drg_cms 0.6.0.8 → 0.6.1.0

data/app/controllers/dc_application_controller.rb

@@ -1,4 +1,3 @@
-#coding: utf-8
 #--
 # Copyright (c) 2012+ Damjan Rems
 #
@@ -66,8 +65,8 @@ end
 ####################################################################
 def dc_user_has_role(role)
   role = DcPolicyRole.get_role(role)
-  return false if role.nil? or session[:user_roles].nil?
-# role is found in user_roles
+  return false if role.nil? || session[:user_roles].nil?
+  # role exists in user_roles
   session[:user_roles].include?(role._id)
 end
 
@@ -81,22 +80,28 @@ end
 # @example Returns Google analytics code from site settings
 #    settings = dc_get_site.params['ga_acc']
 ####################################################################
-def dc_get_site()
-  return @site if @site 
+def dc_get_site
+  return @site if @site
+
   uri  = URI.parse(request.url)
+  cache_key = ['dc_site', uri.host]
+
+  @site = dc_cache_read(cache_key)
+  return @site if @site
+
   @site = DcSite.find_by(name: uri.host)
-# Site can be aliased
-  if @site and !@site.alias_for.blank?
+  # Site can be aliased
+  if @site && !@site.alias_for.blank?
     @site = DcSite.find_by(name: @site.alias_for)
   end
-# Development environment. Check if site with name test exists and use 
-# alias_for as pointer to real site.
-  if @site.nil? and ENV["RAILS_ENV"] != 'production'
+  # Development environment. Check if site with name test exists and use
+  # alias_for as pointer to real site.
+  if @site.nil? && ENV["RAILS_ENV"] != 'production'
     @site = DcSite.find_by(name: 'test')
     @site = DcSite.find_by(name: @site.alias_for) if @site
-  end 
-  @site = nil if @site and !@site.active # site is disabled
-  @site
+  end
+  @site = nil if @site && !@site.active # site is disabled
+  dc_cache_write(cache_key, @site)
 end
 
 ##########################################################################
@@ -104,7 +109,7 @@ end
 #
 # Sets internal @page_title variable.
 ##########################################################################
-def set_page_title()
+def set_page_title
   @page_title = @page.title.blank? ? @page.subject : @page.title
   dc_add_meta_tag(:name, 'description', @page.meta_description)
 end
@@ -115,18 +120,17 @@ end
 # @param [String] Form file name. File name can be passed as gem_name.filename. This can
 # be useful when you are extending form but want to retain same name as original form
 # For example. You are extending dc_user form from drg_cms gem and want to
-# retain same dc_user name. This can be done by setting drg_cms.dc_user to extend option. 
+# retain same dc_user name. This can be done by setting drg_cms.dc_user as extend option.
 # 
 # @return [String] Form file name including path or nil if not found.
 ########################################################################
 def dc_find_form_file(form_file)
-  form_path=nil
-  if form_file.match(/\.|\//)
-    form_path,form_file=form_file.split(/\.|\//)
-  end
+  form_path = nil
+  form_path, form_file = form_file.split(/\.|\//) if form_file.match(/\.|\//)
+
   DrgCms.paths(:forms).reverse.each do |path|
     f = "#{path}/#{form_file}.yml"
-    return f if File.exist?(f) and (form_path.nil? or path.to_s.match(/\/#{form_path}\//i))
+    return f if File.exist?(f) && (form_path.nil? || path.to_s.match(/\/#{form_path}(-|\/)/i))
   end
   raise "Exception: Form file '#{form_file}' not found!"
 end
@@ -165,15 +169,7 @@ end
 
 protected
 
-#############################################################################
-# Add permissions. Subroutine of dc_user_can
-############################################################################
-def __add_permissions_for(table_name=nil) # :nodoc:
-  perm = table_name.nil? ? DcPermission.find_by(is_default: true) : DcPermission.find_by(table_name: table_name, active: true)
-  (perm.dc_policy_rules.each {|p1| @permissions[p1.dc_policy_role_id] = p1.permission }) if perm
-end
-
-############################################################################
+###########################################################################
 # Checks if user can perform (read, create, edit, delete) document in specified
 # table (collection).
 # 
@@ -185,45 +181,75 @@ end
 # @Example True when user has view permission on the table
 #   if dc_user_can(DcPermission::CAN_VIEW, params[:table]) then ...
 ############################################################################
-def __dc_user_can(permission, table=params[:table])
-  if @permissions.nil?
-    @permissions = {}
-    add_permissions_for # default permission
-    table_name = ''
-# permission can be set for table or object embedded in table. Read all possible values  
-    table.strip.downcase.split(';').each do |t|
-      table_name << (table_name.size > 0 ? ';' : '') + t # table;embedded;another;...
-      add_permissions_for table_name
-    end
-  end
-# Return true if any of the permissions user has is higher or equal to requested permission 
-  session[:user_roles].each {|r| return true if @permissions[r] and @permissions[r] >= permission }
+def dc_user_can(permission, table = params[:table])
+  permissions = DcPermission.permissions_for_table(table)
+  session[:user_roles].each {|r| return true if permissions[r] && permissions[r] >= permission }
   false
-end  
+end
 
