collavre 0.3.2 → 0.5.0

data/app/models/collavre/comment.rb

@@ -14,12 +14,18 @@ module Collavre
     belongs_to :approver, class_name: Collavre.configuration.user_class_name, optional: true
     belongs_to :action_executed_by, class_name: Collavre.configuration.user_class_name, optional: true
     belongs_to :topic, class_name: "Collavre::Topic", optional: true
+    belongs_to :quoted_comment, class_name: "Collavre::Comment", optional: true
     has_many :activity_logs, class_name: "Collavre::ActivityLog", dependent: :destroy
     has_many :comment_reactions, class_name: "Collavre::CommentReaction", dependent: :destroy
 
-
     has_many_attached :images, dependent: :purge_later
 
+    include Broadcastable
+    include Notifiable
+    include Approvable
+
+    attribute :skip_default_user, :boolean, default: false
+
     before_validation :use_origin_creative
     before_validation :assign_default_user, on: :create
     before_save :apply_link_previews, if: :should_apply_link_previews?
@@ -28,67 +34,17 @@ module Collavre
     validate :creative_must_be_origin_creative
     validate :images_must_be_images
 
-    after_create_commit :broadcast_create, :notify_write_users, :notify_mentions, :notify_approver, :broadcast_badges
-    after_update_commit :broadcast_update
-    after_destroy_commit :broadcast_destroy, :broadcast_badges, :cancel_pending_tasks
+    after_destroy_commit :cancel_pending_tasks
+
+    def review_message?
+      quoted_comment_id.present?
+    end
 
     # public for db migration
     def creative_snippet
       creative.creative_snippet
     end
 
-    def can_be_approved_by?(user)
-      approval_status(user) == :ok
-    end
-
-    def approval_status(user)
-      return :not_allowed unless user
-
-      if action.blank?
-        return :not_allowed unless approver_id == user&.id
-        return :missing_action
-      end
-
-      begin
-        payload = JSON.parse(action)
-      rescue JSON::ParserError
-        return :invalid_action_format
-      end
-      return :invalid_action_format unless payload.is_a?(Hash)
-
-      actions = Array(payload["actions"])
-      actions = [ payload ] if actions.empty?
-
-      requires_admin = actions.any? do |item|
-        next false unless item.is_a?(Hash)
-        action_type = item["action"] || item["type"]
-        action_type == "approve_tool"
-      end
-
-      if requires_admin && SystemSetting.mcp_tool_approval_required?
-        return user.system_admin? ? :ok : :admin_required
-      end
-
-      return :missing_approver if approver_id.blank?
-      return :not_allowed unless approver_id == user&.id
-
-      :ok
-    end
-
-    def mentioned_users
-      return Collavre.user_class.none unless user
-      emails = mentioned_emails - [ user.email.downcase ]
-      names = mentioned_names - [ user.name.downcase ]
-
-      origin = creative.effective_origin
-      mentionable_users = Collavre.user_class.mentionable_for(origin)
-
-      scope = Collavre.user_class.none
-      scope = scope.or(mentionable_users.where(email: emails)) if emails.any?
-      scope = scope.or(mentionable_users.where("LOWER(name) IN (?)", names)) if names.any?
-      scope
-    end
-
     private
 
