drg_cms 0.5.52.16 → 0.6.1.0

data/app/assets/stylesheets/drg_cms/jstree.css

@@ -189,6 +189,9 @@
   border: 0;
   box-shadow: 0 0 0;
 }
+.vakata-context .vakata-contextmenu-disabled > a > i {
+  filter: grayscale(100%);
+}
 .vakata-context li > a > i {
   text-decoration: none;
   display: inline-block;
@@ -554,9 +557,6 @@
   text-overflow: ellipsis;
   overflow: hidden;
 }
-.jstree-default .jstree-ellipsis.jstree-no-icons .jstree-anchor {
-  width: calc(100% - 5px);
-}
 .jstree-default.jstree-rtl .jstree-node {
   background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAACAQMAAAB49I5GAAAABlBMVEUAAAAdHRvEkCwcAAAAAXRSTlMAQObYZgAAAAxJREFUCNdjAAMOBgAAGAAJMwQHdQAAAABJRU5ErkJggg==");
 }
@@ -738,9 +738,6 @@
   text-overflow: ellipsis;
   overflow: hidden;
 }
-.jstree-default-small .jstree-ellipsis.jstree-no-icons .jstree-anchor {
-  width: calc(100% - 5px);
-}
 .jstree-default-small.jstree-rtl .jstree-node {
   background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAACAQMAAABv1h6PAAAABlBMVEUAAAAdHRvEkCwcAAAAAXRSTlMAQObYZgAAAAxJREFUCNdjAAMHBgAAiABBI4gz9AAAAABJRU5ErkJggg==");
 }
@@ -922,9 +919,6 @@
   text-overflow: ellipsis;
   overflow: hidden;
 }
-.jstree-default-large .jstree-ellipsis.jstree-no-icons .jstree-anchor {
-  width: calc(100% - 5px);
-}
 .jstree-default-large.jstree-rtl .jstree-node {
   background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAACAQMAAAAD0EyKAAAABlBMVEUAAAAdHRvEkCwcAAAAAXRSTlMAQObYZgAAAAxJREFUCNdjgIIGBgABCgCBvVLXcAAAAABJRU5ErkJggg==");
 }
@@ -1012,13 +1006,13 @@
     background: transparent;
   }
   .jstree-default-responsive .jstree-open > .jstree-ocl {
-    background-position: 0 0px !important;
+    background-position: 0 0 !important;
   }
   .jstree-default-responsive .jstree-closed > .jstree-ocl {
     background-position: 0 -40px !important;
   }
   .jstree-default-responsive.jstree-rtl .jstree-closed > .jstree-ocl {
-    background-position: -40px 0px !important;
+    background-position: -40px 0 !important;
   }
   .jstree-default-responsive .jstree-themeicon {
     background-position: -40px -40px;
@@ -1105,4 +1099,4 @@
     margin-left: 0;
     margin-right: 0;
   }
-}
+}

data/app/assets/stylesheets/drg_cms/select-multiple.css

@@ -28,10 +28,10 @@
   -ms-transition: border linear 0.2s, box-shadow linear 0.2s;
   -o-transition: border linear 0.2s, box-shadow linear 0.2s;
   transition: border linear 0.2s, box-shadow linear 0.2s;
-  border: 2px solid #ddd;
-  -webkit-border-radius: 3px;
-  -moz-border-radius: 3px;
-  border-radius: 3px;
+  border: 1px solid #ddd;
+  -webkit-border-radius: 1px;
+  -moz-border-radius: 1px;
+  border-radius: 1px;
   position: relative;
   height: 200px;
   padding: 0;
@@ -39,12 +39,9 @@
 }
 
 .ms-container .ms-list.ms-focus{
-  border-color: rgba(82, 168, 236, 0.8);
-  -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6);
-  -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6);
-  box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6);
-  outline: 0;
-  outline: thin dotted \9;
+  border: 1px solid rgba(76,154,255, 1);
+  outline: 1px solid rgba(76,154,255, 1);
+  border-radius: 1px;
 }
 
 .ms-container ul{
@@ -65,12 +62,15 @@
 }
 
 .ms-container .ms-selectable li.ms-elem-selectable{
-  border-bottom: 1px #eee solid;
   padding: 2px 10px;
-  color: #555;
+  color: #444;
   font-size: 14px;
 }
 
+.ms-container .ms-selectable li:nth-child(odd) {
+  background-color: #f4f4f4;
+}
+
 .ms-container .ms-selectable li.ms-hover{
   cursor: pointer;
   color: #fff;
@@ -88,6 +88,12 @@
   display: none;
 }
 
+
+.ms-container .ms-selected {
+  font-weight: 600;
+}
+
 .pull-right.ms-elem-selected{
   float: right;
+  font-size: smaller;
 }

data/app/assets/stylesheets/drg_cms_cms.css

@@ -19,4 +19,4 @@
 */
 
 /* Required for link buttons to look alike */
-.dc-link a, .dc-link-submit input {font-weight: bold; font-size: 12px; }   
+.dc-link a, .dc-link-submit input {font-weight: 600; }   

data/app/controllers/cmsedit_controller.rb

@@ -1,4 +1,3 @@
-#coding: utf-8
 #--
 # Copyright (c) 2012+ Damjan Rems
 #
@@ -76,211 +75,20 @@
 # If filter method returns false user will be presented with flash error.
 ########################################################################
 class CmseditController < DcApplicationController
-before_action :check_authorization, :except => [:login, :logout]
+before_action :check_authorization, :except => [:login, :logout, :test, :run]
 before_action :dc_reload_patches if Rails.env.development?
+protect_from_forgery with: :null_session, only: Proc.new { |c| c.request.format.json? }
   
 layout 'cms'
 
