camaleon_cms 1.0.4 → 1.0.5

data/app/assets/javascripts/admin/post.js

@@ -168,7 +168,7 @@ function init_post(obj){
         }
     });
 
-    tinymce.init($.extend({}, DATA.tiny_mce.advanced, {selector: '.tinymce_textarea:not(.translated-item)', language: CURRENT_LOCALE, height: '480px', onPostRender: onEditorPostRender}));
+    tinymce.init(cama_get_tinymce_settings({selector: '.tinymce_textarea:not(.translated-item)', height: '480px', onPostRender: onEditorPostRender}));
 
     $form.validate();
     /*
@@ -182,7 +182,7 @@ function init_post(obj){
     $("#post_status").change(function(){
         $('#post-actions .btn[data-type]').hide();
         $('#post-actions .btn[data-type="'+ $(this).val() +'"]').show();
-    })
+    });
 
     // here all later actions
     var form_later_actions = function(){

data/app/assets/stylesheets/admin/admin-manifest.css

@@ -18,8 +18,7 @@
  *= require ./elfinder/elfinder-theme
  *= require ./bootstrap-datetimepicker
  *= require ./bootstrap-datepicker
- *= require ./tageditor/jquery.tag-editor
- *= require ./grid-editor
  *= require ./introjs/introjs.min
+ *= require ./tageditor/jquery.tag-editor
  */
 

data/app/assets/stylesheets/admin/custom_admin.css.scss

@@ -158,9 +158,11 @@
   }
 }
 
+// intro js custom
 .main-header.introjs-fixParent{
   width: 100%;
   .navbar{
     width: 100%;
   }
-}
+}
+//.introjs-skipbutton{ display: none; }

data/app/controllers/admin/sessions_controller.rb

@@ -28,15 +28,15 @@ class Admin::SessionsController < CamaleonController
     @user = current_site.users.find_by_username(data_user[:username])
     captcha_validate = captcha_verify_if_under_attack("login")
     r = {user: @user, params: params, password: data_user[:password], captcha_validate: captcha_validate}; hooks_run("user_before_login", r)
-    if captcha_validate && @user &&  @user.authenticate(data_user[:password])
+    if captcha_validate && @user && @user.authenticate(data_user[:password])
       captcha_reset_attack("login")
       login_user(@user, params[:remember_me].present?)
     else
       captcha_increment_attack("login")
       if captcha_validate
-        flash[:error] =  t('admin.login.message.fail')
+        flash[:error] = t('admin.login.message.fail')
       else
-        flash[:error] =  "Invalid captcha"
+        flash[:error] = "Invalid captcha"
       end
       @user = current_site.users.new(data_user)
       render 'admin/sessions/login'
@@ -91,7 +91,7 @@ class Admin::SessionsController < CamaleonController
         html = "<p>#{t('admin.login.message.hello')}, <b>#{@user.fullname}</b></p>
             <p>#{t('admin.login.message.reset_url')}:</p>
             <p><a href='#{reset_url}'><b>#{reset_url}</b></a></p> "
-        sendmail(@user.email,t('admin.login.message.subject_email'), html)
+        sendmail(@user.email, t('admin.login.message.subject_email'), html)
 
         flash[:notice] = t('admin.login.message.send_mail_succes')
         redirect_to admin_login_path
@@ -112,21 +112,28 @@ class Admin::SessionsController < CamaleonController
       user_data = params[:user]
 
       @user = current_site.users.new(user_data)
-      r = {user: @user, params: params}; hooks_run("user_before_register", r)
-      if captcha_verified? && @user.save
-        @user.set_meta_from_form(params[:meta])
-        r = {user: @user, message: t('admin.users.message.created'), redirect_url: admin_login_path}; hooks_run("user_after_register", r)
-        flash[:notice] = r[:message]
-        redirect_to r[:redirect_url]
-      else
+      r = {user: @user, params: params}; hooks_run('user_before_register', r)
+
+      if current_site.security_user_register_captcha_enabled? && !captcha_verified?
         @first_name = params[:meta][:first_name]
         @last_name = params[:meta][:last_name]
 
