dm_core 4.2.1.5

data/app/controllers/dm_core/admin/admin_controller.rb

@@ -0,0 +1,133 @@
+# This controller is a base class for all other admin controllers
+# scope_current_account gets called through the eventual inheritacne of DmCore::ApplicationController
+#------------------------------------------------------------------------------
+class DmCore::Admin::AdminController < ApplicationController
+
+  before_filter :authenticate_admin_user!
+  before_filter :setup_admin_data
+  before_filter :template_setup
+
+  layout 'admin_theme/admin'
+  
+  include DmCore::ApplicationHelper
+  include DmCore::AccountHelper
+  include DmCore::Admin::ApplicationHelper
+  include AdminTheme::ThemeHelper
+
+  helper  DmAdmin::ApplicationHelper
+  helper  AdminTheme::ThemeHelper
+
+  # Make sure some type of administrative user is logged in
+  #------------------------------------------------------------------------------
+  def authenticate_admin_user!
+    authenticate_user! 
+    unless can?(:access_admin, :all)
+      flash[:alert] = "Unauthorized Access!"
+      redirect_to current_account.index_path 
+    end
+  end  
+
+private
+
+  # Initialize the data needed by the admin theme - menus, etc.  This way it can
+  # be rendered differently by different admin themes.
+  #------------------------------------------------------------------------------
+  def setup_admin_data
+    # not needed if it's an ajax call
+    if !request.xhr?
+      @admin_theme              = {}
+      @admin_theme[:brand]      = current_account.domain
+      @admin_theme[:brand_link] = main_app.index_url
+      @admin_theme[:top_menu]   = []
+      @admin_theme[:main_menu]  = []
+      
+      #=== Top Menu
+      #--- Users
+      item = {text: ' ', icon_class: :users, badge: User.current_account_users.count, link: (can?(:manage, :all) ? dm_core.admin_users_path : '#')}
+      @admin_theme[:top_menu] << item
+      
+      #--- Gear menu
+      if is_admin? || can?(:manage_content, :all)
+        item = { text: '', icon_class: :gear, children: [], link: '#' }
+        if defined?(DmCms) && can?(:manage_content, :all)
+          item[:children] << {text: 'Clear Page Cache', icon_class: :undo, link: dm_cms.admin_expire_cache_path, link_options: {method: :patch} }
+        end
+        @admin_theme[:top_menu] << item
+        
+        if is_admin?
+          item[:children] << {text: 'Site Settings', icon_class: :gear, link: dm_core.admin_account_path }
+        end
+        
+        if is_sysadmin?
+          item[:children] << {text: 'Update Assets', icon_class: :refresh, link: dm_core.admin_dashboard_update_site_assets_url, link_options: {method: :patch} }
+        end
+        
+        if is_sysadmin?
+          item[:children] << {text: 'System Admin', icon_class: :wrench, link: dm_core.admin_system_path }
+        end
+      end
+
+      #--- User menu
+      item = { text: current_user.display_name, icon_class: :user, children: [], link: '#' }
+      item[:children] << {text: 'My profile', icon_class: :user, link: dm_core.edit_profile_account_path }
+      item[:children] << {text: 'Logout', icon_class: :exit, link: main_app.destroy_user_session_path, link_options: {method: :delete} }
+      @admin_theme[:top_menu] << item
+      
+      #=== Main Menu
+      @admin_theme[:main_menu] << {text: 'Dashboard', icon_class: :dashboard, link: dm_core.admin_dashboard_path, active: admin_path_active_class?(dm_core.admin_dashboard_path) }
+
+      if defined?(DmCms) && can?(:manage_content, :all)
+        @admin_theme[:main_menu] << {text: 'Pages',         icon_class: :pages,         link: dm_cms.admin_cms_pages_path,   active: admin_path_active_class?(dm_cms.admin_cms_pages_path, dm_cms.admin_cms_snippets_path) }