 ########################################################################
-# Will check and set sorting options for current result set. Subroutine of index method.
-########################################################################
-def check_sort_options() #:nodoc:
-  table_name = @tables.first[1]
-  old_sort = session[table_name][:sort].to_s
-  sort, direction = old_sort.split(' ')
-# sort is requested
-  if params['sort']
-    # reverse sort if same selected
-    if params['sort'] == sort
-      direction = (direction == '1') ? '-1' : '1'
-    end
-    direction ||= 1
-    sort = params[:sort]
-    session[table_name][:sort] = "#{params['sort']} #{direction}"
-    session[table_name][:page] = 1
-  end
-  @records.sort( sort => direction.to_i ) if session[table_name][:sort]
-  params['sort'] = nil # otherwise there is problem with other links
-end
-
-########################################################################
-# Set aditional filter options when filter is defined by filter method in control object.
-########################################################################
-def user_filter_options(model) #:nodoc:
-  table_name = @tables.first[1]
-  if session[table_name]
-    DcFilter.get_filter(session[table_name][:filter]) || model
-  else
-    model
-  end
-end
-
-########################################################################
-# Will set session[table_name][:filter] and save last filter settings to session.
-# subroutine of check_filter_options.
-########################################################################
-def set_session_filter(table_name)
-  if params[:filter] == 'off' # clear all values
-    session[table_name][:filter] = nil
-    return
-  end
-
-  filter_value = if params[:filter_value].nil?
-# NIL indicates that no filtering is needed        
-    '#NIL'
-  else     
-    if params[:filter_value].class == String and params[:filter_value][0] == '@'
-# Internal value. Remove leading @ and evaluate expression
-      expression = DcInternals.get(params[:filter_value])
-      eval(expression) rescue nil
-    else
-# No filter when empty      
-      params[:filter_value] == '' ? '#NIL' : params[:filter_value] 
-    end
-  end
-# if filter field parameter is omitted then just set filter value
-  session[table_name][:filter] =
-  if params[:filter_field].nil?
-    saved = YAML.load(session[table_name][:filter])
-    saved['value'] = filter_value
-    saved.to_yaml
-  else 
-# As field defined. Split name and alternative input field
-    field = if params[:filter_field].match(' as ')
-      params[:filter_input] = params[:filter_field].split(' as ').last.strip
-      params[:filter_field].split(' as ').first.strip
-    else
-      params[:filter_field]
-    end
-#    
-    {'field'     => field, 
-     'operation' => params[:filter_oper], 
-     'value'     => filter_value,
-     'input'     => params[:filter_input],
-     'table'     => table_name }.to_yaml
-  end
-# must be. Otherwise kaminari includes parameter on paging
-   params[:filter]        = nil 
-   params[:filter_id]     = nil 
-   params[:filter_oper]   = nil  
-   params[:filter_input]  = nil 
-   params[:filter_field]  = nil 
-end
-
-########################################################################
-# Will check and set current filter options for result set. Subroutine of index method.
-########################################################################
-def check_filter_options() #:nodoc:
-  table_name = @tables.first[1]
-  model      = @tables.first[0]
-  session[table_name] ||= {}
-# process page
-  session[table_name][:page] = params[:page] if params[:page]
-# new filter is applied
-  if params[:filter]
-    set_session_filter(table_name)
-    session[table_name][:page] = 1
-  end
-# if data model has field dc_site_id ensure that only documents which belong to the site are selected.
-  site_id = dc_get_site._id if dc_get_site
-# dont't filter site if no dc_site_id field or user is ADMIN
-  site_id = nil if !model.method_defined?('dc_site_id') or dc_user_can(DcPermission::CAN_ADMIN)
-  site_id = nil if session[table_name][:filter].to_s.match('dc_site_id')
-#  
-  if @records = DcFilter.get_filter(session[table_name][:filter])
-    @records = @records.and(dc_site_id: site_id) if site_id
-  else
-    @records = if site_id
-      model.where(dc_site_id: site_id)
-    else
-      model
-    end
-  end
-=begin  
-# TODO Use only fields requested. Higly experimental but necessary in some scenarios
-  if (columns = @form['result_set']['columns'])
-    cols = []
-    columns.each { |k,v| cols << v['name'] }
-    p '*',cols,'*'
-    @records = @records.only(cols)
-  end
-=end  
-# pagination if required
-  per_page = (@form['result_set']['per_page'] || 30).to_i
-  @records = @records.page(session[table_name][:page]).per(per_page) if per_page > 0
-end
-
-########################################################################
-# Process index action for normal collections.
-########################################################################
-def process_collections #:nodoc
-# If result_set is not defined on form, then it will fail. :return_to should know where to go
-  if @form['result_set'].nil?
-    process_return_to(params[:return_to] || 'reload') 
-    return true
-  end
-# for now enable only filtering of top level documents
-  if @tables.size == 1 
-    check_filter_options()
-    check_sort_options()
-  end  
-# result set is defined by filter method in control object
-  if @form['result_set']['filter']
-    if respond_to?(@form['result_set']['filter'])
-      @records = send @form['result_set']['filter']
-# something iz wrong. flash[] should have explanation.
-      if @records.class == FalseClass
-        @records = []
-        render(action: :index)
-        return true
-      end
-# pagination but only if not already set
-      unless (@form['table'] == 'dc_memory' or @records.options[:limit])
-        per_page = (@form['result_set']['per_page'] || 30).to_i
-        @records = @records.page(params[:page]).per(per_page) if per_page > 0
-      end
-    else
-      Rails.logger.error "Error: result_set:filter: #{@form['result_set']['filter']} not found in controls!"
-    end
-  else
-    if @tables.size > 1 
-      rec = @tables.first[0].find(@ids.first)          # top most document.id
-      1.upto(@tables.size - 2) { |i| rec = rec.send(@tables[i][1].pluralize).find(@ids[i]) }  # find embedded childrens by ids
-      @records = rec.send(@tables.last[1].pluralize)   # current embedded set
-# sort by order if order field is present in model
-      if @tables.last[1].classify.constantize.respond_to?(:order)
-        @records = @records.order_by('order asc')
-      end
-    end
-  end
-  false
-end
-
-########################################################################
-# Process index action for in memory data.
-########################################################################
-def process_in_memory #:nodoc
-  @records = []
-  # result set is defined by filter method in control object
-  if (method = @form['result_set']['filter'])
-    send(method) if respond_to?(method)    
-  end
-  # result set is defined by class method
-  if (klass_method = @form['result_set']['filter_method'])
-    _klass, method = klass_method.split('.')
-    klass = _klass.classify.constantize
-    @records = klass.send(method) if klass.respond_to?(method)
-  end 
-  false
-end
-
-########################################################################
-# Indx action 
+# Index action 
 ########################################################################
 def index
+  @form['result_set'] ||= {}
   redirected = (@form['table'] == 'dc_memory' ? process_in_memory : process_collections)
   return if redirected
-#  
+
   call_callback_method(@form['result_set']['footer'] || 'dc_footer')
   respond_to do |format|
     format.html { render action:  :index }
@@ -300,9 +108,9 @@ end
 ########################################################################
 def show
   find_record
+  # before_show callback
   if (m = callback_method('before_show') )
     ret = call_callback_method(m)
-# Don't do anything if return is false
     if ret.class == FalseClass
       @form['readonly'] = nil # must be
       return index 
@@ -320,8 +128,12 @@ end
 # Login can be called directly with url http://site.com/cmsedit/login
 ########################################################################
 def login
-  session[:edit_mode] = 0 unless params[:ok]
-  render action: 'login', layout: 'cms'
+  if    params[:id] == 'test' then set_test_site
+  elsif params[:ok]           then render action: 'login', layout: 'cms' 
+  else
+    session[:edit_mode] = 0
+    render action: 'login', layout: 'cms'
+  end
 end
 