-        @user.errors[:captcha]  = t('admin.users.message.error_captcha')
-        render "register"
+        @user.errors[:captcha] = t('admin.users.message.error_captcha')
+        render 'register'
+      else
+        if @user.save
+          @user.set_meta_from_form(params[:meta])
+          r = {user: @user, message: t('admin.users.message.created'), redirect_url: admin_login_path}; hooks_run('user_after_register', r)
+          flash[:notice] = r[:message]
+          redirect_to r[:redirect_url]
+        else
+          @first_name = params[:meta][:first_name]
+          @last_name = params[:meta][:last_name]
+          render 'register'
+        end
       end
     else
-      render "register"
+      render 'register'
     end
   end
 

data/app/controllers/admin/users_controller.rb

@@ -8,7 +8,7 @@
 =end
 class Admin::UsersController < AdminController
   before_action :validate_role, except: [:profile, :profile_edit]
-  before_action :set_user, only: ['show','edit','update','destroy']
+  before_action :set_user, only: ['show', 'edit', 'update', 'destroy']
 
   def index
     @users = current_site.users.paginate(:page => params[:page], :per_page => current_site.admin_per_page)
@@ -31,7 +31,7 @@ class Admin::UsersController < AdminController
 
     if params[:password]
       if @user.authenticate(params[:password][:password_old])
-         render json: @user.update(params[:password]) ? {message: 'update'} : {errors: @user.errors.full_messages.join(', ')}
+        render json: @user.update(params[:password]) ? {message: 'update'} : {errors: @user.errors.full_messages.join(', ')}
       else
         render json: {errors: t('admin.users.message.incorrect_old_password')}
       end
@@ -44,14 +44,17 @@ class Admin::UsersController < AdminController
 
   def edit
     admin_breadcrumb_add("#{t('admin.button.edit')}")
-    render 'form'
+    r = {user: @user, render: 'form' }
+    hooks_run('user_edit', r)
+    render r[:render]
   end
 
   def update
     if @user.update(params[:user])
       @user.set_meta_from_form(params[:meta]) if params[:meta].present?
       @user.set_field_values(params[:field_options])
-      flash[:notice] = t('admin.users.message.updated')
+      r = {user: @user, message: t('admin.users.message.updated'), params: params}; hooks_run('user_after_edited', r)
+      flash[:notice] = r[:message]
       redirect_to action: :index
     else
       render 'form'

data/app/controllers/api/api_controller.rb

@@ -0,0 +1,28 @@
+class Api::ApiController < ActionController::Base
+  include CamaleonHelper
+  include SessionHelper
+  include SiteHelper
+  include HtmlHelper
+  include UserRolesHelper
+  include ShortCodeHelper
+  include PluginsHelper
+  include ThemeHelper
+  include HooksHelper
+  include ContentHelper
+  include CaptchaHelper
+  include UploaderHelper
+
+  before_action -> { doorkeeper_authorize! :client }
+  respond_to :json
+
+  def account
+    render json: current_resource_owner
+  end
+
+  private
+
+  def current_resource_owner
+    User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
+  end
+
+end

data/app/controllers/api/v1/category_controller.rb

@@ -0,0 +1,7 @@
+class Api::V1::CategoryController < Api::ApiController
+
+  def categories
+    render json: current_site.full_categories
+  end
+
+end

data/app/controllers/api/v1/page_controller.rb

@@ -0,0 +1,8 @@
+class Api::V1::PageController < Api::ApiController
+
+  def index
+    post_type = current_site.post_types.find_by_slug('page')
+    render json: post_type.posts
+  end
+
+end

data/app/controllers/api/v1/post_controller.rb

@@ -0,0 +1,8 @@
+class Api::V1::PostController < Api::ApiController
+
+  def index
+    post_type = current_site.post_types.find_by_slug('post')
+    render json: post_type.posts
+  end
+
+end

data/app/controllers/concerns/frontend_concern.rb

@@ -9,23 +9,7 @@
 module FrontendConcern extend ActiveSupport::Concern
   # visiting sitemap.xml
   def sitemap
-    path = Rails.root.join("public", "sitemaps", current_site.slug, "sitemap.xml")
-    if File.exists?(path)
-      respond_to do |format|
-        format.html do
-          @xml = File.read(path)
-          render "sitemap"
-        end
-        format.xml { render(xml: open(path).read) }
-      end
-    else
-      Thread.abort_on_exception=true
-      Thread.new do
-        %x(rake camaleon_cms:sitemap)
-        ActiveRecord::Base.connection.close
-      end
-      render text: "Sitemap not found. Generating... Please wait and refresh later.", status: :not_found
-    end
+
   end
 