+        @admin_theme[:main_menu] << {text: 'Blogs',         icon_class: :blogs,         link: dm_cms.admin_cms_blogs_path,   active: admin_path_active_class?(dm_cms.admin_cms_blogs_path) }
+        @admin_theme[:main_menu] << {text: 'Media Library', icon_class: :media_library, link: dm_cms.admin_media_files_path, active: admin_path_active_class?(dm_cms.admin_media_files_path) }
+      end
+
+      if defined?(DmEvent) && can?(:manage_events, :all)
+        item = { text: 'Events', icon_class: :events, children: [], link: '#' }
+        item[:children] << {text: 'Overview', link: dm_event.admin_workshops_path,   active: admin_path_active_class?(dm_event.admin_workshops_path) }
+        Workshop.upcoming.each do |workshop|
+          item[:children] << {text: workshop.title, badge: workshop.registrations.number_of(:attending), link: dm_event.admin_workshop_path(workshop),   active: admin_path_active_class?(dm_event.admin_workshop_path(workshop)) }
+        end
+        @admin_theme[:main_menu] << item
+      end
+
+      if defined?(DmLms) && can?(:manage_coursed, :all)
+        item = { text: 'Lexicon', icon_class: :lexicon, children: [], link: '#' }
+        item[:children] << {text: 'Lexicon',        link: dm_lms.admin_lexicons_path,               active: admin_path_active_class?(dm_lms.admin_lexicons_path) }
+        item[:children] << {text: 'Categories',     link: dm_lms.admin_lexicon_categories_path,     active: admin_path_active_class?(dm_lms.admin_lexicon_categories_path) }
+        item[:children] << {text: 'Sub Categories', link: dm_lms.admin_lexicon_sub_categories_path, active: admin_path_active_class?(dm_lms.admin_lexicon_sub_categories_path) }
+        item[:children] << {text: 'Genres',         link: dm_lms.admin_lexicon_genres_path,         active: admin_path_active_class?(dm_lms.admin_lexicon_genres_path) }
+        @admin_theme[:main_menu] << item
+
+        item = { text: 'Courses', icon_class: :courses, children: [], link: '#' }
+        item[:children] << {text: 'Courses',        link: dm_lms.admin_courses_path,                active: admin_path_active_class?(dm_lms.admin_courses_path) }
+        item[:children] << {text: 'Practice Sets',  link: dm_lms.admin_practice_sets_path,          active: admin_path_active_class?(dm_lms.admin_practice_sets_path) }
+        @admin_theme[:main_menu] << item
+      end
+
+      if defined?(DmForum) && can?(:manage_forums, :all)
+        @admin_theme[:main_menu] << {text: 'Forums', icon_class: :forums, link: dm_forum.admin_forum_categories_path, active: admin_path_active_class?(dm_forum.admin_forum_categories_path, dm_forum.admin_forums_path) }
+      end
+
+      if defined?(DmNewsletter) && can?(:manage_newsletters, :all)
+        @admin_theme[:main_menu] << {text: 'Newsletter', icon_class: :newsletters, link: dm_newsletter.admin_newsletters_path, active: admin_path_active_class?(dm_newsletter.admin_newsletters_path) }
+      end
+
+      if defined?(DmSubscriptions) && can?(:manage_subscriptions, :all)
+        @admin_theme[:main_menu] << {text: 'Subscriptions', icon_class: :subscriptions, link: dm_subscriptions.admin_subscription_plans_path, active: admin_path_active_class?(dm_subscriptions.admin_subscription_plans_path) }
+      end
+
+      #--- give main application a chance to add anything it wants
+      if self.respond_to? :admin_specific_menus
+        self.admin_specific_menus @admin_theme
+      end
+    end
+  end
+
+  # Set some values for the template based on the controller
+  #------------------------------------------------------------------------------
+  def template_setup
+    # to be overridden by other controllers
+  end
+
+end