 ########################################################################
@@ -335,21 +147,40 @@ def logout
   render action: 'login', layout: 'cms'
 end
 
+########################################################################
+# Shortcut for setting currently selected site in development. Will search
+# for dc_site document with site name 'test' and set alias_for to site
+# url parameter.
+########################################################################
+def set_test_site 
+  # only in development
+  return dc_render_404 unless Rails.env.development?
+
+  alias_site = DcSite.find_by(:name => params[:site])
+  return dc_render_404 unless alias_site
+
+  # update alias for  
+  site = DcSite.find_by(:name => 'test')
+  site.alias_for = params[:site]
+  site.save
+  redirect_to '/'
+end
+
 ########################################################################
 # New action.
 ########################################################################
 def new
-# clear flash messages.
+  # clear flash messages.
   flash[:error] = flash[:warning] = flash[:info] = nil 
   create_new_empty_record
+  # before_new callback
   if (m = callback_method('before_new') )
     ret = call_callback_method(m)
-# Don't do anything if return is false
     return index if ret.class == FalseClass
   end  
   table = @tables.last[1] + '.'
-# initial values set on page
-  if cookies[:record] and cookies[:record].size > 0
+  # initial values set on page
+  if cookies[:record] && cookies[:record].size > 0
     Marshal.load(cookies[:record]).each do |k,v|
       k = k.to_s
       if k.match(table)
@@ -358,63 +189,71 @@ def new
       end
     end
   end
-# initial values set in url
+  # initial values set in url (params)
   params.each do |k,v|
     if k.match(table)
       field = k.split('.').last
       @record.send("#{field}=", v) if @record.respond_to?(field)
     end
   end
-# This is how we set default values for new record
-  dc_new_record() if respond_to?('dc_new_record') 
+  # new_record callback. Set default values for new record
+  if (m = callback_method('new_record') ) then call_callback_method(m)  end
   @parms['action'] = 'create'
 end
 
 ########################################################################
 # Duplicate embedded document. Since embedded documents are returned differently 
 # then top level document. Subroutine of duplicate_socument.
+#
+#TODO Works for two embedded levels. Dies with third and more levels.
 ########################################################################
 def duplicate_embedded(source) #:nodoc:
-# TODO Works for two embedded levels. Dies with third and more levels.
   dest = {}
   source.each do |attribute_name, value|
     next if attribute_name == '_id' # don't duplicate _id
+
     if value.class == Array
       dest[attribute_name] = []
       value.each do |ar|
         dest[attribute_name] << duplicate_embedded(ar)
       end
-    else      
-# if duplicate string must be added. Useful for unique attributes
+    else
+      # if duplicate, string dup is added. For unique fields
       add_duplicate = params['dup_fields'].to_s.match(attribute_name + ',')
       dest[attribute_name] = value
       dest[attribute_name] << ' dup' if add_duplicate
     end
   end
+  dest['created_at'] = Time.now if dest['created_at']
+  dest['updated_at'] = Time.now if dest['updated_at']
   dest
 end
 
 ########################################################################
 # Will create duplicate document of source document. This method is used for 
-# duplicating document and is called from create action.
+# duplicating document and is subroutine of create action.
 ########################################################################
 def duplicate_document(source)
   dest = {}
   source.attribute_names.each do |attribute_name|
     next if attribute_name == '_id' # don't duplicate _id
-# if duplicate, string must be added. Useful for unique attributes
+
+    # if duplicate, string dup is added. For unique fields
     add_duplicate = params['dup_fields'].to_s.match(attribute_name + ',')
     dest[attribute_name] = source[attribute_name]
     dest[attribute_name] << ' dup' if add_duplicate
   end
-# embedded documents
+  # embedded documents
   source.embedded_relations.keys.each do |embedded_name|
     next if source[embedded_name].nil? # it happens
+
     dest[embedded_name] = []
     source[embedded_name].each do |embedded|
       dest[embedded_name] << duplicate_embedded(embedded)
     end
   end
+  dest['created_at'] = Time.now if dest['created_at']
+  dest['updated_at'] = Time.now if dest['updated_at']
   dest
 end
 
