collavre 0.1.0

data/app/controllers/collavre/comments_controller.rb

@@ -0,0 +1,464 @@
+module Collavre
+  class CommentsController < ApplicationController
+    before_action :set_creative
+    before_action :set_comment, only: [ :destroy, :show, :update, :convert, :approve, :update_action ]
+
+    def index
+      limit = 20
+
+      visible_scope = @creative.comments.where(
+        "comments.private = ? OR comments.user_id = ? OR comments.approver_id = ?",
+        false,
+        Current.user.id,
+        Current.user.id
+      )
+      scope = visible_scope.with_attached_images.includes(:topic, :comment_reactions)
+
+      if params[:search].present?
+        search_term = ActiveRecord::Base.sanitize_sql_like(params[:search].to_s.strip.downcase)
+        scope = scope.where("LOWER(comments.content) LIKE ?", "%#{search_term}%")
+      end
+
+      # Filter by topic
+      # Logic:
+      # 1. Prefer params[:topic_id] if explicit.
+      # 2. If deep linking (around_comment_id), infer from target comment if valid.
+      # 3. Default to nil (Main).
+
+      effective_topic_id = params[:topic_id].presence
+
+      if params[:around_comment_id].present?
+        target_id = params[:around_comment_id].to_i
+        # Ensure target is visible and belongs to this creative
+        target_comment = visible_scope.find_by(id: target_id)
+
+        if target_comment
+          effective_topic_id = target_comment.topic_id
+          # Inform frontend about the topic switch
+          response.headers["X-Topic-Id"] = effective_topic_id.to_s
+        end
+      end
+
+      # Apply the Topic Filter
+      scope = scope.where(topic_id: effective_topic_id) if effective_topic_id.present?
+
+      # Default order: Newest first (created_at DESC)
+      # This matches the column-reverse layout where the first item in the list is the visual bottom (Newest).
+      scope = scope.order(created_at: :desc)
+
+
+      @comments = if params[:around_comment_id].present?
+        # Deep linking: Load context around a specific comment
+        target_id = params[:around_comment_id].to_i
+
+        # Newer messages have HIGHER IDs.
+        # Older messages have LOWER IDs.
+
+        # Newer bundle (including target): ID >= target_id
+        newer_bundle = scope.where("comments.id >= ?", target_id).reorder(created_at: :asc).limit(limit / 2 + 1)
+
+        # Older bundle: ID < target_id
+        older_bundle = scope.where("comments.id < ?", target_id).limit(limit / 2)
+
+        # Combine: [Newer (ASC) ... Target ... Older (DESC)]
+        # We need final output to be ASC due to restored view logic: [Oldest ... Target ... Newest]
+        (older_bundle.to_a.reverse + newer_bundle.to_a).uniq
+      elsif params[:after_id].present? && params[:before_id].present?
+          # Invalid state, prioritize before (loading older history)
+          scope.where("comments.id < ?", params[:before_id].to_i).limit(limit).to_a.reverse
+      elsif params[:before_id].present?
+        # Load OLDER messages (lower IDs)
+        # Visually scrolling UP
+        scope.where("comments.id < ?", params[:before_id].to_i).limit(limit).to_a.reverse
+      elsif params[:after_id].present?
+        # Load NEWER messages (higher IDs)
+        # Visually scrolling DOWN
+        # We want the ones immediately *after* the current newest.
+        # Since default sort is DESC (Newest first), "after" means id > after_id.
+        # But standard DESC query would give us the VERY Newest.
+        # We want the ones just above `after_id`.
+
+        # Use reorder(ASC) to get the ones immediately larger than after_id, then reverse back to DESC.
+        scope.where("comments.id > ?", params[:after_id].to_i).reorder(created_at: :asc).limit(limit)
+      else
+        # Initial Load (Latest messages)
+        scope.limit(limit).to_a.reverse
+      end
+
+      present_user_ids = CommentPresenceStore.list(@creative.id)
+
+      read_receipts = {}
+      if @comments.any?
+        # Fetch all read pointers for this creative that point to comments in the current list
+        # We only care about pointers that match the IDs of the comments we are displaying?
+        # Or rather, we want to show the 'line' on the comment that matches the pointer.
+
+        # Optimization: Fetch all pointers for participants of this creative.
+        # Scoped to the creative.
+        pointers = CommentReadPointer.where(creative: @creative)
+                                     .where.not(last_read_comment_id: nil)
+                                     .includes(user: { avatar_attachment: :blob })
+
+        # Fetch all visible IDs for correct read-receipt placement transparency
+        # Only map read receipts to PUBLIC comments.