     def cancel_pending_tasks
@@ -99,117 +55,8 @@ module Collavre
       end
     end
 
-    def create_inbox_item(owner, key, params = {})
-      origin = creative&.effective_origin
-      metadata = params.to_h.stringify_keys
-      metadata["comment_id"] = id
-      metadata["creative_id"] = origin&.id
-
-      InboxItem.create!(
-        owner: owner,
-        message_key: key,
-        message_params: metadata,
-        comment: self,
-        creative: origin,
-        link: Collavre::Engine.routes.url_helpers.creative_comment_url(
-          creative,
-          self,
-          Rails.application.config.action_mailer.default_url_options
-        )
-      )
-    end
-
-    # AI agent streaming placeholder: skip inbox notifications for "..." content
-    def streaming_placeholder?
-      user&.ai_user? && content == STREAMING_PLACEHOLDER_CONTENT
-    end
-
-    def mentioned_emails
-      return [] unless content
-      content.scan(/@([\w.\-+]+@[a-zA-Z0-9\-.]+\.[a-zA-Z]{2,})/)
-             .flatten
-             .map(&:downcase)
-             .uniq
-    end
-
-    def mentioned_names
-      return [] unless content
-      content.scan(/@([^:]+):/)
-             .flatten
-             .map(&:downcase)
-             .uniq
-    end
-
-    def broadcast_create
-      return if private?
-      broadcast_append_later_to([ creative, :comments ], target: "comments-list", partial: "collavre/comments/comment")
-    end
-
-    def broadcast_update
-      return if private?
-      broadcast_replace_later_to([ creative, :comments ], partial: "collavre/comments/comment")
-    end
-
-    def broadcast_destroy
-      return if private? || !creative
-      broadcast_remove_to([ creative, :comments ])
-    end
-
-    def broadcast_badges
-      return unless creative
-      Comment.broadcast_badges(creative)
-    end
-
-    def notify_write_users
-      return if private? || !user
-      return if streaming_placeholder?
-      base_creative = creative.effective_origin
-      present_ids = CommentPresenceStore.list(base_creative.id)
-      recipients = base_creative.all_shared_users(:write).map(&:user)
-      recipients << base_creative.user
-      recipients.compact!
-      recipients.uniq!
-      recipients.delete(user)
-      recipients -= mentioned_users.to_a
-      recipients.reject! { |u| present_ids.include?(u.id) }
-      recipients.each do |recipient|
-        create_inbox_item(
-          recipient,
-          "inbox.comment_added",
-          { user: user.display_name, comment: content, creative: creative_snippet }
-        )
-      end
-    end
-
-    def notify_mentions
-      return if private?
-      return if streaming_placeholder?
-      mentioned_users.each do |mentioned|
-        create_inbox_item(
-          mentioned,
-          "inbox.user_mentioned",
-          { user: user.display_name, comment: content, creative: creative_snippet }
-        )
-      end
-    end
-
-    def notify_approver
-      return unless approver.present? && action.present?
-      return if approver == user
-
-      create_inbox_item(
-        approver,
-        "inbox.approval_requested",
-        { user: user&.display_name, tool_name: parsed_action_tool_name, creative: creative_snippet }
-      )
-    end
-
-    def parsed_action_tool_name
-      parsed = JSON.parse(action) rescue nil
-      parsed&.dig("tool_name") || "unknown"
-    end
-
     def assign_default_user
+      return if skip_default_user
       self.user ||= Collavre.current_user
     end
 
