camaleon_cms 2.4.4.3 → 2.4.4.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of camaleon_cms might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/app/apps/plugins/attack/attack_helper.rb +1 -0
- data/app/apps/plugins/authoring_post/authoring_post_helper.rb +1 -1
- data/app/controllers/camaleon_cms/admin/posts_controller.rb +1 -1
- data/app/controllers/camaleon_cms/admin/sessions_controller.rb +1 -1
- data/app/controllers/camaleon_cms/admin/users_controller.rb +2 -2
- data/app/controllers/camaleon_cms/camaleon_controller.rb +5 -3
- data/app/decorators/camaleon_cms/site_decorator.rb +1 -1
- data/app/helpers/camaleon_cms/session_helper.rb +1 -1
- data/app/models/camaleon_cms/ability.rb +1 -1
- data/app/models/camaleon_cms/user.rb +4 -4
- data/app/views/camaleon_cms/admin/users/form.html.erb +1 -1
- data/app/views/camaleon_cms/admin/users/index.html.erb +1 -1
- data/lib/camaleon_cms/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5581bbe874bc02c0ad4eb795817fd82e431d3832
|
4
|
+
data.tar.gz: b0d2c74f1b22ba640260e100e57ea1ef64f87500
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 612ed7bf329cd37631d1aa4456db2af076963f48417ec58068c9d4e5423969340fd489aa8b0d08e2a25e58fcbab0d3dff6c79e6bcb4f856f84c6ad05099e2f1d
|
7
|
+
data.tar.gz: 3ddbc96bc692151ca73990cd463a6e88f391d064765dc2b49dbf219f2f34b428d143750f683c08cd62eefa2a463831d148bd530348e772d00f33c84738e1d841
|
data/README.md
CHANGED
@@ -39,7 +39,7 @@
|
|
39
39
|
* Add the gem in your Gemfile
|
40
40
|
|
41
41
|
```
|
42
|
-
gem "camaleon_cms", '>= 2.4.4.
|
42
|
+
gem "camaleon_cms", '>= 2.4.4.4' # Stable versions 2.4.4.2, 2.4.3.10, 2.4.3.6, 2.4.3.5, 2.4.3.2, 2.3.6, 2.2.1, 2.1.1, 2.1.0
|
43
43
|
# gem "camaleon_cms", github: 'owen2345/camaleon-cms' # current development version
|
44
44
|
# gem 'draper', '~> 3' # only for Rails 5
|
45
45
|
# verify (gem 'sass-rails', '~> 5.0') only for Rails 5
|
@@ -50,6 +50,7 @@ module Plugins::Attack::AttackHelper
|
|
50
50
|
|
51
51
|
private
|
52
52
|
def attack_check_request
|
53
|
+
return unless current_site
|
53
54
|
config = current_site.get_meta("attack_config")
|
54
55
|
q = current_site.attack.where(browser_key: cama_get_session_id, path: attack_request_key)
|
55
56
|
return unless config.present?
|
@@ -40,7 +40,7 @@ module Plugins::AuthoringPost::AuthoringPostHelper
|
|
40
40
|
end
|
41
41
|
|
42
42
|
def plugin_authoring_authors_list(post)
|
43
|
-
author_id = post.new_record? ?
|
43
|
+
author_id = post.new_record? ? cama_current_user.id : post.author.id
|
44
44
|
ret = ''
|
45
45
|
current_site.users.where('role <> ?', 'client').order(:username).each do |user|
|
46
46
|
ret += "<option value='#{user.id}' #{user.id.eql?(author_id) ? 'selected' : ''}>#{user.username.titleize}#{user.fullname.eql?(user.username.titleize) ? '' : ' (' + user.fullname + ')' }</option>"
|
@@ -30,7 +30,7 @@ class CamaleonCms::Admin::PostsController < CamaleonCms::AdminController
|
|
30
30
|
posts_all = posts_all.where("LOWER(#{CamaleonCms::Post.table_name}.title) LIKE ?", "%#{params[:q]}%")
|
31
31
|
end
|
32
32
|
|
33
|
-
posts_all = posts_all.where(user_id:
|
33
|
+
posts_all = posts_all.where(user_id: cama_current_user) if cannot?(:edit_other, @post_type) # filter only own contents
|
34
34
|
|
35
35
|
@posts = posts_all
|
36
36
|
params[:s] = 'published' unless params[:s].present?
|
@@ -18,7 +18,7 @@ class CamaleonCms::Admin::SessionsController < CamaleonCms::CamaleonController
|
|
18
18
|
|
19
19
|
def login_post
|
20
20
|
data_user = user_permit_data
|
21
|
-
@user = current_site.users.