@@ -422,32 +261,35 @@ end
 # Create (or duplicate) action. Action is also used for turning filter on.
 ########################################################################
 def create
-# abusing create for turning filter on
+  # abusing create for turning filter on
   return index if params[:filter].to_s == 'on'
-# not authorized
+
+  # not authorized
   unless dc_user_can(DcPermission::CAN_CREATE)
     flash[:error] = t('drgcms.not_authorized')
     return index
   end
-#
-  if params['id'].nil? # create record
-# Prevent double form submit
+
+  # create document
+  if params['id'].nil?
+    # Prevent double form submit
     params[:form_time_stamp] = params[:form_time_stamp].to_i
     session[:form_time_stamp] ||= 0
     return index if params[:form_time_stamp] <= session[:form_time_stamp]
+
     session[:form_time_stamp] = params[:form_time_stamp]
-#    
     create_new_empty_record
-    params[:return_to] = 'index' if params[:commit] == t('drgcms.save&back') # save & back
     if save_data
-      flash[:info]    = t('drgcms.doc_saved')
+      flash[:info] = t('drgcms.doc_saved')
+      params[:return_to] = 'index' if params[:commit] == t('drgcms.save&back') # save & back
       return process_return_to(params[:return_to]) if params[:return_to]
       
-      @parms['id']     = @record.id     # must be set, for proper update link
-      params[:id]      = @record.id     # must be set, for find_record
+      @parms['id'] = @record.id # must be set, for proper update link
+      params[:id]  = @record.id # must be set, for find_record
       edit
-      #      render action: :edit
     else # error
+      return process_return_to(params[:return_to]) if params[:return_to]
+
       render action: :new
     end
   else # duplicate record
@@ -469,9 +311,9 @@ def edit
   find_record
   if (m = callback_method('before_edit') )
     ret = call_callback_method(m)
-# Don't do anything if return is false
+    # don't do anything if return is false
     return index if ret.class == FalseClass
-  end  
+  end
   @parms['action'] = 'update'
   render action: :edit
 end
@@ -481,25 +323,27 @@ end
 ########################################################################
 def update
   find_record
-# check if record was not updated in mean time
+  # check if record was not updated in mean time
   if @record.respond_to?(:updated_at)
     if params[:last_updated_at].to_i != @record.updated_at.to_i
       flash[:error] = t('drgcms.updated_by_other')
       return render(action: :edit)
     end
   end
-#   
+
   if dc_user_can(DcPermission::CAN_EDIT_ALL) or
     ( @record.respond_to?('created_by') and
       @record.created_by == session[:user_id] and
       dc_user_can(DcPermission::CAN_EDIT) )
-#
+
     if save_data
       params[:return_to] = 'index' if params[:commit] == t('drgcms.save&back') # save & back
       @parms['action'] = 'update'
-# Process return_to link
+      # Process return_to
       return process_return_to(params[:return_to]) if params[:return_to]
     else
+      # do not forget before_edit callback
+      if m = callback_method('before_edit') then call_callback_method(m) end
       return render action: :edit
     end
   else
@@ -513,7 +357,7 @@ end
 ########################################################################
 def destroy
   find_record
-# Which permission is required to delete 
+  # check permission required to delete
   permission = if params['operation'].nil?
     if @record.respond_to?('created_by') # needs can_delete_all if created_by is present and not owner
       (@record.created_by == session[:user_id]) ? DcPermission::CAN_DELETE : DcPermission::CAN_DELETE_ALL
@@ -528,38 +372,39 @@ def destroy
     end
   end
   ok2delete = dc_user_can(permission)
-#
+
   case
-# not authorized    
+  # not authorized
   when !ok2delete then
     flash[:error] = t('drgcms.not_authorized')
     return index
-    
+
+  # delete document
   when params['operation'].nil? then
-# Process before delete callback
+    # before_delete callback
     if (m = callback_method('before_delete') )
       ret = call_callback_method(m)
-# Don't do anything if return is false
+      # don't do anything if return is false
       return index if ret.class == FalseClass
     end
-# document deleted
+
     if @record.destroy
       save_journal(:delete)
       flash[:info] = t('drgcms.record_deleted')
-# Process after delete callback
+      # after_delete callback
       if (m = callback_method('after_delete') ) 
         call_callback_method(m)
       elsif params['after-delete'].to_s.match('return_to')
         params[:return_to] = params['after-delete']
       end
-# Process return_to link
+      # Process return_to link
       return process_return_to(params[:return_to]) if params[:return_to]
     else
       flash[:error] = dc_error_messages_for(@record)
     end
     return index
     
-# deaktivate document    
+  # deactivate document
   when params['operation'] == 'disable' then
     if @record.respond_to?('active')
       @record.active = false
@@ -569,7 +414,7 @@ def destroy
       flash[:info] = t('drgcms.doc_disabled')
     end
     
-# reaktivate document
+  # reactivate document
   when params['operation'] == 'enable' then
     if @record.respond_to?('active')
       @record.active = true
@@ -579,34 +424,90 @@ def destroy
       flash[:info] = t('drgcms.doc_enabled')
     end
 
-# reorder documents
+  #TODO reorder documents
   when params['operation'] == 'reorder' then
 
   end
-#
+
   @parms['action'] = 'update'
   render action: :edit
 end
 
+########################################################################
+# Run action
+########################################################################
+def run
+  # determine control file name and method
+  control_name, method_name = params[:control].split('.')
+  if method_name.nil?
+    method_name  = control_name
+    control_name = params[:table]   
+  end
+  # extend with control methods
+  extend_with_control_module(control_name)
+  if respond_to?(method_name)
+    # can it be called
+    return return_run_error t('drgcms.not_authorized') unless can_process_run
+    # call method
+    respond_to do |format|
+      format.json { send method_name }
+      format.html { send method_name }
+    end    
+  else # Error message
+    return_run_error "Method #{method_name} not defined in #{control_name}_control"
+  end
+end
+
 protected
 