+        # Users who read private comments will appear on the nearest preceding public comment.
+        public_ids = @creative.comments.where(private: false).order(id: :asc).pluck(:id)
+
+        pointers.each do |pointer|
+          effective_id = pointer.effective_comment_id(public_ids)
+          if effective_id
+            read_receipts[effective_id] ||= []
+            read_receipts[effective_id] << pointer.user
+          end
+        end
+      end
+
+      if params[:after_id].present? || params[:before_id].present?
+        render partial: "collavre/comments/comment",
+               collection: @comments,
+               as: :comment,
+               locals: { read_receipts: read_receipts, present_user_ids: present_user_ids, current_topic_id: effective_topic_id }
+      else
+        render partial: "collavre/comments/list", locals: {
+          comments: @comments,
+          creative: @creative,
+          read_receipts: read_receipts,
+          present_user_ids: present_user_ids,
+          current_topic_id: effective_topic_id
+        }
+      end
+    end
+
+    def create
+      unless @creative.has_permission?(Current.user, :feedback)
+        render json: { error: I18n.t("collavre.comments.no_permission") }, status: :forbidden and return
+      end
+
+      comment_attributes = comment_params.except(:images)
+      image_attachments = comment_params[:images]
+
+      @comment = @creative.comments.build(comment_attributes)
+
+      if @comment.topic_id.present? && !@creative.topics.where(id: @comment.topic_id).exists?
+        render json: { error: I18n.t("collavre.comments.invalid_topic") }, status: :unprocessable_entity and return
+      end
+
+      @comment.user = Current.user
+      @comment.images.attach(image_attachments) if image_attachments.present?
+      response = ::Comments::CommandProcessor.new(comment: @comment, user: Current.user).call
+      @comment.content = "#{@comment.content}\n\n#{response}" if response.present?
+      if @comment.save
+
+        # Dispatch system event
+        ::SystemEvents::Dispatcher.dispatch("comment_created", {
+          comment: {
+            id: @comment.id,
+            content: @comment.content,
+            user_id: @comment.user_id
+          },
+          creative: {
+            id: @creative.id,
+            description: @creative.description
+          },
+          chat: {
+            content: @comment.content
+          }
+        }) unless @comment.private?
+        @comment = Comment.with_attached_images.includes(:comment_reactions).find(@comment.id)
+        render partial: "collavre/comments/comment", locals: { comment: @comment, current_topic_id: current_topic_context }, status: :created
+      else
+        render json: { errors: @comment.errors.full_messages }, status: :unprocessable_entity
+      end
+    end
+
+    def update
+      if @comment.user == Current.user
+        safe_params = comment_params
+        if safe_params[:topic_id].present? && !@creative.topics.where(id: safe_params[:topic_id]).exists?
+          render json: { error: I18n.t("collavre.comments.invalid_topic") }, status: :unprocessable_entity and return
+        end
+
+        if @comment.update(safe_params)
+          @comment = Comment.with_attached_images.includes(:comment_reactions).find(@comment.id)
+          render partial: "collavre/comments/comment", locals: { comment: @comment, current_topic_id: current_topic_context }
+        else
+          render json: { errors: @comment.errors.full_messages }, status: :unprocessable_entity
+        end
+      else
+        render json: { error: I18n.t("collavre.comments.not_owner") }, status: :forbidden
+      end
+    end
+
+    def destroy
+      # @comment is set by before_action
+      is_owner = @comment.user == Current.user
+      is_admin = @creative.has_permission?(Current.user, :admin)
+      is_creative_owner = @creative.user == Current.user
+
+      if is_owner || is_admin || is_creative_owner
+        # If admin/creative owner is deleting someone else's comment, send notification
+        if (is_admin || is_creative_owner) && !is_owner && @comment.user.present? && !@comment.user.ai_user?
+          if @comment.user.present?
+            InboxItem.create!(
+              owner: @comment.user,
+              creative: @creative,
+              comment: @comment,
+              message_key: "inbox.comment_deleted_by_admin",
+              message_params: {
+                admin_name: Current.user.name,
+                creative_snippet: @creative.creative_snippet,
+                comment_content: @comment.content
+              },
+              link: creative_path(@creative)
+            )
+          end
+        end
+
+        @comment.destroy
+        head :no_content