   # accessing for robots.txt

data/app/decorators/category_decorator.rb

@@ -24,7 +24,7 @@ class CategoryDecorator < TermTaxonomyDecorator
   # in return object, you can add custom where's or pagination like here:
   # http://edgeguides.rubyonrails.org/active_record_querying.html
   def the_categories
-    object.categories
+    object.children
   end
 
   # return a child category from this category with id (integer) or by slug (string)

data/app/helpers/camaleon_helper.rb

@@ -71,4 +71,19 @@ module CamaleonHelper
   def is_admin_request?
     !(@_admin_menus.nil?)
   end
+
+  # generate loop categories html sitemap links
+  # this is a helper for sitemap generator to print categories, sub categories and post contents in html list format
+  def cama_sitemap_cats_generator(cats)
+    res = []
+    cats.decorate.each do |cat|
+      res_posts = []
+      cat.the_posts.decorate.each do |post|
+        res_posts << "<li><a href='#{post.the_url}'>#{post.the_title}</a></li>"
+      end
+      res << "<li><h4><a href='#{cat.the_url}'>#{cat.the_title}</a></h4><ul>#{res_posts.join("")}</ul></li>"
+      res << cama_sitemap_cats_generator(cat.the_categories)
+    end
+    res.join("")
+  end
 end

data/app/helpers/html_helper.rb

@@ -112,6 +112,7 @@ module HtmlHelper
     libs[:validate] = {js: ['admin/jquery.validate']}
     libs[:nav_menu] = {css: ['admin/nestable/jquery.nestable', "admin/nav-menu"], js: ["admin/jquery.nestable", 'admin/nav-menu']}
     libs[:elfinder_front] = {js: ['elfinder_front.js']}
+    libs[:admin_intro] = {js: ['admin/introjs/intro.min'], css: ["admin/introjs/introjs.min"]}
     libs
   end
 end

data/app/helpers/session_helper.rb

@@ -11,7 +11,7 @@ module SessionHelper
   # user: User model
   # remember_me: true/false (remember session permanently)
   def login_user(user, remember_me = false, redirect_url = nil)
-    c = {value: [user.auth_token, request.user_agent, request.ip], expires: 24.hours.from_now }
+    c = {value: [user.auth_token, request.user_agent, request.ip], expires: 24.hours.from_now}
     # c[:domain] = :all if PluginRoutes.system_info["users_share_sites"].present? && Site.main_site.get_meta("share_sessions", true) && !cookies[:login].present?
     c[:domain] = :all if PluginRoutes.system_info["users_share_sites"].present? && Site.count > 1
     c[:expires] = 1.month.from_now if remember_me
@@ -33,9 +33,24 @@ module SessionHelper
     end
   end
 
+  def login_user_with_password(username, password, remember_me=false, redirect_url = nil)
+    data_user = {}
+    cipher = Gibberish::AES::CBC.new(get_session_id)
+    data_user[:password] = cipher.decrypt(password) rescue nil
+    @user = current_site.users.find_by_username(username)
+    r = {user: @user, params: params, password: data_user[:password], captcha_validate: true}; hooks_run('user_before_login', r)
+    if @user && @user.authenticate(data_user[:password])
+      login_user(@user, remember_me, redirect_url)
+    else
+      #TODO change flash error
+      #flash[:error] =  t('admin.login.message.fail')
+    end
+    @user if @user
+  end
+
   # check if current host is heroku
   def on_heroku?
-    ENV.keys.any? {|var_name| var_name.match(/(heroku|dyno)/i) }
+    ENV.keys.any? { |var_name| var_name.match(/(heroku|dyno)/i) }
   end
 
   # switch current session user into other (user)
@@ -73,7 +88,7 @@ module SessionHelper
   # return the role for current user
   # if not logged in, then return 'public'
   def current_role
-    (signin?)? current_user.role : 'public'
+    (signin?) ? current_user.role : 'public'
   end
 
