drg_cms 0.6.0.6 → 0.6.0.8

data/app/assets/stylesheets/drg_cms/select-multiple.css

@@ -28,10 +28,10 @@
   -ms-transition: border linear 0.2s, box-shadow linear 0.2s;
   -o-transition: border linear 0.2s, box-shadow linear 0.2s;
   transition: border linear 0.2s, box-shadow linear 0.2s;
-  border: 2px solid #ddd;
-  -webkit-border-radius: 3px;
-  -moz-border-radius: 3px;
-  border-radius: 3px;
+  border: 1px solid #ddd;
+  -webkit-border-radius: 1px;
+  -moz-border-radius: 1px;
+  border-radius: 1px;
   position: relative;
   height: 200px;
   padding: 0;
@@ -39,12 +39,9 @@
 }
 
 .ms-container .ms-list.ms-focus{
-  border-color: rgba(82, 168, 236, 0.8);
-  -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6);
-  -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6);
-  box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6);
-  outline: 0;
-  outline: thin dotted \9;
+  border: 1px solid rgba(76,154,255, 1);
+  outline: 1px solid rgba(76,154,255, 1);
+  border-radius: 1px;
 }
 
 .ms-container ul{
@@ -93,10 +90,10 @@
 
 
 .ms-container .ms-selected {
-  font-weight: bold;
+  font-weight: 600;
 }
 
 .pull-right.ms-elem-selected{
   float: right;
-  font-size: larger;
+  font-size: smaller;
 }

data/app/assets/stylesheets/drg_cms_cms.css

@@ -19,4 +19,4 @@
 */
 
 /* Required for link buttons to look alike */
-.dc-link a, .dc-link-submit input {font-weight: bold; font-size: 12px; }   
+.dc-link a, .dc-link-submit input {font-weight: 600; }   

data/app/controllers/cmsedit_controller.rb

@@ -1,4 +1,3 @@
-#coding: utf-8
 #--
 # Copyright (c) 2012+ Damjan Rems
 #
@@ -432,35 +431,77 @@ end
 # Run action
 ########################################################################
 def run
+  # determine control file name and method
   control_name, method_name = params[:control].split('.')
   if method_name.nil?
     method_name  = control_name
     control_name = params[:table]   
   end
+  # extend with control methods
   extend_with_control_module(control_name)
   if respond_to?(method_name)
+    # can it be called
+    return return_run_error t('drgcms.not_authorized') unless can_process_run
+    # call method
     respond_to do |format|
       format.json { send method_name }
       format.html { send method_name }
     end    
-  else
-    # Error message
-    text = "Method #{method_name} not defined in #{control_name}_control"
-    respond_to do |format|
-      format.json { render json: {msg_error: text} }
-      format.html { render plain: text }
-    end    
+  else # Error message
+    return_run_error "Method #{method_name} not defined in #{control_name}_control"
   end
-
 end
 
 protected
 
+########################################################################
+# Respond with error on run action
+########################################################################
+def return_run_error(text)
+  respond_to do |format|
+    format.json { render json: { msg_error: text } }
+    format.html { render plain: text }
+  end
+end
+
+########################################################################
+# Can run call be processed
+########################################################################
+def can_process_run
+  if respond_to?(:dc_can_process)
+    response = send(:dc_can_process)
+    return response unless response.class == Array
+  else
+    response = [DcPermission::CAN_VIEW, params[:table] || 'dc_memory']
+  end
+  dc_user_can *response
+end
+
+########################################################################
+# Checks if user has permissions to perform operation on table and if not
+# prepares response for not authorized message.
+#
+# @param [Integer] permission : Permission level defined in DcPermission constants eg. DcPermission::CAN_EDIT
+# @param [String] collection_name : Table name on which user must have permission
+#
+# @return [Boolean] true when user has required permission otherwise false
+########################################################################
+def user_has_permission?(permission, collection_name)
+  unless dc_user_can(permission, collection_name.to_s)
+    respond_to do |format|
+      format.json { render json: {msg_error: t('drgcms.not_authorized') } }
+      format.html { render plain: t('drgcms.not_authorized') }
+    end
+    return false
+  end
+  true
+end
+
 ########################################################################
 # Merges two forms when current form extends other form. Subroutine of read_drg_cms_form.
 # With a little help of https://www.ruby-forum.com/topic/142809 
 ########################################################################
-def forms_merge(hash1, hash2) 
+def forms_merge(hash1, hash2)
   target = hash1.dup
   hash2.keys.each do |key|
     if hash2[key].is_a? Hash and hash1[key].is_a? Hash
@@ -553,25 +594,38 @@ def read_drg_cms_form
            }
 end
 