@@ -244,97 +91,5 @@ module Collavre
       errors.add(:images, "must be an image")
       invalid_images.each(&:purge)
     end
-
-    def self.broadcast_badges(creative)
-      origin = creative.effective_origin
-      users = [ origin.user ].compact + origin.all_shared_users(:feedback).map(&:user)
-      users.compact!
-      users.uniq!
-      return if users.empty?
-
-      user_ids = users.map(&:id)
-
-      # Batch load all comment read pointers for these users
-      pointers = CommentReadPointer.where(user_id: user_ids, creative: origin).index_by(&:user_id)
-
-      # Get present users once
-      present_user_ids = CommentPresenceStore.list(origin.id)
-
-      # Batch count queries - get counts grouped by user visibility
-      # For public comments (visible to all)
-      public_count = origin.comments.where(private: false).count
-
-      # For private comments, get counts per user
-      private_counts = origin.comments
-        .where(private: true, user_id: user_ids)
-        .group(:user_id)
-        .count
-
-      # Batch unread counts - first get the min last_read_id per user
-      last_read_ids = pointers.transform_values { |p| p.last_read_comment_id || 0 }
-
-      # Get unread public comments for each threshold
-      unread_public_by_threshold = {}
-      last_read_ids.values.uniq.each do |threshold|
-        unread_public_by_threshold[threshold] = origin.comments
-          .where(private: false)
-          .where("comments.id > ?", threshold)
-          .count
-      end
-
-      # Get unread private comments per user
-      unread_private_counts = {}
-      user_ids.each do |uid|
-        threshold = last_read_ids[uid] || 0
-        unread_private_counts[uid] = origin.comments
-          .where(private: true, user_id: uid)
-          .where("comments.id > ?", threshold)
-          .count
-      end
-
-      users.each do |u|
-        user_private_count = private_counts[u.id] || 0
-        total_count = public_count + user_private_count
-
-        threshold = last_read_ids[u.id] || 0
-        unread_public = unread_public_by_threshold[threshold] || 0
-        unread_private = unread_private_counts[u.id] || 0
-        unread_count = unread_public + unread_private
-
-        unread_count = 0 if present_user_ids.include?(u.id)
-
-        Turbo::StreamsChannel.broadcast_replace_to(
-          [ u, origin, :comment_badge ],
-          target: "comment-badge-#{origin.id}",
-          partial: "inbox/badge_component/count",
-          locals: {
-            count: unread_count,
-            badge_id: "comment-badge-#{origin.id}",
-            show_zero: total_count.positive?
-          }
-        )
-      end
-    end
-
-    def self.broadcast_badge(creative, user)
-      origin = creative.effective_origin
-      visible_comments = origin.comments.where("comments.private = ? OR comments.user_id = ?", false, user.id)
-      comments_count = visible_comments.count
-      pointer = CommentReadPointer.find_by(user: user, creative: origin)
-      last_read_id = pointer&.last_read_comment_id
-      unread_scope = last_read_id ? visible_comments.where("comments.id > ?", last_read_id) : visible_comments
-      unread_count = unread_scope.count
-      unread_count = 0 if CommentPresenceStore.list(origin.id).include?(user.id)
-      Turbo::StreamsChannel.broadcast_replace_to(
-        [ user, origin, :comment_badge ],
-        target: "comment-badge-#{origin.id}",
-        partial: "inbox/badge_component/count",
-        locals: {
-          count: unread_count,
-          badge_id: "comment-badge-#{origin.id}",
-          show_zero: comments_count.positive?
-        }
-      )
-    end
   end
 end

data/app/models/collavre/comment_reaction.rb

@@ -7,5 +7,20 @@ module Collavre
 
     validates :emoji, presence: true, length: { maximum: 16 }
     validates :user_id, uniqueness: { scope: [ :comment_id, :emoji ] }
+
+    def self.broadcast_reaction_update(comment)
+      creative = comment.creative
+      reactions = comment.comment_reactions.reload.to_a
+      payload = reactions.group_by(&:emoji).map do |emoji, grouped|
+        { emoji: emoji, count: grouped.size, user_ids: grouped.map(&:user_id) }
+      end
+
+      Turbo::StreamsChannel.broadcast_action_to(
+        [ creative, :comments ],
+        action: "update_reactions",
+        target: "comment_#{comment.id}",
+        attributes: { data: payload.to_json }
+      )
+    end
   end
 end