+      else
+        render json: { error: I18n.t("collavre.comments.not_owner") }, status: :forbidden
+      end
+    end
+
+    def convert
+      unless can_convert_comment?
+        render json: { error: I18n.t("collavre.comments.convert_not_allowed") }, status: :forbidden and return
+      end
+
+      created_creatives = ::MarkdownImporter.import(
+        @comment.content,
+        parent: @creative,
+        user: @creative.user,
+        create_root: true
+      )
+
+      primary_creative = created_creatives.first
+      system_message = build_convert_system_message(primary_creative) if primary_creative
+
+      @comment.destroy
+
+      if system_message.present?
+        Current.set(session: nil) do
+          @creative.comments.create!(content: system_message, user: nil)
+        end
+      end
+
+      head :no_content
+    end
+
+    def approve
+      status = @comment.approval_status(Current.user)
+      if status != :ok
+        error_key = case status
+        when :invalid_action_format then "collavre.comments.approve_invalid_format"
+        when :missing_action then "collavre.comments.approve_missing_action"
+        when :missing_approver then "collavre.comments.approve_missing_approver"
+        when :admin_required then "collavre.comments.approve_admin_required"
+        else "collavre.comments.approve_not_allowed"
+        end
+        http_status = case status
+        when :invalid_action_format, :missing_action, :missing_approver
+                        :unprocessable_entity
+        else
+                        :forbidden
+        end
+        render json: { error: I18n.t(error_key) }, status: http_status and return
+      end
+
+      begin
+        ::Comments::ActionExecutor.new(comment: @comment, executor: Current.user).call
+        @comment = Comment.with_attached_images.includes(:comment_reactions).find(@comment.id)
+        render partial: "collavre/comments/comment", locals: { comment: @comment, current_topic_id: current_topic_context }
+      rescue ::Comments::ActionExecutor::ExecutionError => e
+        render json: { error: e.message }, status: :unprocessable_entity
+      end
+    end
+
+    def update_action
+      # Initial checks outside the lock
+      executed_error = false
+      update_success = false
+      approver_mismatch_error = false
+      status_error_key = nil
+      status_http_status = nil
+      validation_error_message = nil
+
+      @comment.with_lock do
+        @comment.reload
+
+        status_in_lock = @comment.approval_status(Current.user)
+        # Allow repairing invalid format if user is approver
+        if status_in_lock == :invalid_action_format
+          if @comment.approver_id == Current.user&.id
+            status_in_lock = :ok
+          else
+            status_in_lock = :not_allowed
+          end
+        end
+
+        if status_in_lock != :ok
+          approver_mismatch_error = true
+          status_error_key = case status_in_lock
+          when :invalid_action_format then "collavre.comments.approve_invalid_format"
+          when :missing_action then "collavre.comments.approve_missing_action"
+          when :missing_approver then "collavre.comments.approve_missing_approver"
+          when :admin_required then "collavre.comments.approve_admin_required"
+          else "collavre.comments.approve_not_allowed"
+          end
+          status_http_status = case status_in_lock
+          when :invalid_action_format, :missing_action, :missing_approver
+                          :unprocessable_entity
+          else
+                          :forbidden
+          end
+        elsif @comment.action_executed_at.present?
+          executed_error = true
+        else
+          action_payload = params.dig(:comment, :action)
+          if action_payload.blank?
+            validation_error_message = I18n.t("collavre.comments.approve_missing_action")
+          else
+            begin
+              validator = ::Comments::ActionValidator.new(comment: @comment)
+              parsed_payload = validator.validate!(action_payload)
+              normalized_action = JSON.pretty_generate(parsed_payload)
+              update_success = @comment.update(action: normalized_action)
+            rescue ::Comments::ActionValidator::ValidationError => e
+              validation_error_message = e.message
+            end
+          end
+        end
+      end
+
+      if approver_mismatch_error
+        render json: { error: I18n.t(status_error_key) }, status: status_http_status
+      elsif validation_error_message
+        render json: { error: validation_error_message }, status: :unprocessable_entity
+      elsif executed_error
+        render json: { error: I18n.t("collavre.comments.approve_already_executed") }, status: :unprocessable_entity