-=begin
 ########################################################################
-# Processes on_save_ok form directive. Data is saved to session for
-# safety reasons.
+# Respond with error on run action
+########################################################################
+def return_run_error(text)
+  respond_to do |format|
+    format.json { render json: { msg_error: text } }
+    format.html { render plain: text }
+  end
+end
+
+########################################################################
+# Can run call be processed
+########################################################################
+def can_process_run
+  if respond_to?(:dc_can_process)
+    response = send(:dc_can_process)
+    return response unless response.class == Array
+  else
+    response = [DcPermission::CAN_VIEW, params[:table] || 'dc_memory']
+  end
+  dc_user_can *response
+end
+
+########################################################################
+# Checks if user has permissions to perform operation on table and if not
+# prepares response for not authorized message.
+#
+# @param [Integer] permission : Permission level defined in DcPermission constants eg. DcPermission::CAN_EDIT
+# @param [String] collection_name : Table name on which user must have permission
+#
+# @return [Boolean] true when user has required permission otherwise false
 ########################################################################
-def process_on_save_ok
-  session[:on_save_ok_id]     = @record_id
-  session[:on_save_ok_commit] = params[:commit]
-  eval(params[:on_save_ok])
+def user_has_permission?(permission, collection_name)
+  unless dc_user_can(permission, collection_name.to_s)
+    respond_to do |format|
+      format.json { render json: {msg_error: t('drgcms.not_authorized') } }
+      format.html { render plain: t('drgcms.not_authorized') }
+    end
+    return false
+  end
+  true
 end
-=end
 
 ########################################################################
-# Merges two forms when current form extends other form. Subroutine of read_drg_cms_form.
+# Merges two forms when current form extends other form. Subroutine of read_drg_form.
 # With a little help of https://www.ruby-forum.com/topic/142809 
 ########################################################################
-def forms_merge(hash1, hash2) 
+def forms_merge(hash1, hash2)
   target = hash1.dup
   hash2.keys.each do |key|
     if hash2[key].is_a? Hash and hash1[key].is_a? Hash
@@ -615,75 +516,152 @@ def forms_merge(hash1, hash2)
     end
     target[key] = hash2[key] == '/' ? nil :  hash2[key]
   end
-# delete keys with nil value  
-  target.delete_if{ |k,v| v.nil? }
+  # delete keys with nil value
+  target.delete_if { |k, v| v.nil? }
 end
 
 ########################################################################
-# Read drgcms form into yaml object. Subroutine of check_authorization.
+# Extends DRGCMS form file. Extended file is processed first and then merged
+# with code in this form file. Form can extend only single form file.
+# 
+# [Parameters:]
+# [extend_option] : Value of @form['extend'] option
+########################################################################
+def extend_drg_form(extend_option)
+  form_file_name = dc_find_form_file(extend_option) 
+  @form_js << read_js_drg_form(form_file_name)
+  form  = YAML.load_file( form_file_name )
+  @form = forms_merge(form, @form)
+  # If combined form contains tabs and fields options, merge fields into tabs
+  if @form['form']['tabs'] && @form['form']['fields']
+    @form['form']['tabs']['fields'] = @form['form']['fields']
+    @form['form']['fields'] = nil
+  end
+end
+
+########################################################################
+# Include code from another DRGCMS form file. Included code is merged
+# with current form file code. Form can include more than one other DRGCMS forms.
+# 
+# [Parameters:]
+# [include_option] : Value of @form['include'] option
+########################################################################
+def include_drg_form(include_option)
+  includes = include_option.class == Array ? include_option : include_option.split(/\,|\;/)
+  includes.each do |include_file|
+    form_file_name = dc_find_form_file(include_file)    
+    @form_js << read_js_drg_form(form_file_name)
+    form  = YAML.load_file(form_file_name)    
+    @form = forms_merge(@form, form)
+  end
+end
+
+########################################################################
+# Will read data from form_file_name.js if exists.
+# 
+# [Parameters:]
+# [form_file_name] : Physical form filename
+########################################################################
+def read_js_drg_form(form_file_name)
+  js_form_file_name = form_file_name.sub('.yml','.js')
+  File.read(js_form_file_name) rescue ''
+end
+
+########################################################################
+# Read DRG form into @form object. Subroutine of check_authorization.
 ########################################################################
-def read_drg_cms_form
+def read_drg_form
   table_name = decamelize_type(params[:table].strip)
-  @tables = table_name.split(';').inject([]) { |r,v| r << [v.classify.constantize, v] }
-# split ids passed when embedded document
+  @tables = table_name.split(';').inject([]) { |r,v| r << [(v.classify.constantize rescue nil), v] }
+
+  # split ids passed when embedded document
   ids = params[:ids].to_s.strip.downcase
   @ids = ids.split(';').inject([]) { |r,v| r << v }
-# form_name defaults to last table specified
+
+  # form_name defaults to last table specified
   form_name = params[:form_name] || @tables.last[1]
-  @form  = YAML.load_file( dc_find_form_file(form_name) ) rescue nil
-  return unless @form
-# when form extends another form file. 
-  if @form['extend']
-    form = YAML.load_file( dc_find_form_file(@form['extend']) )
-    @form = forms_merge(form, @form)
-# If combined form contains tabs and fields options, merge fields into tabs
-    if @form['form']['tabs'] and @form['form']['fields']
-      @form['form']['tabs']['fields'] = @form['form']['fields']
-      @form['form']['fields'] = nil
-    end
-  end
-# add readonly key to form if readonly parameter is passed in url
+  @form_js = ''
+
+  # dynamically generated form
+  @form = if params[:form_name] == 'method'
+            dc_eval_class_method(params[:form_method], params)
+          else
+            form_file_name = dc_find_form_file(form_name)
+            @form_js = read_js_drg_form(form_file_name)
+            YAML.load_file(form_file_name)
+          end
+
+  # form includes or extends another form file
+  include_drg_form(@form['include']) if @form['include']
+  extend_drg_form(@form['extend'])   if @form['extend']
+  @form['script'] = (@form['script'].blank? ? @form_js : @form['script'] + @form_js)
+  # add readonly key to form if readonly parameter is passed in url
   @form['readonly'] = 1 if params['readonly'] #and %w(1 yes true).include?(params['readonly'].to_s.downcase.strip)
-# !!!!!! Always use strings for key names since @parms['table'] != @parms[:table]
+
+  # !!!!!! Always use strings for key names since @parms['table'] != @parms[:table]
   @parms = { 'table' => table_name, 'ids' => params[:ids], 'form_name' => form_name,
              'return_to' => params['return_to'], 'edit_only' => params['edit_only'],
              'readonly' => params['readonly'] 
            }
 end
 