+############################################################################
+# Load module if available. Try not to mask errors in control module
+############################################################################
+def load_controls_module(controls_string)
+  begin
+    controls_string.classify.constantize
+  rescue NameError => e
+    return nil if e.message.match('uninitialized constant') || e.message.match('wrong constant name')
+    # report errors when loading existing module
+    raise e
+  end
+end
+
 ############################################################################
 # Dynamically extend cmsedit class with methods defined in controls module.
 ############################################################################
-def extend_with_control_module(control_name=@form['controls'])
-# May include embedded forms therefor ; => _ 
-  controls_string = "#{control_name || params[:table].gsub(';','_')}_control"
-  controls = "#{controls_string.classify}".constantize rescue nil
-# old version. Will be deprecated
-  if controls.nil?
-    controls_string = (control_name ? control_name : params[:table].gsub(';','_')) + '_control'
-    controls = "DrgcmsControls::#{controls_string.classify}".constantize rescue nil
-    dc_deprecate('Putting controls into app/controllers/drgcms_controls directory will be deprecated. Put them into app/controls instead.') if controls
-  end
-# Form may be dynamically updated before processed 
-  if controls 
+def extend_with_control_module(control_name = @form['controls'] || @form['control'])
+  # May include embedded forms so ; => _
+  control_name ||= params[:table].gsub(';','_')
+  control_name += '_control' unless control_name.match(/control$|report$/i)
+  # p '************',  control_name
+  controls = load_controls_module(control_name)
+  if controls
+    # extend first with dc_report when report
+    if control_name.match(/report$/i)
+      extend DcReport
+      init_report(control_name)
+    end
     extend controls
+    # Form may be dynamically updated before processed
     send(:dc_update_form) if respond_to?(:dc_update_form)
   end
-    
 end
 
 ############################################################################
@@ -591,6 +645,7 @@ def check_authorization
   end
   read_drg_cms_form
   return render( plain: t('drgcms.form_error') ) if @form.nil?
+
   # Permissions can be also defined on form
   #TODO So far only can_view is used. Think about if using other permissions has sense
   can_view = @form.dig('permissions','can_view')
@@ -785,10 +840,10 @@ def save_data
 end
 
 ########################################################################
-# Will return commma separated data (field names) as hash. For usage 
+# Will return comma separated data (field names) as array of symbols. For usage
 # in select_fields and deny_fields
 ########################################################################
-def separated_to_hash(data)
+def separated_to_symbols(data)
   data.chomp.split(',').inject([]) {|r,element| r << element.strip.downcase.to_sym }
 end
   
@@ -797,11 +852,11 @@ end
 ########################################################################
 def process_select_and_deny_fields
   if @form['result_set']['select_fields']
-    @records = @records.only( separated_to_hash(@form['result_set']['select_fields']) )
+    @records = @records.only( separated_to_symbols(@form['result_set']['select_fields']) )
   end
 # deny fields specified
   if @form['result_set']['deny_fields']
-    @records = @records.without( separated_to_hash(@form['result_set']['deny_fields']) )
+    @records = @records.without( separated_to_symbols(@form['result_set']['deny_fields']) )
   end
 end
 
@@ -839,6 +894,17 @@ def user_filter_options(model) #:nodoc:
   end
 end
 
+########################################################################
+# Return current sort options for model (table)
+########################################################################
+def user_sort_options(model) #:nodoc:
+  table_name = (model.class == String ? model : model.to_s).underscore
+  return nil unless session[table_name][:sort]
+
+  field, direction = session[table_name][:sort].split(' ')
+  { field.to_sym => direction.to_i }
+end
+
 ########################################################################
 # Will set session[table_name][:filter] and save last filter settings to session.
 # subroutine of check_filter_options.
@@ -846,12 +912,13 @@ end
 def set_session_filter(table_name)
   # models that can not be filtered (for now)
   return if %w(dc_temp dc_memory).include?(params[:table])
-
   # clear filter 
   if params[:filter] == 'off' 
     session[table_name][:filter] = nil
     return
   end
+  # field_name should exist on set filter condition
+  return if params[:filter_oper] && params[:filter_field].blank?
 
