page.uri).count > 0 && i < 10)
+
+		  page.save
+				
+		  # Set the new page's permissions		  
+		  viewers = Caboose::PagePermission.where({ :page_id => parent.id, :action => 'view' }).pluck(:role_id)
+		  editors = Caboose::PagePermission.where({ :page_id => parent.id, :action => 'edit' }).pluck(:role_id)
+		  Caboose::Page.update_authorized_for_action(page.id, 'view', viewers)
+		  Caboose::Page.update_authorized_for_action(page.id, 'edit', editors)
+
+		  # Send back the response
+		  resp.redirect = "/pages/#{page.id}/edit"
+      render json: resp
+    end
+    
+    # PUT /pages/1
+    def update
+      return if !user_is_allowed('pages', 'edit')
+      
+      resp = StdClass.new({'attributes' => {}})
+      page = Page.find(params[:id])
+      
+      save = true
+      user = logged_in_user
+      params.each do |name,value|
+    	  case name
+    	    when 'parent_id'      
+		    		if (page.id == value)
+		    			resp.error = "The page's parent cannot be itself."
+		    		elsif (Page.is_child(page.id, value))
+		    			resp.error = "You can't set the current page's parent to be one of its child pages."
+		    		elsif (value != page.parent_id)
+		    		  p = Page.find(value)
+		    		  if (!user.is_allowed(p, 'edit'))
+		    		    resp.error = "You don't have access to put the current page there."
+		    		  end
+		    		end		  		
+		    		if (resp.error.length > 0)
+		    		  save = false
+		    		else		  		
+		    			parent = Page.find(value)
+		    			Page.update_parent(page.id, value)
+		    			resp.attributes['parent_id'] = { 'text' => parent.title }
+		    		end
+		    		
+		    	when 'title', 'menu_title', 'alias', 'redirect_url', 'hide', 
+		    	  'content_format', 'custom_css', 'custom_js', 'layout',
+		    	  'seo_title', 'meta_description', 'fb_description', 'gp_description', 'canonical_url'
+		    	  
+		    	  page[name.to_sym] = value
+		    	  
+		    	when 'meta_robots'
+		    	  if (value.include?('index') && value.include?('noindex'))
+		    	    resp.error = "You can't have both index and noindex"
+		    	    save = false
+		    	  elsif (value.include?('follow') && value.include?('nofollow'))
+		    	    resp.error = "You can't have both follow and nofollow"
+		    	    save = false
+		    	  else
+		    	    page.meta_robots = value.join(', ')
+		    	    resp.attributes['meta_robots'] = { 'text' => page.meta_robots }
+		    	  end
+		    	  
+		    	when 'content'
+		    		page.content = value.strip.gsub(/<meta.*?>/, '').gsub(/<link.*?>/, '').gsub(/\<\!--[\S\s]*?--\>/, '')
+		    		
+		    	when 'slug' 
+		    		page.slug = Page.slug(value.strip.length > 0 ? value : page.title)
+		    		resp.attributes['slug'] = { 'value' => page.slug }
+		    				    		
+		    	when 'custom_sort_children'
+		    		if (value == 0)
+		    		  page.children.each do |p|
+		    				p.sort_order = 1
+		    				p.save
+		    			end
+		    		end
+		    		page.custom_sort_children = value 		    		
+		    		
+		    	when 'viewers'
+		    	  Page.update_authorized_for_action(page.id, 'view', value)
+		    	when 'editors'
+		    	  Page.update_authorized_for_action(page.id, 'edit', value)
+		    	when 'approvers'
+		    	  Page.update_authorized_for_action(page.id, 'approve', value)
+		    end
+		  end
+		    
+    	resp.success = save && page.save
+    	render json: resp
+    end
+      
+    # DELETE /pages/1
+    def destroy
+      return if !user_is_allowed('pages', 'delete')
+      user = Page.find(params[:id])
+      user.destroy
+      
+      resp = StdClass.new({
+        'redirect' => '/pages'
+      })
+      render json: resp
+    end
+    
+    def sitemap_options
+		  parent_id = params[:parent_id]
+		  top_page = Page.index_page
+		  p = !parent_id.nil? ? Page.find(parent_id) : top_page
+		  options = []
+		  sitemap_helper(top_page, options)
+		 	  
+		  render json: options 		
+		end
+		
+		def sitemap_helper(page, options, prefix = '')
+		  options << { 'value' => page.id, 'text' => prefix + page.title }
+		  page.children.each do |kid|
+		    sitemap_helper(kid, options, prefix + ' - ')
+		  end
+		end
+		
+		def robots_options
+		  options = [
+		    { 'value' => 'index'      , 'text' => 'index'      },
+		    { 'value' => 'noindex'    , 'text' => 'noindex'    },
+		    { 'value' => 'follow'     , 'text' => 'follow'     },
+		    { 'value' => 'nofollow'   , 'text' => 'nofollow'   },
+		    { 'value' => 'nosnippet'  , 'text' => 'nosnippet'  },
+		    { 'value' => 'noodp'      , 'text' => 'noodp'      },
+		    { 'value' => 'noarchive'  , 'text' => 'noarchive'  }
+		  ]
+		  render json: options 		
+		end
+		
+		def content_format_options
+		  options = [
+		    { 'value' => 'html', 'text' => 'html' },
+		    { 'value' => 'text', 'text' => 'text' },
+		    { 'value' => 'ruby', 'text' => 'ruby' }
+		  ]
+		  render json: options 		
+		end
+		
+  end
+end