+############################################################################
+# Load module if available. Try not to mask errors in control module
+############################################################################
+def load_controls_module(controls_string)
+  begin
+    controls_string.classify.constantize
+  rescue NameError => e
+    return nil if e.message.match('uninitialized constant') || e.message.match('wrong constant name')
+    # report errors when loading existing module
+    raise e
+  end
+end
+
+############################################################################
+# Dynamically extend cmsedit class with methods defined in controls module.
+############################################################################
+def extend_with_control_module(control_name = @form['controls'] || @form['control'])
+  # May include embedded forms so ; => _
+  control_name ||= params[:table].gsub(';','_')
+  control_name += '_control' unless control_name.match(/control$|report$/i)
+  # p '************',  control_name
+  controls = load_controls_module(control_name)
+  if controls
+    # extend first with dc_report when report
+    if control_name.match(/report$/i)
+      extend DcReport
+      init_report(control_name)
+    end
+    extend controls
+    # Form may be dynamically updated before processed
+    send(:dc_update_form) if respond_to?(:dc_update_form)
+  end
+end
+
 ############################################################################
 # Check if user is authorized for the action. If authorization is in order it will also
 # load DRG form.
 ############################################################################
 def check_authorization
   params[:table] ||= params[:form_name]
-# Just show menu
-#  return show if params[:action] == 'show'
-  return login if params[:id].in?(%w(login logout))
+  # Only show menu
+  return login if params[:id].in?(%w(login logout test))
   table = params[:table].to_s.strip.downcase
-# request shouldn't pass
+  set_default_guest_user_role if session[:user_roles].nil?
+  # request shouldn't pass
   if table != 'dc_memory' and 
-     (session[:user_roles].nil? or table.size < 3 or !dc_user_can(DcPermission::CAN_VIEW))
+     (table.size < 3 or !dc_user_can(DcPermission::CAN_VIEW))
     return render(action: 'error', locals: { error: t('drgcms.not_authorized')} )
   end
+  read_drg_form
+  return render( plain: t('drgcms.form_error') ) if @form.nil?
 
-  read_drg_cms_form
-  
-# Permissions can be also defined on form
-  if @form.nil?
-    render plain: t('drgcms.form_error')
-#TODO So far only can_view is used. Think about if using other permissions has sense
-  elsif @form['permissions'].nil? or @form['permissions']['can_view'].nil? or
-    dc_user_has_role(@form['permissions']['can_view'])
-# Extend class with methods defined in drgcms_controls module. May include embedded forms therefor ; => _ 
-    controls_string = (@form['controls'] ? @form['controls'] : params[:table].gsub(';','_')) + '_control'
-    controls = "DrgcmsControls::#{controls_string.classify}".constantize rescue nil
-# version next
-    if controls.nil?
-      controls_string = "#{@form['controls'] || params[:table].gsub(';','_')}_control"
-      controls = "#{controls_string.classify}".constantize rescue nil
-    end
-    extend controls if controls 
+  # Permissions can be also defined on form
+  #TODO So far only can_view is used. Think about if using other permissions has sense
+  can_view = @form.dig('permissions','can_view')
+  if can_view.nil? or dc_user_has_role(can_view)
+    extend_with_control_module
   else
     render(action: 'error', locals: { error: t('drgcms.not_authorized')} )
   end  
@@ -705,7 +683,7 @@ end
 ########################################################################
 # Creates new empty record for new and create action.
 ########################################################################
-def create_new_empty_record(initial_data=nil) #:nodoc:
+def create_new_empty_record(initial_data = nil) #:nodoc:
   if @tables.size == 1
     @record = @tables.first[0].new(initial_data)
   else
@@ -722,9 +700,9 @@ def update_standards(record = @record)
   record.updated_by = session[:user_id] if record.respond_to?('updated_by')
   if record.new_record?
     record.created_by = session[:user_id] if record.respond_to?('created_by')
-# set this only initialy. Allow to be set to nil on updates. This documents can then belong to all sites
-# and will be directly visible only to admins
-    record.dc_site_id = dc_get_site._id if record.respond_to?('dc_site_id') and record.dc_site_id.nil?
+    # set this only initialy. Allow to be set to nil on updates. Document can then belong to all sites
+    # and will be directly visible only to admins
+    record.dc_site_id = dc_get_site.id if record.respond_to?('dc_site_id') && record.dc_site_id.nil?
   end
 end
 