+      elsif update_success
+        @comment = Comment.with_attached_images.includes(:comment_reactions).find(@comment.id)
+        render partial: "collavre/comments/comment", locals: { comment: @comment, current_topic_id: current_topic_context }
+      else
+        error_message = @comment.errors.full_messages.to_sentence.presence || I18n.t("collavre.comments.action_update_error")
+        render json: { error: error_message }, status: :unprocessable_entity
+      end
+    rescue ::Comments::ActionValidator::ValidationError => e
+      render json: { error: e.message }, status: :unprocessable_entity
+    end
+
+    def show
+      redirect_to creative_path(@creative, comment_id: @comment.id)
+    end
+
+    def participants
+      users = [ @creative.user ].compact + @creative.all_shared_users(:feedback).map(&:user)
+      users = users.uniq
+      data = users.map do |u|
+        {
+          id: u.id,
+          email: u.email,
+          name: u.display_name,
+          avatar_url: view_context.user_avatar_url(u, size: 20),
+          default_avatar: !u.avatar.attached? && u.avatar_url.blank?,
+          initial: u.display_name[0].upcase
+        }
+      end
+      render json: data
+    end
+
+    def move
+      comment_ids = Array(params[:comment_ids]).map(&:presence).compact.map(&:to_i)
+      if comment_ids.empty?
+        render json: { error: I18n.t("collavre.comments.move_no_selection") }, status: :unprocessable_entity and return
+      end
+
+      target_creative = Creative.find_by(id: params[:target_creative_id])
+      if target_creative.nil?
+        render json: { error: I18n.t("collavre.comments.move_invalid_target") }, status: :unprocessable_entity and return
+      end
+
+      target_origin = target_creative.effective_origin
+
+      unless @creative.has_permission?(Current.user, :feedback) && target_origin.has_permission?(Current.user, :feedback)
+        render json: { error: I18n.t("collavre.comments.move_not_allowed") }, status: :forbidden and return
+      end
+
+      scope = @creative.comments.where(
+        "comments.private = ? OR comments.user_id = ? OR comments.approver_id = ?",
+        false,
+        Current.user.id,
+        Current.user.id
+      )
+
+      comments = scope.where(id: comment_ids).to_a
+
+      if comments.length != comment_ids.length
+        render json: { error: I18n.t("collavre.comments.move_not_allowed") }, status: :forbidden and return
+      end
+
+      ActiveRecord::Base.transaction do
+        comments.each do |comment|
+          next if comment.creative_id == target_origin.id
+
+          original_creative = comment.creative
+          comment.update!(creative: target_origin, topic_id: nil)
+          broadcast_move_removal(comment, original_creative)
+        end
+      end
+
+      Comment.broadcast_badges(@creative)
+      Comment.broadcast_badges(target_origin) unless target_origin == @creative
+
+      render json: { success: true }
+    rescue ActiveRecord::RecordInvalid => e
+      render json: { error: e.record.errors.full_messages.to_sentence.presence || I18n.t("collavre.comments.move_error") }, status: :unprocessable_entity
+    end
+
+    private
+
+    def set_creative
+      @creative = Creative.find(params[:creative_id]).effective_origin
+    end
+
+    def set_comment
+      @comment = @creative.comments
+                             .where(
+                               "comments.private = ? OR comments.user_id = ? OR comments.approver_id = ?",
+                               false,
+                               Current.user.id,
+                               Current.user.id
+                             )
+                             .find(params[:id])
+    end
+
+    def comment_params
+      params.require(:comment).permit(:content, :private, :topic_id, images: [])
+    end
+
+    def can_convert_comment?
+      @comment.user == Current.user || @creative.has_permission?(Current.user, :admin)
+    end
+
+    def broadcast_move_removal(comment, original_creative)
+      return if comment.private?
+
+      Turbo::StreamsChannel.broadcast_remove_to(
+        [ original_creative, :comments ],
+        target: view_context.dom_id(comment)
+      )
+    end
+
+    def build_convert_system_message(creative)
+      title = helpers.strip_tags(creative.description).to_s.strip
+      title = I18n.t("collavre.comments.convert_system_message_default_title") if title.blank?
+      url = creative_path(creative)
+      I18n.t("collavre.comments.convert_system_message", title: title, url: url)
+    end
+
+    def current_topic_context
+      params[:topic_id].presence || params.dig(:comment, :topic_id).presence
+    end
+  end
+end