   filter_value = if params[:filter_value].nil?
 # NIL indicates that no filtering is needed        
@@ -946,9 +1013,10 @@ def process_collections #:nodoc
     check_sort_options()
   end  
 # result set is defined by filter method in control object
-  if @form['result_set']['filter']
-    if respond_to?(@form['result_set']['filter'])
-      @records = send @form['result_set']['filter']
+  form_filter = @form['result_set']['filter']
+  if form_filter
+    if respond_to?(form_filter)
+      @records = send(form_filter)
 # something went wrong. flash[] should have explanation.
       if @records.class == FalseClass
         @records = []
@@ -961,7 +1029,7 @@ def process_collections #:nodoc
         per_page = (@form['result_set']['per_page'] || 30).to_i
         @records = @records.page(params[:page]).per(per_page) if per_page > 0
       end
-    else
+    elsif form_filter != 'dc_filter'
       Rails.logger.error "Error: result_set:filter: #{@form['result_set']['filter']} not found in controls!"
     end
   else

data/app/controllers/dc_application_controller.rb

@@ -168,7 +168,7 @@ protected
 #############################################################################
 # Add permissions. Subroutine of dc_user_can
 ############################################################################
-def add_permissions_for(table_name=nil) # :nodoc:
+def __add_permissions_for(table_name=nil) # :nodoc:
   perm = table_name.nil? ? DcPermission.find_by(is_default: true) : DcPermission.find_by(table_name: table_name, active: true)
   (perm.dc_policy_rules.each {|p1| @permissions[p1.dc_policy_role_id] = p1.permission }) if perm
 end
@@ -185,7 +185,7 @@ end
 # @Example True when user has view permission on the table
 #   if dc_user_can(DcPermission::CAN_VIEW, params[:table]) then ...
 ############################################################################
-def dc_user_can(permission, table=params[:table])
+def __dc_user_can(permission, table=params[:table])
   if @permissions.nil?
     @permissions = {}
     add_permissions_for # default permission
@@ -201,6 +201,25 @@ def dc_user_can(permission, table=params[:table])
   false
 end  
 
+###########################################################################
+# Checks if user can perform (read, create, edit, delete) document in specified
+# table (collection).
+# 
+# @param [Integer] Required permission level
+# @param [String] Collection (table) name for which permission is queried. Defaults to params[table].
+# 
+# @return [Boolean] true if user's role permits (is higher or equal then required) operation on a table (collection). 
+# 
+# @Example True when user has view permission on the table
+#   if dc_user_can(DcPermission::CAN_VIEW, params[:table]) then ...
+############################################################################
+def dc_user_can(permission, table=params[:table])
+  @permissions ||= DcPermission.permissions_for_table(table)
+# Return true if any of the permissions user has is higher or equal to requested permission 
+  session[:user_roles].each {|r| return true if @permissions[r] and @permissions[r] >= permission }
+  false
+end
+
 ####################################################################
 # Detects if called from mobile agent according to http://detectmobilebrowsers.com/ 
 # and set session[:is_mobile]
@@ -218,7 +237,6 @@ def dc_set_is_mobile
   end
 end
 
-
 ##########################################################################
 # Merge values from parameters fields (from site, page ...) into internal @options hash.
 # 
@@ -464,7 +482,7 @@ eot
 end
 
 ####################################################################
-# Checks if any errors exist on document and writes debug log. It can also 
+# Checks if any errors exist on document and writes error log. It can also 
 # crash if requested. This is mostly usefull in development for debuging 
 # model errors or when saving to multiple collections and where each save must be 
 # checked if succesfull.
@@ -483,14 +501,7 @@ end
 #      
 ####################################################################
 def dc_check_model(document, crash=false)
-  return nil unless document.errors.any?
-  msg = ''
-  document.errors.each do |attribute, errors_array|
-    msg << "#{attribute}: #{errors_array}\n"
-  end
-  logger.debug(msg) if msg.size > 0
-  crash_it if crash
-  msg
+  DcApplicationController.dc_check_model(document, crash=false)
 end
 