@@ -736,17 +714,15 @@ end
 # [changes] Current document changed fields.
 ########################################################################
 def save_journal(operation, changes = {})
-#  return unless session[:save_journal]
   if operation == :delete
     @record.attributes.each {|k,v| changes[k] = v}
-#  elsif operation == :new
-#    changes = {}
   end
-#
-  if (operation != :update) or changes.size > 0
-# determine site_id
+
+  if (operation != :update) || changes.size > 0
+    # determine site_id
     site_id = @record.site_id if @record.respond_to?('site_id')
-    site_id = dc_get_site._id if site_id.nil? and dc_get_site
+    site_id = dc_get_site._id if site_id.nil? && dc_get_site
+
     DcJournal.create(site_id: site_id,
                      operation: operation,
                      user_id: session[:user_id],
@@ -764,22 +740,23 @@ end
 # Returns callback method name or nil if not defined.
 ########################################################################
 def callback_method(key) #:nodoc:
-  data_key = key.gsub('_','-') # data fields translate _ to -
-  cb = case
+  data_key = key.gsub('_','-') # convert _ to -
+  callback = case
     when params['data'] && params['data'][data_key] then params['data'][data_key]
-# if dc_ + key method is present in model then it will be called automatically     
+    # dc_ + key method is present then call it automatically
+    when @form['form'][key] then @form['form'][key]
     when respond_to?('dc_' + key) then 'dc_' + key
     when params[data_key] then params[data_key]
     else nil
   end
-#  
+
   ret = case
-    when cb.nil? then cb # otherwise there will be errors in next lines
-    when cb.match('eval ') then cb.sub('eval ','')
-    when cb.match('return_to ')
-      params[:return_to] = cb.sub('return_to ','')
+    when callback.nil? then callback # otherwise there will be errors in next lines
+    when callback.match('eval ') then callback.sub('eval ','')
+    when callback.match('return_to ')
+      params[:return_to] = callback.sub('return_to ','')
       return nil
-    else cb
+    else callback
   end
   ret
 end
@@ -809,6 +786,8 @@ def process_return_to(return_to)
     when return_to == 'index' then return index
     when return_to.match(/parent\.reload/i) then 'parent.location.href=parent.location.href;'
     when return_to.match(/reload/i) then 'location.href=location.href;'
+    when return_to.match(/close/i) then 'window.close();'
+    when return_to.match(/none/i) then return
     else "location.href='#{return_to}'"
   end
   render html: js_tag(script).html_safe, layout: false
@@ -816,16 +795,16 @@ end
 
 ########################################################################
 # Since tabs have been introduced on form it is a little more complicated
-# to get all edit fields on form. This method does it. Subroutine of save_data.
+# to collect all edit fields on form. This method does it. Subroutine of save_data.
 ########################################################################
-def fields_on_form() #:nodoc:
+def fields_on_form #:nodoc:
   form_fields = []
   if @form['form']['fields']
-# read only field elements (key is Integer)
-    @form['form']['fields'].each {|key,options| form_fields << options if key.class == Integer }
+    # read only field elements (key is Integer)
+    @form['form']['fields'].each { |key, options| form_fields << options if key.class == Integer }
   else
     @form['form']['tabs'].keys.each do |tab|
-      @form['form']['tabs'][tab].each {|key,options| form_fields << options if key.class == Integer }
+      @form['form']['tabs'][tab].each { |key, options| form_fields << options if key.class == Integer }
     end  
   end
   form_fields
@@ -838,36 +817,262 @@ end
 def save_data
   form_fields = fields_on_form()
   return true if form_fields.size == 0
-#
+
   form_fields.each do |v|
     session[:form_processing] = v['name'] # for debuging
-    next if v['type'].nil? or
+    next if v['type'].nil? or v['name'].nil? or
             v['type'].match('embedded') or # don't wipe embedded types
             (params[:edit_only] and params[:edit_only] != v['name']) or # otherwise other fields would be wiped
             v['readonly'] or # fields with readonly option don't return value and would be wiped
-            !@record.respond_to?(v['name']) # there can be temporary fields on the form
+            !@record.respond_to?(v['name']) # there are temporary fields on the form
     # good to know! How to get type of field @record.fields[v['name']].type
     # return value from form field definition
     value = DrgcmsFormFields.const_get(v['type'].camelize).get_data(params, v['name'])
     @record.send("#{v['name']}=", value)
   end
-# 
-  operation = @record.new_record? ? :new : :update
-# controls callback method
+  # before_save callback
   if (m = callback_method('before_save') )
     ret = call_callback_method(m)
-# dont's save if callback method returns false    
+    # don't save if callback returns false
     return false if ret.class == FalseClass
   end
-# save data  
+
+  # save data
   changes = @record.changes
   update_standards() if changes.size > 0  # update only if there has been some changes
   if (saved = @record.save)
+    operation = @record.new_record? ? :new : :update
     save_journal(operation, changes)
-# callback methods
-    if (m = callback_method('after_save') ) then call_callback_method(m)  end
+    # after_save callback
+    if (m = callback_method('after_save') ) then call_callback_method(m) end
   end
   saved
 end
+
+########################################################################
+# Will return comma separated data (field names) as array of symbols. For usage
+# in select_fields and deny_fields
+########################################################################
+def separated_to_symbols(data)
+  data.chomp.split(',').map { |e| e.strip.downcase.to_sym }
+end
   
