drg_cms 0.6.1.11 → 0.7.0.8

data/app/controllers/cmsedit_controller.rb

@@ -113,7 +113,8 @@ def show
     ret = call_callback_method(m)
     if ret.class == FalseClass
       @form['readonly'] = nil # must be
-      return index 
+      flash[:error] ||= t('drgcms.not_authorized')
+      return index
     end
   end  
 
@@ -271,7 +272,7 @@ def create
     # Prevent double form submit
     params[:form_time_stamp] = params[:form_time_stamp].to_i
     session[:form_time_stamp] ||= 0
-    return index if params[:form_time_stamp] <= session[:form_time_stamp]
+    return index if params[:form_time_stamp] <= session[:form_time_stamp] && !Rails.env.test?
 
     session[:form_time_stamp] = params[:form_time_stamp]
     create_new_empty_record
@@ -385,7 +386,7 @@ def destroy
       save_journal(:delete)
       flash[:info] = t('drgcms.record_deleted')
       # after_delete callback
-      if (m = callback_method('after_delete') ) 
+      if (m = callback_method('after_delete') )
         call_callback_method(m)
       elsif params['after-delete'].to_s.match('return_to')
         params[:return_to] = params['after-delete']
@@ -613,7 +614,7 @@ def save_journal(operation, changes = {})
 
   if (operation != :update) || changes.size > 0
     # determine site_id
-    site_id = @record.site_id if @record.respond_to?('site_id')
+    site_id = @record.site_id if @record && @record.respond_to?('site_id')
     site_id = dc_get_site._id if site_id.nil? && dc_get_site
 
     DcJournal.create(site_id: site_id,
@@ -637,8 +638,9 @@ def callback_method(key) #:nodoc:
   callback = case
     when params['data'] && params['data'][data_key] then params['data'][data_key]
     # dc_ + key method is present then call it automatically
-    when @form.dig('form', key) then @form['form'][key]
+    when @form.dig('permissions', key) then @form['permissions'][key]
     when respond_to?('dc_' + key) then 'dc_' + key
+    when respond_to?(key) then key
     when params[data_key] then params[data_key]
     else nil
   end
@@ -843,24 +845,20 @@ def process_collections #:nodoc
     check_sort_options()
   end  
   # result set is defined by filter method in control object
-  form_filter = @form['result_set']['filter']
-  if form_filter
-    if respond_to?(form_filter)
-      @records = send(form_filter)
-      # something went wrong. flash[] should have explanation.
-      if @records.class == FalseClass
-        @records = []
-        render(action: :index)
-        return true
-      end
-      process_select_and_deny_fields           
-      # pagination but only if not already set
-      unless (@form['table'] == 'dc_memory' || @records.options[:limit])
-        per_page = (@form['result_set']['per_page'] || 25).to_i
-        @records = @records.page(params[:page]).per(per_page) if per_page > 0
-      end
-    elsif form_filter != 'dc_filter'
-      Rails.logger.error "Error: result_set:filter: #{@form['result_set']['filter']} not found in controls!"
+  form_filter = @form['result_set']['filter'] || 'default_filter'
+  if respond_to?(form_filter)
+    @records = send(form_filter)
+    # something went wrong. flash[] should have explanation.
+    if @records.class == FalseClass
+      @records = []
+      render(action: :index)
+      return true
+    end
+    process_select_and_deny_fields
+    # pagination but only if not already set
+    unless (@form['table'] == 'dc_memory' || (@records.respond_to?(:options) && @records.options[:limit]))
+      per_page = (@form['result_set']['per_page'] || 25).to_i
+      @records = @records.page(params[:page]).per(per_page) if per_page > 0
     end
   else
     if @tables.size > 1 
@@ -871,7 +869,7 @@ def process_collections #:nodoc
       @records = rec.send(embedded_field_name)   # current embedded set
       # sort by order if order field is present in model
       if @tables.last[1].classify.constantize.respond_to?(:order)
-        @records = @records.order_by('order asc')
+        @records = @records.order_by(order: 1)
       end
     end
   end

data/app/controllers/dc_application_controller.rb

@@ -27,7 +27,6 @@
 ##########################################################################
 class DcApplicationController < ActionController::Base
 protect_from_forgery with: :null_session, only: Proc.new { |c| c.request.format.json? }
-before_action :dc_reload_patches if Rails.env.development?
 before_action :dc_set_locale
 
 ########################################################################
@@ -91,7 +90,7 @@ def dc_get_site
 