 ######################################################################
@@ -739,5 +750,53 @@ def dc_update_form_field(field_name, value, readonly=false)
   flash[:update][key_name] = value
 end
 
+####################################################################
+# Checks if any errors exist on document and writes error log. It can also 
+# crash if requested. This is mostly usefull in development for debuging 
+# model errors or when updating multiple collections and each save must be 
+# checked if succesfull.
+# 
+# @param [Document] Document object which will be checked
+# @param [Boolean] If true method should end in runtime error. Default = false.
+# 
+# @return [String] Error messages or empty string if everything is OK.
+# 
+# @Example Check for error when data is saved.
+#   model.save
+#   if (msg = DcApplicationController.dc_check_model(model) ).size > 0
+#     p msg
+#     error process ......
+#   end
+#      
+####################################################################
+def self.dc_check_model(document, crash=false)
+  return nil unless document.errors.any?
+  msg = ""
+  document.errors.each do |attribute, errors_array|
+    msg << "#{attribute}: #{errors_array}\n"
+  end
+  #
+  if crash and msg.size > 0
+    msg = "Validation errors in #{document.class}:\n" + msg
+    pp msg
+    Rails.logger.error(msg)
+    raise "Validation error. See log for more information."
+  end
+  msg
+end
+
+########################################################################
+# Will dump exception to rails log and console.
+# 
+# Parameters:
+# [exception] Object: Exception caught
+# 
+########################################################################
+def dc_dump_exception(exception)
+  msg = [exception.message, *exception.backtrace].join($/)
+  pp msg
+  Rails.logger.error msg
+end
+
 