data/app/models/collavre/creative/describable.rb

@@ -0,0 +1,86 @@
+module Collavre
+  class Creative < ApplicationRecord
+    module Describable
+      extend ActiveSupport::Concern
+
+      included do
+        validates :description, presence: true, unless: -> { origin_id.present? }
+        validate :description_cannot_change_if_has_origin, on: :update
+
+        before_save :sanitize_description_html
+        after_destroy_commit :purge_description_attachments
+      end
+
+      # Linked Creative의 description을 안전하게 반환
+      def effective_description(variation_id = nil, html = true)
+        if variation_id.present?
+          variation_tag = tags.find_by(label_id: variation_id)
+          return variation_tag.value if variation_tag&.value.present?
+        end
+        description_val = origin_id.nil? ? description : origin.description
+        if html
+          description_val&.to_s || ""
+        else
+          ActionController::Base.helpers.strip_tags(description_val&.to_s || "")
+        end
+      end
+
+      def creative_snippet
+        ActionController::Base.helpers.strip_tags(effective_origin.description || "").truncate(24, omission: "...")
+      end
+
+      private
+
+      def sanitize_description_html
+        table_tags = %w[table thead tbody tfoot tr th td]
+        table_attrs = %w[colspan rowspan]
+        self.description = ActionController::Base.helpers.sanitize(
+          description,
+          tags: Rails::HTML5::SafeListSanitizer.allowed_tags.to_a + table_tags,
+          attributes: Rails::HTML5::SafeListSanitizer.allowed_attributes.to_a + table_attrs + %w[data-lexical]
+        )
+      end
+
+      def purge_description_attachments
+        return if description.blank?
+
+        signed_ids = extract_signed_ids_from_description
+        return if signed_ids.empty?
+
+        signed_ids.each do |signed_id|
+          begin
+            blob = ActiveStorage::Blob.find_signed(signed_id)
+            next unless blob
+
+            next if Creative.where.not(id: id)
+                            .where("description LIKE ?", "%#{ActiveRecord::Base.sanitize_sql_like(signed_id)}%")
+                            .exists?
+
+            blob.purge
+          rescue ActiveRecord::RecordNotFound, ActiveSupport::MessageVerifier::InvalidSignature
+            Rails.logger.warn("Creative##{id}: could not find blob for signed_id=#{signed_id}")
+          rescue => e
+            Rails.logger.error("Creative##{id}: failed to purge blob #{signed_id}: #{e.message}")
+          end
+        end
+      end
+
+      def extract_signed_ids_from_description
+        return [] if description.blank?
+
+        html = description.to_s
+
+        ids = html.scan(%r{/rails/active_storage/blobs/(?:redirect|proxy)/([^/?#]+)}).flatten
+        ids += html.scan(%r{/rails/active_storage/blobs/([^/?#]+)}).flatten
+
+        ids.uniq
+      end
+
+      def description_cannot_change_if_has_origin
+        if origin_id.present? && will_save_change_to_description?
+          errors.add(:description, "cannot be changed directly when linked to an origin")
+        end
+      end
+    end
+  end
+end

data/app/models/collavre/creative/linkable.rb

@@ -0,0 +1,77 @@
+module Collavre
+  class Creative < ApplicationRecord
+    module Linkable
+      extend ActiveSupport::Concern
+
+      included do
+        belongs_to :origin, class_name: "Collavre::Creative", optional: true
+        has_many :linked_creatives, class_name: "Collavre::Creative", foreign_key: :origin_id, dependent: :destroy
+
+        validate :origin_cannot_be_self
+        before_validation :redirect_parent_to_origin
+      end
+
+      # Returns the effective attribute for linked creatives
+      def effective_attribute(attr, visited_ids = Set.new)
+        return self[attr] if origin_id.nil? || attr.to_s == "parent_id"
+        return self[attr] if visited_ids.include?(id)
+
+        visited_ids.add(id)
+        origin.effective_attribute(attr, visited_ids)
+      end
+
+      def effective_origin(visited_ids = Set.new)
+        return self if origin_id.nil?
+        return self if visited_ids.include?(id)
+
+        visited_ids.add(id)
+        origin.effective_origin(visited_ids)
+      end
+
+      def linked_children
+        origin_id.nil? ? children_with_permission(Collavre.current_user, :read) : origin&.children_with_permission(Collavre.current_user, :read) || []
+      end
+
+      def progress
+        effective_attribute(:progress, Set.new)
+      end
+
+      def user
+        target = effective_origin(Set.new)
+        return super if target == self
+
+        target.user
+      end
+
+      # 공유 대상 사용자를 위해 Linked Creative를 생성합니다.
+      def create_linked_creative_for_user(user)
+        original = effective_origin(Set.new)
+        return if original.user_id == user.id
+        ancestor_ids = original.ancestors.pluck(:id)
+        has_ancestor_share = CreativeShare.where(creative_id: ancestor_ids, user_id: user.id)
+                                          .where.not(permission: :no_access)
+                                          .exists?
+        has_owning_ancestors = Creative.where(id: ancestor_ids, user_id: user.id)
+                                            .exists?
+        return if has_ancestor_share or has_owning_ancestors
+        Creative.find_or_create_by!(origin_id: original.id, user_id: user.id) do |c|
+          c.parent_id = nil
+        end
+      end
+
+      private
+
+      def redirect_parent_to_origin
+        if parent&.origin_id.present?
+          self.parent = parent.origin
+        end
+      end
+
+      def origin_cannot_be_self
+        if origin_id.present? && origin_id == id
+          errors.add(:origin_id, "cannot be the same as id")
+        end
+      end
+    end
+  end
+end