   # return current user logged in

data/app/models/site.rb

@@ -9,7 +9,7 @@
 class Site < TermTaxonomy
   # attrs: [name, description, slug]
   default_scope { where(taxonomy: :site).reorder(term_group: :desc) }
-  has_many :metas, ->{ where(object_class: 'Site')}, :class_name => "Meta", foreign_key: :objectid, dependent: :destroy
+  has_many :metas, -> { where(object_class: 'Site') }, :class_name => "Meta", foreign_key: :objectid, dependent: :destroy
   has_many :post_types, :class_name => "PostType", foreign_key: :parent_id, dependent: :destroy
   has_many :nav_menus, :class_name => "NavMenu", foreign_key: :parent_id, dependent: :destroy
   has_many :widgets, :class_name => "Widget::Main", foreign_key: :parent_id, dependent: :destroy
@@ -43,7 +43,7 @@ class Site < TermTaxonomy
 
   #select full_categories for the site, include all children categories
   def full_categories
-   Category.where({term_group: self.id})
+    Category.where({term_group: self.id})
   end
 
   # all post_tags for this site
@@ -111,6 +111,11 @@ class Site < TermTaxonomy
     get_option("comment_status", "pending")
   end
 
+  # security: user register form show captcha?
+  def security_user_register_captcha_enabled?
+    get_option('security_captcha_user_register', true) == true
+  end
+
   # auto create default user roles
   def set_default_user_roles(post_type = nil)
     user_role = self.user_roles.where({slug: 'admin', term_group: -1}).first_or_create({name: 'Administrator', description: 'Default roles admin'})
@@ -134,7 +139,7 @@ class Site < TermTaxonomy
         }
       else
         pts = self.post_types.all.pluck(:id)
-        UserRole::ROLES[:post_type].each { |value| d[value[:key]] = pts}
+        UserRole::ROLES[:post_type].each { |value| d[value[:key]] = pts }
       end
 
       user_role.set_meta("_post_type_#{self.id}", d || {})
@@ -151,7 +156,7 @@ class Site < TermTaxonomy
         }
       else
         pts = self.post_types.all.pluck(:id)
-        UserRole::ROLES[:post_type].each { |value| d[value[:key]] = pts  if value[:key].to_s == 'edit'}
+        UserRole::ROLES[:post_type].each { |value| d[value[:key]] = pts if value[:key].to_s == 'edit' }
       end
 
       user_role.set_meta("_post_type_#{self.id}", d || {})
@@ -177,6 +182,7 @@ class Site < TermTaxonomy
   def main_site?
     @_is_default_site ||= (Site.first.id == self.id)
   end
+
   alias_method :is_default?, :main_site?
 
   # list all users of current site
@@ -184,7 +190,7 @@ class Site < TermTaxonomy
     if PluginRoutes.system_info["users_share_sites"]
       User.where(site_id: -1)
     else
-      User.where(site_id: self.id)#.where("site_id = ? or role = ?", self.id, 'admin')
+      User.where(site_id: self.id) #.where("site_id = ? or role = ?", self.id, 'admin')
     end
   end
 
@@ -233,7 +239,7 @@ class Site < TermTaxonomy
 
   # default structure for each new site
   def default_settings
-    default_post_type =     [
+    default_post_type = [
         {
             name: 'Post',
             description: 'Posts',
@@ -266,10 +272,10 @@ class Site < TermTaxonomy
 