data/app/controllers/dm_core/admin/comments_controller.rb

@@ -0,0 +1,70 @@
+# Common controller for handling comments in the admin interface
+# http://pathfindersoftware.com/2008/07/drying-up-rails-controllers-polymorphic-and-super-controllers/
+#------------------------------------------------------------------------------
+class DmCore::Admin::CommentsController < DmCore::Admin::AdminController
+  include DmCore::PermittedParams
+
+  before_filter :find_commenter
+
+  # Create a comment
+  # :commenter_type => object name of commenting object
+  # :commenter_id   => object id of commenting object
+  # :name           => optional prefix of association to use (eg. 'private' for private_comments)
+  # :comment[:body] => text of comment
+  #------------------------------------------------------------------------------
+  def create
+    params[:name] ||= 'comments'
+    raise "Invalid Parameter" unless params[:name].end_with?('comments')
+    association     = params[:name].to_sym
+
+    respond_to do |format|
+      if @commenter.respond_to? association
+        @comment = @commenter.send(association).create(comment_params.merge(user_id: current_user.id))
+        format.html { redirect_to :back }
+        format.js
+      else
+        format.html { redirect_to :back }
+      end
+    end
+  end
+
+  #------------------------------------------------------------------------------
+  def edit
+    respond_to do |format|
+      format.html { redirect_to :back }
+      format.js
+    end
+  end
+
+  #------------------------------------------------------------------------------
+  def update
+    respond_to do |format|
+      if @comment.update_attributes(comment_params)
+        format.html { redirect_to :back }
+        format.js
+      end
+    end
+  end
+  
+  #------------------------------------------------------------------------------
+  def destroy
+    @comment.destroy if can?(:manage, :all) #|| comment.user == current_user
+    respond_to do |format|
+      format.html { redirect_to :back }
+      format.js
+    end
+  end
+
+private
+
+  #------------------------------------------------------------------------------
+  def find_commenter
+    if params[:id]
+      @comment    = Comment.find(params[:id])
+      @commenter  = @comment.commentable
+    else
+      klass       = params[:commenter_type].classify.constantize
+      @commenter  = klass.find(params[:commenter_id])
+    end
+  end
+end

data/app/controllers/dm_core/admin/dashboard_controller.rb

@@ -0,0 +1,38 @@
+class DmCore::Admin::DashboardController < DmCore::Admin::AdminController
+
+  #------------------------------------------------------------------------------
+  def index
+    @users = User.all
+  end
+
+  #------------------------------------------------------------------------------
+  def update_site_assets
+    if is_sysadmin?
+      #--- svn up can't follow a symlink, so resolve it first
+      path = File.readlink("#{Rails.root}/public/#{account_site_assets(false)}")
+      @results = "Updating 'site_assets'...\r\n"
+      @results += `svn up #{path}`
+      if File.exists?("#{Account.current.theme_path}/protected_assets")
+        path = File.join(File.readlink("#{Account.current.theme_path}"), "protected_assets")
+        @results += "\nUpdating 'protected_assets'...\r\n"
+        @results += `svn up #{path}`
+      end
+    end
+  end
+  
+  # use whatever is passed in, but strip out anything dangerous.  Value will get
+  # used as a css selector
+  #------------------------------------------------------------------------------
+  def change_theme
+    cookies[:theme] = {:value => params[:id].replace_non_alphanumeric, :expires => Time.now + 1825.days}
+    redirect_to :back
+  end
+
+private
+  
+  # Set some values for the template based on the controller
+  #------------------------------------------------------------------------------
+  def template_setup
+    content_for :content_title, "Dashboard".html_safe
+  end
+end

data/app/controllers/dm_core/admin/system_controller.rb

@@ -0,0 +1,44 @@
+# For managing system wide settings, sites, etc
+#------------------------------------------------------------------------------
+class DmCore::Admin::SystemController < DmCore::Admin::AdminController
+  include DmCore::PermittedParams
+  
+  before_filter   :authorize_access
+
+  #------------------------------------------------------------------------------
+  def show
+    @accounts = Account.unscoped.all.order(:domain)
+  end
+
+  #------------------------------------------------------------------------------
+  def general
+    if put_or_post?
+      @account.general_validation = true
+      if @account.update_attributes(account_params)
+        redirect_to(dm_core.admin_account_general_path, notice: "Account was successfully updated.") and return
+      else
+        render action: "general"
+      end
+    end
+  end
+
+protected
+
+  #------------------------------------------------------------------------------
+  def authorize_access
+    unless is_sysadmin?
+      flash[:alert] = "Unauthorized Access!"
+      redirect_to current_account.index_path 
+    end
+  end
+
+private
+
+  # Set some values for the template based on the controller
+  #------------------------------------------------------------------------------
+  def template_setup
+    content_for :content_title,     "System Administration"
+    content_for :content_subtitle,  "Multi-site Management"
+  end
+
+end