   @site = DcSite.find_by(name: uri.host)
   # Site can be aliased
-  if @site && !@site.alias_for.blank?
+  if @site&.alias_for.present?
     @site = DcSite.find_by(name: @site.alias_for)
   end
   # Development environment. Check if site with name test exists and use
@@ -162,14 +161,15 @@ protected
 ############################################################################
 def dc_user_can(permission, table = params[:table])
   table = table.underscore
-  cache_key = ['dc_permission', table, session[:user_id], dc_get_site.id]
-  permissions = dc_cache_read(cache_key)
+  cache_key = ['dc_permission', table, dc_get_site.id]
+  permissions = DrgCms.cache_read(cache_key)
   if permissions.nil?
     permissions = DcPermission.permissions_for_table(table)
-    dc_cache_write(cache_key, permissions)
+    DrgCms.cache_write(cache_key, permissions)
   end
-  session[:user_roles].each { |r| return true if permissions[r] && permissions[r] >= permission }
-  false
+  return false if session[:user_roles].nil?
+
+  session[:user_roles].inject(false) { |r, rule| break true if permissions[rule] && permissions[rule] >= permission }
 end
 
 ####################################################################
@@ -424,7 +424,7 @@ end
 #   decamelize_type(ModelName) # 'ModelName' => 'model_name'
 ########################################################################
 def decamelize_type(model_string)
-  model_string ? model_string.underscore : nil
+  model_string ? model_string.to_s.underscore : nil
 end
 
 ####################################################################
@@ -439,7 +439,8 @@ def dc_error_messages_for(document)
 
   msg = ''
   document.errors.each do |error|
-    label = t("helpers.label.#{decamelize_type(document.class)}.#{error.attribute}", error.attribute)
+    label = t("helpers.label.#{decamelize_type(document.class)}.#{error.attribute}")
+    label = error.attribute if label.match(/translation missing/i)
     msg << "<li>#{label} : #{error.message}</li>"
   end
 

data/app/controllers/dc_common_controller.rb

@@ -116,7 +116,7 @@ def toggle_edit_mode
   end
   url << (url.match(/\?/) ? '&' : '?')
   url << "return_to_ypos=#{ypos}"
-  redirect_to url
+  redirect_to(url, allow_other_host: true)
 end
 
 ####################################################################
@@ -124,19 +124,20 @@ end
 ####################################################################
 def process_login
   # Somebody is probably playing
-  return dc_render_404 unless ( params[:record] && params[:record][:username] && params[:record][:password] )
+  return dc_render_404 unless ( params.dig(:record, :username) && params.dig(:record, :password) )
 
-  unless params[:record][:password].blank? #password must not be empty
+  return_to = request.env['HTTP_REFERER'] || '/'
+  if params[:record][:password].present? #password must not be empty
     user  = DcUser.find_by(username: params[:record][:username], active: true)
-    if user and user.authenticate(params[:record][:password])
+    if user && user.authenticate(params[:record][:password])
       fill_login_data(user, params[:record][:remember_me].to_i == 1)
-      return redirect_to params[:return_to] ||  '/'
+      return redirect_to(params[:return_to] || return_to, allow_other_host: true)
     else
       clear_login_data # on the safe side
     end
   end
   flash[:error] = t('drgcms.invalid_username')
-  redirect_to params[:return_to_error] ||  '/'
+  redirect_to return_to
 end
 
 ####################################################################
@@ -144,7 +145,7 @@ end
 ####################################################################
 def logout
   clear_login_data
-  redirect_to params[:return_to] || '/'
+  redirect_to(params[:return_to] || '/', allow_other_host: true)
 end
 
 ####################################################################
@@ -156,14 +157,14 @@ def login
     user = DcUser.find(cookies.signed[:remember_me])
     if user and user.active
       fill_login_data(user, true)
-      return redirect_to params[:return_to]
+      return(redirect_to params[:return_to], allow_other_host: true)
     else
       clear_login_data # on the safe side
     end
   end
   # Display login
   route = params[:route] || 'poll'
-  redirect_to "/#{route}?poll_id=login&return_to=#{params[:return_to]}"
+  redirect_to("/#{route}?poll_id=login&return_to=#{params[:return_to]}", allow_other_host: true)
 end
 
 ####################################################################
@@ -219,8 +220,10 @@ def copy_clipboard
     format.html do
       table = CmsHelper.table_param(params)
       doc   = dc_find_document(table, params[:id], params[:ids])
-      text  = "<br><br>[#{table},#{params[:id]},#{params[:ids]}]<br>"
-      render plain: text + doc.as_document.to_json
+      text  = '<style>body {font-family: monospace;}</style><pre>'
+      text << "JSON:<br>[#{table},#{params[:id]},#{params[:ids]}]<br>#{doc.as_document.to_json}<br><br>"
+      text << "YAML:<br>#{doc.as_document.to_hash.to_yaml.gsub("\n", '<br>')}</pre>"
+      render plain: text
     end
   end  
 end