     default_post_type.each do |pt|
       model_pt = self.post_types.create({
-                                     name: pt[:name],
-                                     slug: pt[:name].to_s.parameterize,
-                                     description: pt[:description]
-                                 })
+                                            name: pt[:name],
+                                            slug: pt[:name].to_s.parameterize,
+                                            description: pt[:description]
+                                        })
       if model_pt.valid?
         model_pt.set_meta('_default', pt[:options])
         if pt[:options][:has_category]
@@ -294,7 +300,7 @@ class Site < TermTaxonomy
           content = "<p style='text-align: center;'><img width='155' height='155' src='http://camaleon.tuzitio.com/media/132/logo2.png' alt='logo' /></p><p><strong>Camaleon CMS</strong>&nbsp;is a free and open-source tool and a fexible content management system (CMS) based on <a href='rubyonrails.org'>Ruby on Rails 4</a>&nbsp;and MySQL.&nbsp;</p> <p>With Camaleon you can do the following:</p> <ul> <li>Create instantly a lot of sites&nbsp;in the same installation</li> <li>Manage your content information in several languages</li> <li>Extend current functionality by&nbsp;plugins (MVC structure and no more echo or prints anywhere)</li> <li>Create or install different themes for each site</li> <li>Create your own structure without coding anything (adapt Camaleon as you want&nbsp;and not you for Camaleon)</li> <li>Create your store and start to sell your products using our plugins</li> <li>Avoid web attacks</li> <li>Compare the speed and enjoy the speed of your new Camaleon site</li> <li>Customize or create your themes for mobile support</li> <li>Support&nbsp;more visitors at the same time</li> <li>Manage your information with a panel like wordpress&nbsp;</li> <li>All urls are oriented for SEO</li> <li>Multiples roles of users</li> </ul>"
         end
         user = self.users.admin_scope.first
-        user = self.users.admin_scope.create({email: 'admin@local.com', username: 'admin', password: 'admin', password_confirmation: 'admin' }) unless user.present?
+        user = self.users.admin_scope.create({email: 'admin@local.com', username: 'admin', password: 'admin', password_confirmation: 'admin'}) unless user.present?
         post = pt.posts.create({title: title, slug: slug, content: content, user_id: user.id, status: 'published'})
         @nav_menu.append_menu_item({label: title, type: 'post', link: post.id})
       end

data/app/views/admin/posts/_sidebar.html.erb

@@ -50,11 +50,13 @@
                 </select>
             </div>
             <!-- templates -->
-            <% if @post.manage_template?(@post_type) && (template_files = get_list_template_files).present? %>
-                <div class="form-group">
-                    <label class="control-label"><%= t('admin.post_type.template')%></label>
-                    <%= select("meta", "template", template_files, { include_blank: true, selected: (params[:meta][:template] rescue false || @post.meta[:template] ) }, {class: 'form-control'}) %>
-                </div>
+            <% if @post.manage_template?(@post_type) %>
+                <% if (template_files = get_list_template_files).present? %>
+                  <div class="form-group">
+                      <label class="control-label"><%= t('admin.post_type.template')%></label>
+                      <%= select("meta", "template", template_files, { include_blank: true, selected: (params[:meta][:template] rescue false || @post.meta[:template] ) }, {class: 'form-control'}) %>
+                  </div>
+                <% end %>
 
                 <!-- layouts -->
                 <% if (layout_files = get_list_layouts_files).present? %>
@@ -90,7 +92,7 @@
             </div>
         </div>
     <% end %>
-    <% if @post_type.manage_tags?%>
+    <% if @post_type.manage_tags? %>
         <div class="panel panel-default panel-lite">
             <div class="panel-heading">
                 <h3 class="panel-title"><%= t('admin.post_type.tags')%></h3>
@@ -133,4 +135,4 @@
             </div>
         </div>
     <% end %>
-</div>
+</div>

data/app/views/admin/posts/form.html.erb

@@ -8,7 +8,10 @@
                 <div class="panel-heading">
                     <h4 class="pull-left">
                         <span class="fa fa-file-o"></span>
-                        <%= raw(t('admin.page_title.edit') + " " + @post_type.the_title.to_s + ": " + @post_decorate.the_title + " #{@post_decorate.the_status}") if !@post.new_record? %>
+                        <% if !@post.new_record? %>
+                            <%= "#{t('admin.page_title.edit')} #{@post_type.the_title}: #{@post_decorate.the_title}" %> <%= raw @post_decorate.the_status.html_safe %>
+                        <% end %>
+                        <%#= raw(t('admin.page_title.edit') + " " + @post_type.the_title.to_s + ": " + @post_decorate.the_title + " #{@post_decorate.the_status}") if !@post.new_record? %>
                         <%= link_to raw("#{t('admin.button.view_draft')}"), {action: :edit, id: @post.drafts.pluck('id')}, id: "view_draft", class: "label label-warning label-form", title: "#{t('admin.button.view_draft')}", target: '_blank' if @post.drafts.present? %>
                         <%= t('admin.page_title.create') + " " + @post_type.the_title.to_s if @post.new_record? %>
                     </h4>