data/app/controllers/dm_core/admin/users_controller.rb

@@ -0,0 +1,106 @@
+class DmCore::Admin::UsersController < DmCore::Admin::AdminController
+  before_filter :authorize_access
+  before_filter :template_setup, except: [:edit]
+
+  # GET /admin/users or GET /admin/users.json
+  #------------------------------------------------------------------------------
+  def index
+    #@users = User.paginate :page => params[:page], :per_page => 25
+
+    respond_to do |format|
+      format.html # index.html.erb
+      format.json { render json: UserDatatable.new(view_context) }
+    end
+  end
+
+  # GET /admin/users/1 or GET /admin/users/1.json
+  #------------------------------------------------------------------------------
+  def show
+    @user = User.find(params[:id])
+
+    respond_to do |format|
+      format.html # show.html.erb
+      format.json { render json: @user }
+    end
+  end
+
+  # GET /admin/users/1/edit
+  #------------------------------------------------------------------------------
+  def edit
+    @user = User.find(params[:id])
+  end
+
+  # PUT /admin/users/1 or PUT /admin/users/1.json
+  #------------------------------------------------------------------------------
+  def update
+    @user = User.find(params[:id])
+    respond_to do |format|
+      roles = params[:user].delete(:roles)
+      if params[:user].empty? || @user.update_attributes(user_params)
+        @user.update_roles(roles, is_admin?) if roles
+        format.html { redirect_to dm_core.admin_users_url, notice: "'#{@user.display_name}' was successfully updated." }
+        format.json { head :no_content }
+      else
+        format.html { render action: "edit" }
+        format.json { render json: @user.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /admin/users/1 or DELETE /admin/users/1.json
+  #------------------------------------------------------------------------------
+  def destroy
+    @user = User.find(params[:id])
+    @user.destroy
+
+    respond_to do |format|
+      format.html { redirect_to dm_core.admin_users_url }
+      format.json { head :no_content }
+    end
+  end
+  
+  # Change to a different user, so we can check their permissions, etc
+  #------------------------------------------------------------------------------
+  def masquerade
+    @user = User.find(params[:id])
+    if @user
+      switch_user(@user)
+      redirect_to main_app.root_url
+    else
+      redirect_to :action => :list
+    end
+  end
+
+  #------------------------------------------------------------------------------
+  def confirm
+    @user = User.find(params[:id])
+    if @user && !@user.confirmed?
+      if @user.confirm
+        redirect_to dm_core.admin_users_url, notice: 'User is now confirmed and should be able to login'
+      else
+        redirect_to dm_core.edit_admin_user_path(@user), alert: "A problem occurred, unable to confirm user"
+      end
+    else
+      redirect_to dm_core.edit_admin_user_path(@user), alert: 'User is already confirmed'
+    end
+  end
+  
+protected
+
+  #------------------------------------------------------------------------------
+  def authorize_access
+    unless can? :manage, :all
+      flash[:alert] = "Unauthorized Access!"
+      redirect_to current_account.index_path 
+    end
+  end
+
+private
+
+  # Set some values for the template based on the controller
+  #------------------------------------------------------------------------------
+  def template_setup
+    content_for :content_title, "User Management"
+  end
+
+end