-###########################################################################
-# Checks if user can perform (read, create, edit, delete) document in specified
-# table (collection).
-# 
-# @param [Integer] Required permission level
-# @param [String] Collection (table) name for which permission is queried. Defaults to params[table].
-# 
-# @return [Boolean] true if user's role permits (is higher or equal then required) operation on a table (collection). 
-# 
-# @Example True when user has view permission on the table
-#   if dc_user_can(DcPermission::CAN_VIEW, params[:table]) then ...
-############################################################################
-def dc_user_can(permission, table=params[:table])
-  @permissions ||= DcPermission.permissions_for_table(table)
-# Return true if any of the permissions user has is higher or equal to requested permission 
-  session[:user_roles].each {|r| return true if @permissions[r] and @permissions[r] >= permission }
+def dc_user_can(permission, table = params[:table])
+  cache_key = ['dc_permission', table, session[:user_id], dc_get_site.id]
+  permissions = dc_cache_read(cache_key)
+  if permissions.nil?
+    permissions = DcPermission.permissions_for_table(table)
+    dc_cache_write(cache_key, permissions)
+  end
+  session[:user_roles].each {|r| return true if permissions[r] && permissions[r] >= permission }
   false
 end
 
 ####################################################################
-# Detects if called from mobile agent according to http://detectmobilebrowsers.com/ 
+# Read from cache
+#
+# @keys [Array] Array of keys
+#
+# @return [Object] Data returned from cache
+####################################################################
+def dc_cache_read(keys)
+  if redis_cache_store?
+    keys  = keys.dup
+    first = keys.shift
+    data  = redis.hget(first, keys.join(''))
+    data ? Marshal.load(data) : nil
+  else
+    Rails.cache.read(keys.join(''))
+  end
+end
+
+def __dc_cache_read(keys)
+  p 'read', keys.join(''), Rails.cache.instance_variable_get(:@data).keys
+  pp Rails.cache.read(keys.join(''))
+end
+
+####################################################################
+# Write data to cache
+#
+# @param [Array] Array of keys
+# @param [Object] Data written to cache
+#
+# @return [Object] data so dc_cache_write can be used as last statement in method.
+####################################################################
+  def dc_cache_write(keys, data)
+    if redis_cache_store?
+      keys  = keys.dup
+      first = keys.shift
+      redis.hset(first, keys.join(''), Marshal.dump(data))
+    else
+      Rails.cache.write(keys.join(''), data)
+    end
+    data
+  end
+
+def __dc_cache_write(keys, data)
+  p 'write', keys.join('')
+  pp Rails.cache.write(keys.join(''), data)
+  data
+end
+
+####################################################################
+# Detects if called from mobile agent according to http://detectmobilebrowsers.com/
 # and set session[:is_mobile]
-# 
+#
 # Detect also if caller is a robot and set session[:is_robot]
 ####################################################################
 def dc_set_is_mobile
@@ -231,7 +257,7 @@ def dc_set_is_mobile
                                  : false
   session[:is_mobile] = is_mobile ? 1 : 0
 #
-  if request.env["HTTP_USER_AGENT"] and request.env["HTTP_USER_AGENT"].match(/\(.*https?:\/\/.*\)/)
+  if request.env["HTTP_USER_AGENT "] and request.env["HTTP_USER_AGENT"].match(/\(.*https?:\/\/.*\)/)
     logger.info "ROBOT: #{Time.now.strftime('%Y.%m.%d %H:%M:%S')} id=#{@page.id} ip=#{request.remote_ip}."
     session[:is_robot] = true
   end
@@ -299,7 +325,7 @@ def get_design_and_render(design_doc)
   site_top    = '<%= dc_page_top %>'
   site_bottom = '<%= dc_page_bottom %>'
 # lets try the rails way
- if @options[:control] and @options[:action]
+ if @options[:control] && @options[:action]
     controller = "#{@options[:control]}_control".classify.constantize rescue nil
     extend controller if controller
     return send @options[:action] if respond_to?(@options[:action])
@@ -307,7 +333,7 @@ def get_design_and_render(design_doc)
 # design doc present 
   if design_doc