data/app/models/collavre/creative/permissible.rb

@@ -0,0 +1,103 @@
+module Collavre
+  class Creative < ApplicationRecord
+    module Permissible
+      extend ActiveSupport::Concern
+
+      included do
+        has_many :creative_shares, class_name: "Collavre::CreativeShare", dependent: :destroy
+        has_many :creative_shares_caches, class_name: "Collavre::CreativeSharesCache", dependent: :delete_all
+
+        after_commit :rebuild_permission_cache, if: :saved_change_to_parent_id?, unless: :destroyed?
+        after_commit :cache_owner_permission, on: :create
+        after_commit :update_owner_cache, if: :saved_change_to_user_id?, unless: :destroyed?
+      end
+
+      def has_permission?(user, required_permission = :read)
+        Collavre::Creatives::PermissionChecker.new(self, user).allowed?(required_permission)
+      end
+
+      # Returns only children for which the user has at least the given permission
+      def children_with_permission(user = nil, min_permission = :read)
+        user ||= Collavre.current_user
+        children_scope = effective_origin(Set.new).children
+        children_ids = children_scope.pluck(:id)
+        return [] if children_ids.empty?
+
+        min_rank = CreativeShare.permissions[min_permission.to_s]
+        accessible_ids = Set.new
+
+        if user
+          user_entries = CreativeSharesCache
+            .where(creative_id: children_ids, user_id: user.id)
+            .pluck(:creative_id, :permission)
+
+          user_has_entry = Set.new
+          user_entries.each do |cid, perm|
+            user_has_entry << cid
+            perm_rank = CreativeSharesCache.permissions[perm]
+            if perm_rank && perm_rank >= min_rank && perm_rank != CreativeSharesCache.permissions[:no_access]
+              accessible_ids << cid
+            end
+          end
+
+          public_accessible = CreativeSharesCache
+            .where(creative_id: children_ids, user_id: nil)
+            .where("permission >= ?", min_rank)
+            .where.not(permission: :no_access)
+            .pluck(:creative_id)
+          accessible_ids.merge(public_accessible - user_has_entry.to_a)
+
+          owned_ids = children_scope.where(user_id: user.id).pluck(:id)
+          accessible_ids.merge(owned_ids)
+        else
+          accessible_ids = CreativeSharesCache
+            .where(creative_id: children_ids, user_id: nil)
+            .where("permission >= ?", min_rank)
+            .where.not(permission: :no_access)
+            .pluck(:creative_id)
+            .to_set
+        end
+
+        children_scope.where(id: accessible_ids.to_a).order(:sequence).to_a
+      end
+
+      def all_shared_users(required_permission = :no_access)
+        base_creative = effective_origin(Set.new)
+        ancestor_ids = [ base_creative.id ] + base_creative.ancestors.pluck(:id)
+        required_permission_level = CreativeShare.permissions.fetch(required_permission.to_s)
+
+        shares = CreativeShare.where(creative_id: ancestor_ids).includes(:user)
+        shares_for_user_hash = shares.group_by(&:user_id)
+
+        shares_for_user_hash.filter_map do |_user_id, user_shares|
+          closest_share = CreativeShare.closest_parent_share(ancestor_ids, user_shares)
+          next unless closest_share
+
+          closest_permission_level = CreativeShare.permissions.fetch(closest_share.permission.to_s)
+          next if closest_permission_level < required_permission_level
+
+          closest_share
+        end
+      end
+
+      private
+
+      def rebuild_permission_cache
+        PermissionCacheJob.perform_later(:rebuild_for_creative, creative_id: id)
+      end
+
+      def cache_owner_permission
+        PermissionCacheJob.perform_later(:cache_owner, creative_id: id)
+      end
+
+      def update_owner_cache
+        old_user_id, new_user_id = saved_change_to_user_id
+        PermissionCacheJob.perform_later(:update_owner,
+          creative_id: id,
+          old_user_id: old_user_id,
+          new_user_id: new_user_id
+        )
+      end
+    end
+  end
+end