+########################################################################
+# Will process only (select_fields) and without (deny_fields) option
+########################################################################
+def process_select_and_deny_fields
+  only = @form['result_set']['select_fields'] || @form['result_set']['only']
+  @records = @records.only( separated_to_symbols(only) ) if only
+
+  without = @form['result_set']['deny_fields'] || @form['result_set']['without']
+  @records = @records.without( separated_to_symbols(without) ) if without
+end
+
+########################################################################
+# Will check and set sorting options for current result set. Subroutine of index method.
+########################################################################
+def check_sort_options() #:nodoc:
+  table_name = @tables.first[1]
+  old_sort = session[table_name][:sort].to_s
+  sort, direction = old_sort.split(' ')
+
+  if params['sort']
+    # reverse sort if same selected
+    if params['sort'] == sort
+      direction = (direction == '1') ? '-1' : '1'
+    end
+    direction ||= '1'
+    sort = params[:sort]
+    session[table_name][:sort] = "#{params['sort']} #{direction}"
+    session[table_name][:page] = 1
+  end
+  @records.sort( sort => direction.to_i ) if session[table_name][:sort] && @records.class == Mongoid::Criteria
+  params['sort'] = nil # otherwise there is problem with other links
+end
+
+########################################################################
+# Set aditional filter options when filter is defined by filter method in control object.
+########################################################################
+def user_filter_options(model) #:nodoc:
+  table_name = @tables.first[1]
+  if session[table_name]
+    DcFilter.get_filter(session[table_name][:filter]) || model
+  else
+    model
+  end
+end
+
+########################################################################
+# Return current sort options for model (table)
+########################################################################
+def user_sort_options(model) #:nodoc:
+  table_name = (model.class == String ? model : model.to_s).underscore
+  return nil unless session[table_name][:sort]
+
+  field, direction = session[table_name][:sort].split(' ')
+  { field.to_sym => direction.to_i }
+end
+
+########################################################################
+# Will set session[table_name][:filter] and save last filter settings to session.
+# subroutine of check_filter_options.
+########################################################################
+def set_session_filter(table_name)
+  # models that can not be filtered (for now)
+  return if %w(dc_temp dc_memory).include?(params[:table])
+  # clear filter 
+  if params[:filter] == 'off' 
+    session[table_name][:filter] = nil
+    return
+  end
+  # field_name should exist on set filter condition
+  return if params[:filter_oper] && params[:filter_field].blank?
+
+  filter_value = if params[:filter_value].nil?
+    #NIL indicates that no filtering is needed
+    '#NIL'
+  else     
+    if params[:filter_value].class == String and params[:filter_value][0] == '@'
+      # Internal value. Remove leading @ and evaluate expression
+      expression = DcInternals.get(params[:filter_value])
+      eval(expression) rescue nil
+    else
+      # No filter when empty
+      params[:filter_value] == '' ? '#NIL' : params[:filter_value] 
+    end
+  end
+  # if filter field parameter is omitted then just set filter value
+  session[table_name][:filter] =
+  if params[:filter_field].nil?
+    saved = YAML.load(session[table_name][:filter])
+    saved['value'] = filter_value
+    saved.to_yaml
+  else 
+    # as field defined. Split name and alternative input field
+    field = if params[:filter_field].match(' as ')
+      params[:filter_input] = params[:filter_field].split(' as ').last.strip
+      params[:filter_field].split(' as ').first.strip
+    else
+      params[:filter_field]
+    end
+
+    {'field'     => field, 
+     'operation' => params[:filter_oper], 
+     'value'     => filter_value,
+     'input'     => params[:filter_input],
+     'table'     => table_name }.to_yaml
+  end
+  # must be. Otherwise kaminari includes parames on paging links
+  params[:filter]        = nil
+  params[:filter_id]     = nil
+  params[:filter_oper]   = nil
+  params[:filter_input]  = nil
+  params[:filter_field]  = nil
+end
+
+########################################################################
+# Will check and set current filter options for result set. Subroutine of index method.
+########################################################################
+def check_filter_options() #:nodoc:
+  table_name = @tables.first[1]
+  model      = @tables.first[0]
+  session[table_name] ||= {}
+  # page is set
+  session[table_name][:page] = params[:page] if params[:page]
+  # new filter is applied
+  if params[:filter]
+    set_session_filter(table_name)
+    session[table_name][:page] = 1
+  end
+  # if data model has field dc_site_id ensure that only documents which belong to the site are selected.
+  site_id = dc_get_site._id if dc_get_site
+
+  # don't filter site if no dc_site_id field or user is ADMIN
+  site_id = nil if !model.method_defined?('dc_site_id') or dc_user_can(DcPermission::CAN_ADMIN)
+  site_id = nil if session[table_name][:filter].to_s.match('dc_site_id')
+
+  if @records = DcFilter.get_filter(session[table_name][:filter])
+    @records = @records.and(dc_site_id: site_id) if site_id
+  else
+    @records = site_id ? model.where(dc_site_id: site_id) : model
+  end
+  process_select_and_deny_fields
+  # pagination if required
+  per_page = (@form['result_set']['per_page'] || 30).to_i
+  @records = @records.page(session[table_name][:page]).per(per_page) if per_page > 0
+end
+
+########################################################################
+# Process index action for normal collections.
+########################################################################
+def process_collections #:nodoc
+# If result_set is not defined on form, then it will fail. :return_to should know where to go
+  if @form['result_set'].nil?
+    process_return_to(params[:return_to] || 'reload') 
+    return true
+  end
+# for now enable only filtering of top level documents
+  if @tables.size == 1 
+    check_filter_options()
+    check_sort_options()
+  end  
+# result set is defined by filter method in control object
+  form_filter = @form['result_set']['filter']
+  if form_filter
+    if respond_to?(form_filter)
+      @records = send(form_filter)
+# something went wrong. flash[] should have explanation.
+      if @records.class == FalseClass
+        @records = []
+        render(action: :index)
+        return true
+      end
+      process_select_and_deny_fields           
+# pagination but only if not already set
+      unless (@form['table'] == 'dc_memory' or @records.options[:limit])
+        per_page = (@form['result_set']['per_page'] || 30).to_i
+        @records = @records.page(params[:page]).per(per_page) if per_page > 0
+      end
+    elsif form_filter != 'dc_filter'
+      Rails.logger.error "Error: result_set:filter: #{@form['result_set']['filter']} not found in controls!"
+    end
+  else
+    if @tables.size > 1 
+      rec = @tables.first[0].find(@ids.first)          # top most document.id
+      1.upto(@tables.size - 2) { |i| rec = rec.send(@tables[i][1].pluralize).find(@ids[i]) }  # find embedded childrens by ids
+# TO DO. When field name is different then pluralized class name. Not working yet.
+      embedded_field_name = @tables.last[0] ? @tables.last[1].pluralize : @tables.last[1]
+      @records = rec.send(embedded_field_name)   # current embedded set
+# sort by order if order field is present in model
+      if @tables.last[1].classify.constantize.respond_to?(:order)
+        @records = @records.order_by('order asc')
+      end
+    end
+  end
+  false
+end
+
+########################################################################
+# Process index action for in memory data.
+########################################################################
+def process_in_memory #:nodoc
+  @records = []
+  # result set is defined by filter method in control object
+  if (method = @form['result_set']['filter'])
+    send(method) if respond_to?(method)    
+  end
+  # result set is defined by class method
+  if (klass_method = @form['result_set']['filter_method'])
+    _klass, method = klass_method.split('.')
+    klass = _klass.classify.constantize
+    @records = klass.send(method) if klass.respond_to?(method)
+  end
+  # ensure that record has id field
+  if @records.size > 0
+    raise "Exception: id field must be set in dc_memory record!" unless @records.first.id
+  end
+  false
+end
+
+
 end