     # defined as rails view
-    design = if design_doc.rails_view.blank? or design_doc.rails_view == 'site'
+    design = if design_doc.rails_view.blank? || design_doc.rails_view == 'site'
       @site.rails_view
     else
       design_doc.rails_view
@@ -319,7 +345,7 @@ def get_design_and_render(design_doc)
     return render(inline: design, layout: layout) unless design.blank?
   end
 # Design doc not defined
-  if @site.rails_view.blank? 
+  if @site.rails_view.blank?
     design = site_top + @site.design + site_bottom
     render(inline: design, layout: layout)
   else
@@ -341,34 +367,34 @@ end
 #     dc_process_default_request
 #   end
 ##########################################################################
-def dc_process_default_request() 
+def dc_process_default_request
   session[:edit_mode] ||= 0
-# Initialize parts
+  # Initialize parts
   @parts    = nil
   @js, @css = '', ''
-# find domain name in sites
+  # find domain name in sites
   @site = dc_get_site
-# site not defined. render 404 error
+  # site not defined. render 404 error
   return dc_render_404('Site!') if @site.nil?
+
   dc_set_options(@site.settings)
-# HOMEPAGE. When no parameters is set
+  # HOMEPAGE. When no parameters is set
   params[:path]   = @site.homepage_link if params[:id].nil? and params[:path].nil?
   @options[:path] = params[:path].to_s.downcase.split('/')
   params[:path]   = @options[:path].first if @options[:path].size > 1
-# some other process request. It should fail if not defined
+  # some other process request. It should fail if not defined
   return send(@site.request_processor) unless @site.request_processor.blank?
-
-# Search for page 
+  # Search for page
   pageclass = @site.page_klass
   if params[:id]
     #Page.where(id: params[:id]).or(subject_link: params[:id]).first    
     @page = pageclass.find_by(:dc_site_id.in => [@site._id, nil], subject_link: params[:id], active: true)
     @page = pageclass.find(params[:id]) if @page.nil? # I think that there will be more subject_link searchers than id
   elsif params[:path]
-# path may point direct to page's subject_link
+    # path may point direct to page's subject_link
     @page = pageclass.find_by(:dc_site_id.in => [@site._id, nil], subject_link: params[:path], active: true)
     if @page.nil?
-# no. Find if defined in links
+      # no. Find if defined in links
       link = DcLink.find_by(:dc_site_id.in => [@site._id, nil], name: params[:path])
       if link
         #pageclass.find_by(alt_link: params[:path])   
@@ -377,10 +403,10 @@ def dc_process_default_request()
       end
     end
   end
-# if @page is not found render 404 error
+  # if @page is not found render 404 error
   return dc_render_404('Page!') unless @page
   dc_set_is_mobile unless session[:is_mobile] # do it only once per session
-# find design if defined. Otherwise design MUST be declared in site
+  # find design if defined. Otherwise design MUST be declared in site
   if @page.dc_design_id
     @design = DcDesign.find(@page.dc_design_id)
     return dc_render_404('Design!') unless @design
@@ -388,20 +414,21 @@ def dc_process_default_request()
   dc_set_options @design.params if @design
   dc_set_options @page.params
   dc_add_json_ld(@page.get_json_ld)
-# Add edit menu
+  # Add edit menu
   if session[:edit_mode] > 0
     session[:site_id]         = @site.id
     session[:site_page_class] = @site.page_class
     session[:page_id]         = @page.id
-  else 
-# Log only visits from non-editors
+  else
+    # Log only visits from non-editors
     dc_log_visit()
   end
   set_page_title()
   get_design_and_render @design
 end
 
-##########################################################################
+######
+# ####################################################################
 # Single site document kind of request handler.
 # 
 # This request handler assumes that all data for the site is saved in the site document. 
@@ -501,7 +528,7 @@ end
 #      
 ####################################################################
 def dc_check_model(document, crash=false)
-  DcApplicationController.dc_check_model(document, crash=false)
+  DrgCms.check_model(document, crash=false)
 end
 