|
21
|
+
@user = current_site.users.find_by_username(data_user[:username])
|
22
22
|
captcha_validate = captcha_verify_if_under_attack("login")
|
23
23
|
r = {user: @user, params: params, password: data_user[:password], captcha_validate: captcha_validate, stop_process: false}; hooks_run("user_before_login", r)
|
24
24
|
return if r[:stop_process] # permit to redirect for data completion
|
@@ -80,7 +80,7 @@ class CamaleonCms::Admin::UsersController < CamaleonCms::AdminController
|
|
80
80
|
end
|
81
81
|
|
82
82
|
def destroy
|
83
|
-
if
|
83
|
+
if cama_current_user.id == @user.id
|
84
84
|
flash[:error] = t('camaleon_cms.admin.users.message.user_can_not_delete_own_account', default: 'User can not delete own account')
|
85
85
|
elsif @user.destroy
|
86
86
|
flash[:notice] = t('camaleon_cms.admin.users.message.deleted')
|
@@ -106,7 +106,7 @@ class CamaleonCms::Admin::UsersController < CamaleonCms::AdminController
|
|
106
106
|
|
107
107
|
def user_params
|
108
108
|
parameters = params.require(:user)
|
109
|
-
if
|
109
|
+
if cama_current_user.role_grantor?(@user)
|
110
110
|
parameters.permit(:username, :email, :role, :first_name, :last_name)
|
111
111
|
else
|
112
112
|
parameters.permit(:username, :email, :first_name, :last_name)
|
@@ -125,8 +125,10 @@ class CamaleonCms::CamaleonController < ApplicationController
|
|
125
125
|
end
|
126
126
|
end
|
127
127
|
end
|
128
|
-
|
129
|
-
|
130
|
-
|
128
|
+
|
129
|
+
unless ApplicationController.method_defined?(:current_user)
|
130
|
+
def current_user
|
131
|
+
cama_current_user
|
132
|
+
end
|
131
133
|
end
|
132
134
|
end
|
@@ -88,7 +88,7 @@ class CamaleonCms::SiteDecorator < CamaleonCms::TermTaxonomyDecorator
|
|
88
88
|
# return the user object with id or username = id_or_username from this site
|
89
89
|
def the_user(id_or_username)
|
90
90
|
return object.users.where(id: id_or_username).first.decorate rescue nil if id_or_username.is_a?(Integer)
|
91
|
-
return object.users.
|
91
|
+
return object.users.find_by_username(id_or_username).decorate rescue nil if id_or_username.is_a?(String)
|
92
92
|
end
|
93
93
|
|
94
94
|
# return all post types for this site
|
@@ -33,7 +33,7 @@ module CamaleonCms::SessionHelper
|
|
33
33
|
# login a user using username and password
|
34
34
|
# return boolean: true => authenticated, false => authentication failed
|
35
35
|
def login_user_with_password(username, password)
|
36
|
-
@user = current_site.users.
|
36
|
+
@user = current_site.users.find_by_username(username)
|
37
37
|
r = {user: @user, params: params, password: password, captcha_validate: true}; hooks_run('user_before_login', r)
|
38
38
|
@user && @user.authenticate(password)
|
39
39
|
end
|
@@ -11,7 +11,7 @@ class CamaleonCms::Ability
|
|
11
11
|
can :read, :all
|
12
12
|
else
|
13
13
|
# conditions:
|
14
|
-
current_user_role = user.get_role(current_site)
|
14
|
+
current_user_role = user.get_role(current_site) || current_site.user_roles.new
|
15
15
|
@roles_manager ||= current_user_role.get_meta("_manager_#{current_site.id}", {}) || {}
|
16
16
|
@roles_post_type ||= current_user_role.get_meta("_post_type_#{current_site.id}", {}) || {}
|
17
17
|
|
@@ -7,12 +7,12 @@ unless PluginRoutes.static_system_info['user_model'].present?
|
|
7
7
|
validates :email, :presence => true, :format => { :with => /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i } #, :unless => Proc.new { |a| a.auth_social.present? }
|
8
8
|
has_secure_password
|
9
9
|
|
10
|
-
def self.
|
11
|
-
where(['lower(email) = ?', email.to_s.downcase])
|
10
|
+
def self.find_by_email(email)
|
11
|
+
where(['lower(email) = ?', email.to_s.downcase]).take
|
12
12
|
end
|
13
13
|
|
14
|
-
def self.
|
15
|
-
where(['lower(username) = ?', username.to_s.downcase])
|
14
|
+
def self.find_by_username(username)
|
15
|
+
where(['lower(username) = ?', username.to_s.downcase]).take
|
16
16
|
end
|
17
17
|
end
|
18
18
|
end
|
@@ -54,7 +54,7 @@
|
|
54
54
|
<div class="">
|
55
55
|
<%= f.label "#{t('camaleon_cms.admin.table.role')}", class: "control-label" %>
|
56
56
|
<div class="">
|
57
|
-
<%= f.select :role,current_site.user_roles.reorder(:name).decorate.map{|role| [role.the_title, role.slug]}, {}, {:class => "form-control required", disabled: !
|
57
|
+
<%= f.select :role,current_site.user_roles.reorder(:name).decorate.map{|role| [role.the_title, role.slug]}, {}, {:class => "form-control required", disabled: !cama_current_user.role_grantor?(@user)}%>
|
58
58
|
</div>
|
59
59
|
</div>
|
60
60
|
<hr>
|
@@ -36,7 +36,7 @@
|
|
36
36
|
<td><%= l(f.last_login_at, format: :long) if f.last_login_at.present? %></td>
|
37
37
|
<td>
|
38
38
|
<%= link_to raw('<i class="fa fa-pencil"></i>'), {action: :edit, id: f.id }, class: "btn btn-default btn-xs cama_ajax_request", title: "#{t('camaleon_cms.admin.button.edit')}" %>
|
39
|
-
<% if
|
39
|
+
<% if cama_current_user.id == f.id %>
|
40
40
|
<%= link_to 'javascript:;', class: 'btn btn-danger btn-xs cama_ajax_request', disabled: true,
|
41
41
|
title: t('camaleon_cms.admin.users.message.user_can_not_delete_own_account', default: 'User can not delete own account') do %>
|
42
42
|
<i class="fa fa-times"></i>
|
data/lib/camaleon_cms/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: camaleon_cms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.4.4.
|
4
|
+
version: 2.4.4.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Owen Peredo Diaz
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-10-
|
11
|
+
date: 2017-10-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bcrypt
|