data/app/controllers/collavre/contacts_controller.rb

@@ -0,0 +1,10 @@
+module Collavre
+  class ContactsController < ApplicationController
+    def destroy
+      contact = Current.user.contacts.find(params[:id])
+      contact.destroy
+      redirect_to user_path(Current.user, tab: "contacts", contact_page: params[:contact_page]),
+                  notice: t("collavre.contacts.notices.removed")
+    end
+  end
+end

data/app/controllers/collavre/creative_expanded_states_controller.rb

@@ -0,0 +1,27 @@
+module Collavre
+  class CreativeExpandedStatesController < ApplicationController
+    def toggle
+      creative_id = params[:creative_id]
+      node_id = params[:node_id].to_s
+      expanded = ActiveModel::Type::Boolean.new.cast(params[:expanded])
+
+      record = CreativeExpandedState.find_or_initialize_by(creative_id: creative_id, user_id: Current.user.id)
+      state = record.expanded_status || {}
+
+      if expanded
+        state[node_id] = true
+      else
+        state.delete(node_id)
+      end
+
+      record.expanded_status = state
+      if state.empty?
+        record.destroy if record.persisted?
+      else
+        record.save!
+      end
+
+      render json: { success: true }
+    end
+  end
+end

data/app/controllers/collavre/creative_imports_controller.rb

@@ -0,0 +1,24 @@
+module Collavre
+  class CreativeImportsController < ApplicationController
+    allow_unauthenticated_access only: :create
+
+    def create
+      unless authenticated?
+        render json: { error: "Unauthorized" }, status: :unauthorized and return
+      end
+
+      parent = params[:parent_id].present? ? Creative.find_by(id: params[:parent_id]) : nil
+      created = ::Creatives::Importer.new(file: params[:markdown], user: Current.user, parent: parent).call
+
+      if created.any?
+        render json: { success: true, created: created.map(&:id) }
+      else
+        render json: { error: "No creatives created" }, status: :unprocessable_entity
+      end
+    rescue ::Creatives::Importer::UnsupportedFile
+      render json: { error: "Invalid file type" }, status: :unprocessable_entity
+    rescue ::Creatives::Importer::Error => e
+      render json: { error: e.message }, status: :unprocessable_entity
+    end
+  end
+end

data/app/controllers/collavre/creative_plans_controller.rb

@@ -0,0 +1,69 @@
+module Collavre
+  class CreativePlansController < ApplicationController
+    before_action :require_authentication
+
+    def create
+      result = tagger.apply
+      respond_to do |format|
+        format.html do
+          flash[result.success? ? :notice : :alert] = translate_message(
+            result,
+            success_key: "collavre.creatives.index.plan_tags_applied",
+            success_default: "Plan tags applied to selected creatives.",
+            failure_key: "collavre.creatives.index.plan_tag_failed",
+            failure_default: "Please select a plan and at least one creative."
+          )
+          redirect_back fallback_location: creatives_path(select_mode: 1)
+        end
+        format.json do
+          if result.success?
+            render json: { message: translate_message(result, success_key: "collavre.creatives.index.plan_tags_applied", success_default: "Plan tags applied.", failure_key: "", failure_default: "") }, status: :ok
+          else
+            render json: { error: translate_message(result, success_key: "", success_default: "", failure_key: "collavre.creatives.index.plan_tag_failed", failure_default: "Failed to apply plan.") }, status: :unprocessable_entity
+          end
+        end
+      end
+    end
+
+    def destroy
+      result = tagger.remove
+      respond_to do |format|
+        format.html do
+          flash[result.success? ? :notice : :alert] = translate_message(
+            result,
+            success_key: "collavre.creatives.index.plan_tags_removed",
+            success_default: "Plan tag removed from selected creatives.",
+            failure_key: "collavre.creatives.index.plan_tag_remove_failed",
+            failure_default: "Please select a plan and at least one creative."
+          )
+          redirect_back fallback_location: creatives_path(select_mode: 1)
+        end
+        format.json do
+          if result.success?
+            render json: { message: translate_message(result, success_key: "collavre.creatives.index.plan_tags_removed", success_default: "Plan tag removed.", failure_key: "", failure_default: "") }, status: :ok
+          else
+            render json: { error: translate_message(result, success_key: "", success_default: "", failure_key: "collavre.creatives.index.plan_tag_remove_failed", failure_default: "Failed to remove plan.") }, status: :unprocessable_entity
+          end
+        end
+      end
+    end
+
+    private
+
+    def tagger
+      ::Creatives::PlanTagger.new(plan_id: params[:plan_id], creative_ids: parsed_creative_ids)
+    end
+
+    def parsed_creative_ids
+      params[:creative_ids].to_s.split(",").map(&:strip).reject(&:blank?)
+    end
+
+    def translate_message(result, success_key:, success_default:, failure_key:, failure_default:)
+      if result.success?
+        I18n.t(success_key, default: success_default)
+      else
+        I18n.t(failure_key, default: failure_default)
+      end
+    end
+  end
+end