data/app/controllers/dm_core/application_controller.rb

@@ -0,0 +1,253 @@
+# main ApplicationController will subclass from DmCore::ApplicationController
+#------------------------------------------------------------------------------
+class DmCore::ApplicationController < ActionController::Base
+  include DmCore::PermittedParams
+  
+  around_filter   :scope_current_account
+
+  before_filter   :log_additional_data
+  # before_filter   :record_activity
+  before_filter   :check_site_assets
+  before_filter   :set_locale
+  before_filter   :set_mailer_url_options
+  before_filter   :update_user
+  before_filter   :theme_resolver
+  before_filter   :site_enabled?, :unless => :devise_controller?
+  before_filter   :ssl_redirect
+  before_filter   :store_location
+  before_filter   :set_cache_buster
+  before_filter   :configure_permitted_parameters, if: :devise_controller?
+
+  add_flash_types :warning, :error, :info
+
+  include DmCore::AccountHelper
+
+  #------------------------------------------------------------------------------
+  def index
+    redirect_to "/#{current_account.preferred_default_locale}/index", :status => :moved_permanently
+  end
+
+protected
+
+  # hook into devise to permit our special parameters
+  #------------------------------------------------------------------------------
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.for(:sign_up) { |u|
+      devise_sign_up_params(u)
+    }
+  end
+
+  
+  # Nov 27, 2013: There seems to be a nasty Safari 7 bug (and in iOS7).  If a 304 is returned,
+  # an empty page can be cached, resulting in a blank page.
+  # http://tech.vg.no/2013/10/02/ios7-bug-shows-white-page-when-getting-304-not-modified-from-server/
+  # So set headers so that this content will not be cahced, until there is a fix
+  # http://stackoverflow.com/questions/711418/how-to-prevent-browser-page-caching-in-rails
+  # http://stackoverflow.com/questions/20154740/rails-view-turning-complete-white-after-refreshed-or-visited-several-times
+  #------------------------------------------------------------------------------
+  def set_cache_buster
+    if !request.user_agent.blank? && !request.user_agent.scan(/Safari/).empty? && request.user_agent.scan(/Chrome/).empty? && Rails.env.development?
+      response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
+      response.headers["Pragma"]        = "no-cache"
+      response.headers["Expires"]       = "Fri, 01 Jan 1990 00:00:00 GMT"
+    end
+  end
+
+  # Store last url as long as it isn't a /users path
+  # Call from a before_filter - this ensures that if you're coming to a page
+  # from an email link, the url gets saved before getting redirected to the login
+  #------------------------------------------------------------------------------
+  def store_location
+    session[:previous_url] = request.original_fullpath unless request.original_fullpath =~ /\/users/
+  end
+
+  # override Devise method, on login go to previous url if possible
+  #------------------------------------------------------------------------------
+  def after_sign_in_path_for(resource)
+    session[:previous_url] || root_path
+  end
+
+  # - if site is not enabled, only allow a logged in Admin user to access pages
+  # otherwise, redirect to the 'coming_soon' page
+  # - if site is under maintenance, only allow a logged in Admin user to access pages
+  # otherwise, redirect to the 'maintenance' page
+  #------------------------------------------------------------------------------
+  def site_enabled?
+    unless current_account.site_enabled? || request.params['slug'] == 'coming_soon'
+      unless (user_signed_in? && (current_user.is_admin? || current_user.has_role?(:beta)))
+        redirect_to "/#{current_account.preferred_default_locale}/coming_soon"
+        return false
+      end
+    end
+
+    if current_account.site_maintenance?
+      unless (user_signed_in? && (current_user.is_admin? || current_user.has_role?(:beta)))
+        render text: '', layout: 'dm_core/maintenance'
+        return false
+      end
+    end
+  end  
+
+  #------------------------------------------------------------------------------
+  def ssl_redirect
+    if Rails.env.production? && current_account.ssl_enabled?
+      if request.ssl? && !use_ssl? || !request.ssl? && use_ssl?
+        protocol = request.ssl? ? "http" : "https"
+        redirect_to({protocol: "#{protocol}://"}.merge(params), :flash => flash)
+      end
+    end
+  end
+
+  # override in other controllers
+  #------------------------------------------------------------------------------
+  def use_ssl?
+    true # user_signed_in? (but would need to ensure Devise runs under ssl)
+  end
+  
+  # Choose the theme based on the account prefix in the Account
+  #------------------------------------------------------------------------------
+  def theme_resolver
+    theme(current_account.account_prefix) if DmCore.config.enable_themes
+  end
+
+  #------------------------------------------------------------------------------
+  def set_mailer_url_options
+    ActionMailer::Base.default_url_options[:host] = request.host_with_port
+  end
+
+  # #------------------------------------------------------------------------------
+  # def record_activity
+  #   if Rails.env.production?