 end

data/app/controls/dc_report.rb

@@ -0,0 +1,227 @@
+#--
+# Copyright (c) 2020+ Damjan Rems
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+######################################################################
+# Common methods required by reports
+######################################################################
+module DcReport
+attr_accessor :report_id
+attr_accessor :bulk
+
+######################################################################
+# Clear result if params[:clear] is 'yes' when form is first displayed
+######################################################################
+def dc_new_record
+  DcTemp.clear(temp_key) unless params[:clear].to_s == 'no'
+end
+
+######################################################################
+# Check if report option is present in form and shuffle form, so it can
+# be used to display result.
+######################################################################
+def dc_update_form
+  return unless @form && @form['report'] && params[:table] = 'dc_temp'
+
+  # copy form data under report option to top
+  @form['report'].each { |key, data| @form[key] = data }
+end
+
+######################################################################
+# Print to PDF action
+######################################################################
+def print
+  begin
+    pdf_do
+  rescue Exception => e
+    dc_dump_exception(e)
+    render json: { msg_error: t('drgcms.runtime_error') } and return
+  end
+
+  pdf_file = "tmp/dokument-#{Time.now.to_i}.pdf"
+  @pdf.render_file Rails.root.join('public', pdf_file)
+
+  render json: print_response(pdf_file)
+end
+
+######################################################################
+# Export data do excel action
+######################################################################
+def export
+  export_to_excel( temp_key )
+end
+
+######################################################################
+# Default filter to select data for result.
+######################################################################
+def data_filter
+  params['clear'].to_s == 'yes' ? DcTemp.where(key: false) : DcTemp.where(key: temp_key).order_by(order: 1)
+end
+
+private
+
+######################################################################
+# Will create response message for print action. Response consists of
+# opening pdf file in new browser tab and additional print_message if defined.
+######################################################################
+def print_response(pdf_file)
+  response = { window: "/#{pdf_file}" }
+  response.merge!(report_message) if respond_to?(:report_message, true)
+  response
+end
+
+######################################################################
+# Temp key consists of report name and user's id. Key should be added
+# to every dc_temp document and is used to define data, which belongs
+# to current user.
+######################################################################
+def temp_key
+  "#{@report_id}-#{session[:user_id]}"
+end
+
+######################################################################
+# Initialize report. Set report_id internal variable and initialize bulk
+# for bulk saving data to dc_temp collection.
+######################################################################
+def init_report(id)
+  @report_id = id
+  @bulk = []
+end
+
+######################################################################
+# Check if all send fields are blank.
+######################################################################
+def all_blank?(*fields)
+  fields.each {|e| e.blank? ? true : (break false) }
+end
+
+######################################################################
+# Will write bulk data to dc_temp collection.
+######################################################################
+def bulk_write(doc, the_end = false)
+  if doc.class == TrueClass
+    the_end = true
+  else
+    @bulk << doc
+  end
+
+  if (the_end && @bulk.size > 0) || @bulk.size > 100
+    DcTemp.collection.insert_many(@bulk) 
+    @bulk = []
+  end
+end
+
+######################################################################
+# Export data to Excel
+######################################################################
+def export_to_excel(report_id)
+  read_drg_cms_form if @form.blank?
+  # use report options if present
+  columns = (@form['report'] ? @form['report'] : @form)['result_set']['columns'].sort
+
+  n, workbook = 0, Spreadsheet::Workbook.new
+  excel = workbook.create_worksheet(name: report_id)
+  # header
+  columns.each_with_index do |column, i|
+    caption = column.last['caption'] || column.last['label']
+    label = t(caption)
+    excel[n, i] = label.match('translation missing') ? caption : label
+  end
+
+  data_filter.each do |doc|
+    n += 1
+    columns.each_with_index do |column, i|
+      value = doc[column.last['name']].to_s.gsub('<br>', ";")
+      value = value.gsub(/\<\/strong\>|\<strong\>|\<\/b\>|\<b\>/, '')
+      excel[n, i] = value
+    end
+  end
+  workbook.write Rails.root.join("public/tmp/#{report_id}.xls")
+  dc_render_ajax(operation: :window, value: "/tmp/#{report_id}.xls")
+end
+
+############################################################################
+# Returns html code for displaying date/time formatted by strftime. Will return '' if value is nil.
+# 
+# Parameters:
+# [value] Date/DateTime/Time.  
+# [format] String. strftime format mask. Defaults to locale's default format.
+############################################################################
+def dc_format_date_time(value, format = nil)
+  return '' if value.nil?
+
+  format ||= value.class == Date ? t('date.formats.default') : t('time.formats.default')
+  value.strftime(format)
+end
+
+##############################################################################
+# Initialize PDF document for print
+##############################################################################
+def pdf_init(opts={})
+  opts[:margin] ||= [30,30,30,30]
+  opts[:page_size] ||= 'A4'
+
+  pdf = Prawn::Document.new(opts)
+  pdf.font_size = opts[:font_size] if opts[:font_size]
+
+  pdf.encrypt_document( owner_password: :random,
+                        permissions: { print_document: true,
+                                       modify_contents: false,
+                                       copy_contents: false,
+                                       modify_annotations: false })
+  pdf.font_families.update(
+    'Arial' => { normal: Rails.root.join('public', 'arial.ttf'),
+                 bold: Rails.root.join('public', 'arialbd.ttf') }
+  )
+  pdf.font 'Arial'
+  pdf
+end
+
+################################################################################
+# Prints out single text (or object) on report.
+#
+# @param [Object] txt : Text or object. Result of to_s method of the object is
+# @param [Hash] opts
+###############################################################################
+def pdf_text(txt, opts={})
+  box_opts = {}
+  ypos = @pdf.cursor
+  xpos = opts.delete(:atx) || 0
+  box_opts.merge!(single_line: (opts.delete(:single_line) || true))
+  box_opts.merge!(at: (opts.delete(:at) || [xpos, ypos]))
+  box_opts.merge!(width: opts[:width]) if opts[:width]
+  box_opts.merge!(align: opts[:align]) if opts[:align]
+  box_opts.merge!(inline_format: opts[:inline_format]) if opts[:inline_format]
+
+  @pdf.text_box(txt.to_s, box_opts)
+end
+
+################################################################################
+# Skip line on report
+#
+# @param [Integer] skip . Number of lines to skip. Default 1.
+###############################################################################
+def pdf_skip(skip = 1)
+  @pdf.text('<br>' * skip, inline_format: true)
+end 
+
+end