data/app/controllers/collavre/creative_shares_controller.rb

@@ -0,0 +1,79 @@
+module Collavre
+  class CreativeSharesController < ApplicationController
+    def create
+      @creative = Creative.find(params[:creative_id]).effective_origin
+
+      user = nil
+      if params[:user_email].present?
+        user = User.find_by(email: params[:user_email])
+        unless user
+          invitation = Invitation.create!(email: params[:user_email], inviter: Current.user, creative: @creative, permission: params[:permission])
+          InvitationMailer.with(invitation: invitation).invite.deliver_later
+          flash[:notice] = t("collavre.invites.invite_sent")
+          redirect_back(fallback_location: creatives_path) and return
+        end
+      end
+
+      permission = params[:permission]
+
+      # Enforce read-only for public shares (no user email provided)
+      if params[:user_email].blank? && permission != "no_access" && permission != "read"
+        permission = "read"
+      end
+
+      ancestor_ids = @creative.ancestors.pluck(:id)
+      ancestor_shares = CreativeShare.where(creative_id: ancestor_ids, user: user)
+                                     .where("permission >= ? or permission = ?", CreativeShare.permissions[permission], CreativeShare.permissions[:no_access])
+      closest_parent_share = CreativeShare.closest_parent_share(ancestor_ids, ancestor_shares)
+
+      is_param_no_access = permission == :no_access.to_s
+      Rails.logger.debug "### closest_parent_share = #{closest_parent_share.inspect}, is_param_no_access: #{is_param_no_access}"
+      if closest_parent_share.present?
+        if closest_parent_share.permission == :no_access.to_s
+          flash[:alert] = t("collavre.creatives.share.can_not_share_by_no_access_in_parent")
+          redirect_back(fallback_location: creatives_path) and return
+        else
+          if is_param_no_access
+            # can set!
+          else
+            flash[:alert] = t("collavre.creatives.share.already_shared_in_parent")
+            redirect_back(fallback_location: creatives_path) and return
+          end
+        end
+      end
+
+      share = CreativeShare.find_or_initialize_by(creative: @creative, user: user)
+      share.shared_by ||= Current.user
+      share.permission = permission
+      if share.save and not is_param_no_access
+        if user
+          @creative.create_linked_creative_for_user(user)
+          Contact.ensure(user: Current.user, contact_user: user)
+          Contact.ensure(user: @creative.user, contact_user: user)
+        end
+        flash[:notice] = t("collavre.creatives.share.shared")
+      else
+        flash[:alert] = share.errors.full_messages.to_sentence
+      end
+      redirect_back(fallback_location: creatives_path)
+    end
+
+    def destroy
+      @creative_share = CreativeShare.find(params[:id])
+      @creative_share.destroy
+      # remove linked creative if it exists
+      linked_creative = Creative.find_by(origin_id: @creative_share.creative_id, user_id: @creative_share.user_id)
+      linked_creative&.destroy
+      respond_to do |format|
+        format.html { redirect_back fallback_location: main_app.root_path, notice: t("collavre.creatives.index.share_deleted") }
+        format.json { head :no_content }
+      end
+    end
+
+    private
+
+      def all_descendants(creative)
+        creative.children.flat_map { |child| [ child ] + all_descendants(child) }
+      end
+  end
+end