 ######################################################################
@@ -525,7 +552,7 @@ end
 # can be found in drg_cms.js file. 
 # 
 # @param [Hash] Options
-# 
+#
 # @return [JSON Response] Formatted to be used for ajax return.
 # 
 # @example
@@ -537,7 +564,7 @@ end
 ######################################################################
 def dc_render_ajax(opts)
   result = {}
-  if opts[:div] or opts[:class]
+  if opts[:div] || opts[:class]
     selector = opts[:div] ? '#' : '.' # for div . for class
     key = case
       when opts[:prepend] then "#{selector}+div"
@@ -559,7 +586,7 @@ end
 # @param [String] Table (collection) name. Could be dc_page;dc_part;... when searching for embedded document.
 # @param [String] Id of the document
 # @param [String] Ids of parent documents when document is embedded. Ids are separated by ; char. 
-# 
+#
 # @return [document]. Required document or nil if not found.
 # 
 # @example As used in Cmsedit_controller
@@ -604,7 +631,7 @@ def clear_login_data
   session[:edit_mode]   = 0
   session[:user_id]     = nil
   session[:user_name]   = nil
-  session[:user_roles]  = nil
+  set_default_guest_user_role
   cookies.delete :remember_me
 end
 
@@ -618,20 +645,20 @@ end
 
 ####################################################################
 # Fills session with data related to successful login.
-# 
+#
 # @param [DcUser] user : User's document
 # @param [Boolean] remember_me : false by default
 ####################################################################
 def fill_login_data(user, remember_me=false)
   session[:user_id]    = user.id if user
   session[:user_name]  = user.name if user
-  session[:edit_mode]  = 0 
+  session[:edit_mode]  = 0
   session[:user_roles] = []
   # Every user has guest role
-#  guest = DcPolicyRole.find_by(system_name: 'guest')
-#  session[:user_roles] << guest.id if guest
+  #  guest = DcPolicyRole.find_by(system_name: 'guest')
+  #  session[:user_roles] << guest.id if guest
   set_default_guest_user_role
-  return unless user and user.active  
+  return unless user and user.active
   # special for SUPERADMIN
   sa = DcPolicyRole.find_by(system_name: 'superadmin')
   if sa and (role = user.dc_user_roles.find_by(dc_policy_role_id: sa.id))
@@ -643,7 +670,7 @@ def fill_login_data(user, remember_me=false)
   policy_site = dc_get_site()
   policy_site = DcSite.find(policy_site.inherit_policy) if policy_site.inherit_policy
   default_policy = policy_site.dc_policies.find_by(is_default: true)
-  # load user roles      
+  # load user roles
   user.dc_user_roles.each do |role|
     next unless role.active
     next if role.valid_from and role.valid_from > Time.now.end_of_day.to_date
@@ -651,7 +678,7 @@ def fill_login_data(user, remember_me=false)
     # check if role is active in this site
     policy_role = default_policy.dc_policy_rules.find_by(dc_policy_role_id: role.dc_policy_role_id)
     next unless policy_role
-    # set edit_mode      
+    # set edit_mode
     session[:edit_mode] = 1 if policy_role.permission > 1
     session[:user_roles] << role.dc_policy_role_id
   end
@@ -661,15 +688,75 @@ def fill_login_data(user, remember_me=false)
   end
 end
 