+  #     activity = Activity.new
+  # 
+  #     #--- who is doing the activity?
+  #     activity.session_id  = session['session_id'] unless session.nil?
+  #     activity.user_id     = current_user.id unless current_user.nil?
+  #     activity.browser     = request.env['HTTP_USER_AGENT']
+  #     activity.ip_address  = request.env['REMOTE_ADDR']
+  # 
+  #     #--- what are they doing?
+  #     activity.controller = controller_name
+  #     activity.action     = action_name
+  #     activity.params     = params.to_json
+  #     activity.slug       = params['slug'] unless params['slug'].blank?
+  #     activity.lesson     = [params['course_slug'], params['lesson_slug'], params['content_slug']].join(',') unless params['course_slug'].blank?
+  # 
+  #     activity.save!
+  #   end
+  # end
+  
+  # Sets the default value for the url options.  Seems to allow links/redirect_to
+  # to have the proper value for the locale in the url
+  #------------------------------------------------------------------------------
+  def default_url_options(options={})
+    options.merge({ locale: I18n.locale })
+  end
+
+  # try to weed out missing asset requests - if we make it here and the path starts
+  # with 'site_assets', then missing asset was requested, 404 out quickly
+  #------------------------------------------------------------------------------
+  def check_site_assets
+    if request.path.start_with?('/site_assets')
+      render(file: 'public/404.html', status: :not_found, layout: false) && false
+    else
+      true
+    end
+  end
+
+  # Set the locale of this request.
+  #------------------------------------------------------------------------------
+  def set_locale
+    begin
+      DmCore::Language.locale = (!params[:locale].blank? ? params[:locale] : current_account.preferred_default_locale)
+    rescue I18n::InvalidLocale
+      # if it's an invalid locale, append the default locale and try again
+      # this also fixes the case of using simple link names on a hoem page.
+      # So if home page is "http://example.com" and the link is <a href="calendar">
+      # then the link is "http://example.com/calendar", instead of "http://example.com/en/calendar"
+      # This will allow that to work.
+      redirect_to "/#{current_account.preferred_default_locale}#{request.path}"
+    end    
+  end
+  
+  # Update the user's last_access if signed_in
+  #------------------------------------------------------------------------------
+  def update_user
+    current_user.update_last_access if current_user && signed_in?
+  end
+
+  # Used for accessing a presenter inside a controller
+  #------------------------------------------------------------------------------
+  def present(object, klass = nil)
+    klass ||= "#{object.class}Presenter".constantize
+    klass.new(object, view_context)
+  end
+  
+  # FORCE to implement content_for in controller.  This is so we can use it in
+  # the pages_controller to set the page title
+  #------------------------------------------------------------------------------
+  def view_context
+    super.tap do |view|
+      (@_content_for || {}).each do |name,content|
+        view.content_for name, content
+      end
+    end
+  end
+  def content_for(name, content) # no blocks allowed yet
+    @_content_for ||= {}
+    if @_content_for[name].respond_to?(:<<)
+      @_content_for[name] << content
+    else
+      @_content_for[name] = content
+    end
+  end
+  def content_for?(name)
+    @_content_for[name].present?
+  end
+
+  # determine what filters are set for this controller - useful for debugging
+  #------------------------------------------------------------------------------
+  def self.filters(kind = nil)
+    all_filters = _process_action_callbacks
+    all_filters = all_filters.select{|f| f.kind == kind} if kind
+    all_filters.map(&:filter)
+  end
+
+  def self.before_filters
+    filters(:before)
+  end
+
+  def self.after_filters
+    filters(:after)
+  end
+
+  def self.around_filters
+    filters(:around)
+  end
+
+  # Store any additional data to be used by the ExceptionNotification gem
+  #------------------------------------------------------------------------------
+  def log_additional_data
+    request.env["exception_notifier.exception_data"] = { :user => current_user, :account => current_account }
+  end
+
+  # Note: rescue_from should be listed from generic exception to most specific
+  #------------------------------------------------------------------------------
+  rescue_from CanCan::AccessDenied do |exception|
+    #--- Redirect to the index page if we get an access denied
+    redirect_to main_app.root_url, :alert => exception.message
+  end
+  rescue_from Account::LoginRequired do |exception|
+    #--- Redirect to the login page
+    redirect_to main_app.new_user_session_path, :alert => exception.message
+  end
+  rescue_from Account::DomainNotFound do |exception|
+    #--- log the invalid domain and render nothing.
+    logger.error "=====> #{exception.message}  URL: #{request.url}  REMOTE_ADDR: #{request.remote_addr}"
+    render :nothing => true
+  end
+  rescue_from I18n::InvalidLocale do |exception|
+    #--- an invalid locale was specified - raise error to show 404 page
+    raise ActionController::RoutingError.new('Not Found')
+  end
+end