+####################################################################
+# Fills session with data related to successful login.
+# 
+# @param [DcUser] user : User's document
+# @param [Boolean] remember_me : false by default
+####################################################################
+def fill_login_data(user, remember_me = false)
+  session[:user_id]   = user.id if user
+  session[:user_name] = user.name if user
+  session[:edit_mode] = 0
+  set_default_guest_user_role
+  return unless user&.active
+
+  # special for SUPERADMIN
+  sa = DcPolicyRole.find_by(system_name: 'superadmin')
+  if sa && (role = user.dc_user_roles.find_by(dc_policy_role_id: sa.id))
+    session[:user_roles] << role.dc_policy_role_id
+    session[:edit_mode] = 2
+    return
+  end
+  # read default policy from site. Policy might be inherited from other site
+  policy_site = dc_get_site()
+  policy_site = DcSite.find(policy_site.inherit_policy) if policy_site.inherit_policy
+  default_policy = policy_site.dc_policies.find_by(is_default: true)
+
+  # load user roles from groups
+  roles = {}
+  user.member.each do |group_id|
+    group = DcUser.find(group_id)
+    next unless group.active
+
+    group.dc_user_roles.each do |role|
+      next unless role.active?
+      roles[role.dc_policy_role_id] = role
+    end
+  end unless user.member.blank?
+
+  # load user roles from user
+  user.dc_user_roles.each do |role|
+    # not active in user roles will remove role defined in groups
+    unless role.active?
+      roles.delete(role.dc_policy_role_id) if roles[role.dc_policy_role_id]
+      next
+    end
+    roles[role.dc_policy_role_id] = role
+  end
+  # select only roles defined in default site policy and set edit_mode
+  roles.each do |key, role|
+    # check if role is active in this site
+    policy_role = default_policy.dc_policy_rules.find_by(dc_policy_role_id: role.dc_policy_role_id)
+    next unless policy_role
+    # set edit_mode      
+    session[:edit_mode] = 1 if policy_role.permission > 1
+    session[:user_roles] << role.dc_policy_role_id
+  end
+  # Save remember me cookie if not CMS user and remember me is selected
+  if session[:edit_mode] == 0 && remember_me
+    cookies.signed[:remember_me] = { value: user.id, expires: 180.days.from_now }
+  end
+end
+
 ##########################################################################
-# Will check if user's login data is stil valid and reload user roles.
+# Will check if user's login data is still valid and reload user roles.
 # 
 # @param [Time] repeat_after : Check is repeated after time. This is by default performed every 24 hours.
 ##########################################################################
-def dc_check_user_still_valid(repeat_after=1.day)
-  # not needed
-  return if session[:user_id].nil? 
-  # last check more than a day ago
+def dc_check_user_still_valid(repeat_after = 1.day)
+  return if session[:user_id].nil?
+  # last check more than repeat_after ago
   if (session[:user_chk] ||= Time.now) < repeat_after.ago
     user_id = session[:user_id]
     clear_login_data
@@ -686,7 +773,7 @@ end
 # @param [String] class_method defined as MyClass.method_name
 # @param [Object] optional parameters send to class_method
 ##########################################################################
-def dc_eval_class_method(class_method, params=nil)
+def dc_eval_class_method(class_method, params = nil)
   klass, method = class_method.split('.')
   # check if class exists
   klass = klass.classify.constantize rescue nil
@@ -729,6 +816,7 @@ end
 ########################################################################
 def dc_add_meta_tag(type, name, content)
   return if content.blank?
+
   @meta_tags ||= {}
   key = "#{type}=\"#{name}\""
   @meta_tags[key] = content
@@ -745,11 +833,38 @@ end
 # 
 ########################################################################
 def dc_update_form_field(field_name, value, readonly=false)
+  dc_deprecate('dc_update_form_field will be deprecated. Use dc_update_form_element instead.')
   key_name = (readonly ? 'td_' : '') + "record_#{field_name}"
   flash[:update] ||= {}
   flash[:update][key_name] = value
 end
 
+########################################################################
+# Will prepare flash[:update] data, which will be used for updating elements
+# on parent form.
+#
+# dc_update_form_field will be deprecated eventually.
+#
+# Parameters passed as hash:
+# [field] String: Field name
+# [head] String: Filed name in head of form
+# [value] String: New value
+# [readonly] Boolean: Field is readonly
+#
+########################################################################
+def dc_update_form_element(field: nil, head: nil, value:, readonly: true)
+  key = if field
+    (readonly ? 'td_' : '') + "record_#{field}"
+  elsif head
+    "head-#{head}"
+  end
+
+  if key
+    flash[:update] ||= {}
+    flash[:update][key] = value
+  end
+end
+
 ####################################################################
 # Checks if any errors exist on document and writes error log. It can also 
 # crash if requested. This is mostly usefull in development for debuging 
@@ -769,20 +884,8 @@ end
 #   end
 #      
 ####################################################################
-def self.dc_check_model(document, crash=false)
-  return nil unless document.errors.any?
-  msg = ""
-  document.errors.each do |attribute, errors_array|
-    msg << "#{attribute}: #{errors_array}\n"
-  end
-  #
-  if crash and msg.size > 0
-    msg = "Validation errors in #{document.class}:\n" + msg
-    pp msg
-    Rails.logger.error(msg)
-    raise "Validation error. See log for more information."
-  end
-  msg
+def self.dc_check_model(document, crash = false)
+  DrgCms.model_check(document, crash)
 end
 
 ########################################################################
@@ -798,5 +901,24 @@ def dc_dump_exception(exception)
   Rails.logger.error msg
 end
 
+private
+
+########################################################################
+# Determines if redis cache store is active
+#
+# @return [Boolean] : True if  redis cache store is active
+########################################################################
+def redis_cache_store?
+  (Rails.application.config.cache_store.first == :redis_cache_store) rescue false
+end
+
+########################################################################
+# Returns redis object
+#
+# @return [Object] : Redis object
+########################################################################
+def redis
+  Rails.cache.redis
+end
 
 end