data/app/controllers/dc_main_controller.rb

@@ -1,4 +1,3 @@
-#coding: utf-8
 #--
 # Copyright (c) 2012+ Damjan Rems
 #

data/app/controls/dc_gallery_control.rb

@@ -0,0 +1,46 @@
+#--
+# Copyright (c) 2022+ Damjan Rems
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+######################################################################
+# DRG CMS controls for DcGallery collection
+######################################################################
+module DcGalleryControl
+
+######################################################################
+# Remove picture from gallery.
+######################################################################
+def picture_remove
+  unless dc_user_can(DcPermission::CAN_DELETE, 'dc_gallery')
+    return render json: { alert: t('drgcms.not_authorized') }
+  end
+
+  doc = DcGallery.find(params[:id])
+  pic = Rails.root.join('public', doc.picture.delete_prefix('/'))
+  File.delete(pic) if File.exist?(pic)
+  pic = Rails.root.join('public', doc.thumbnail.delete_prefix('/'))
+  File.delete(pic) if File.exist?(pic)
+  doc.delete
+  render json: { reload: true }
+end
+
+end

data/app/controls/dc_image_control.rb

@@ -0,0 +1,180 @@
+#--
+# Copyright (c) 2022+ Damjan Rems
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+######################################################################
+# DrgcmsControls for DcImage data entry.
+######################################################################
+module DcImageControl
+
+######################################################################
+#
+######################################################################
+def search_filter
+  flash[:record] ||= {}
+
+  created_by = flash[:record][:created_by]
+  qry = created_by.present? ? DcImage.where(created_by: created_by) : DcImage.all
+
+  short_name = flash[:record][:short]
+  qry = qry.and(short: /#{short_name}/i) if short_name.present?
+
+  category = flash[:record][:categories]
+  qry = qry.and(categories: category) if category.present?
+  qry.limit(30).order_by(created_at: -1)
+end
+
+######################################################################
+# Invoke images search. Just forward parameters and reload form. Filter parameters will
+# be taken into account on reload.
+######################################################################
+def images_search
+  flash[:record] = {}
+  flash[:record][:short] = params[:record][:short]
+  flash[:record][:created_by] = params[:record][:created_by]
+  flash[:record][:categories] = params[:record][:categories]
+
+  url = url_for(controller: :cmsedit, table: :dc_image, form_name: :dc_image_search, field_name: params[:field_name])
+  render json: { url: url }
+end
+
+######################################################################
+# Set some default values when new record
+######################################################################
+def dc_new_record
+  default_sizes = dc_get_site.params.dig('dc_image', 'sizes').to_s.split(',')
+  @record.size_ls = default_sizes.shift
+  @record.size_ms = default_sizes.shift
+  @record.size_ss = default_sizes.shift
+end
+
+######################################################################
+# Save uploaded file if selected and extract properties data
+######################################################################
+def dc_before_save
+  return if @record.size_o.present? || !params[:upload_file]
+
+  input_file_name = params[:upload_file].original_filename
+  type = File.extname(input_file_name).to_s.downcase.gsub('.', '').strip
+  unless %w(jpg jpeg png gif svg webp).include?(type)
+    flash[:error] = t 'drgcms.dc_image.wrong_type'
+    return false
+  end
+  name = File.basename(input_file_name)
+  path = File.dirname(params[:upload_file].tempfile)
+
+  @record.img_type = dc_get_site.params.dig('dc_image', 'img_type') || type
+  @record.short = File.basename(input_file_name, '.*') if @record.short.blank?
+  @record.name  = File.join(path, name)
+  FileUtils.mv(params[:upload_file].tempfile, @record.name, force: nil)
+end
+
+######################################################################
+# Prepare additional images
+######################################################################
+def dc_after_save
+  %w[l m s o].each { |size| image_convert(size) }
+end
+
+private
+
+######################################################################
+#
+######################################################################
+def image_convert(which)
+  new_file_name = "#{@record.id}-#{which}.#{@record.img_type}"
+  new_file_name = Rails.root.join('public', images_location, new_file_name)
+  new_size = @record["size_#{which}"]
+  # remove file if not needed
+  if new_size.blank?
+    FileUtils.rm(new_file_name) if File.exist?(new_file_name)
+    return
+  end
+
+  original_file_name = Rails.root.join('public', images_location, "#{@record.id}-o.#{@record.img_type}")
+  @record.name = original_file_name unless @record.name.present? && File.exist?(@record.name)
+  if !File.exist?(@record.name)
+    flash[:warning] = t 'drgcms.dc_image.no_file'
+    return
+  end
+
+  image_magick_do(new_size, new_file_name)
+end
+
+######################################################################
+# Crop and resize image
+#
+# @new_size [String] new_size widthxheight+offsetx+offsety 300x200+1000+0
+# @file_name [String] Image file name
+######################################################################
+def image_magick_do(new_size, file_name)
+  image = MiniMagick::Image.open(@record.name)
+
+  a = new_size.split(/x|\+/).map(&:to_i)
+  a += [0, 0] if a.size < 4
+  image_offset(image, a[2, 2]) if a[2, 2] != [0, 0]
+
+  img_w, img_h = image.width, image.height
+  new_w, new_h = a[0, 2]
+  img_ratio = img_w.to_f / img_h
+  new_ratio = new_w.to_f / new_h
+  formula = if new_ratio > img_ratio
+              "#{img_w}x#{img_w/new_ratio}+0+0"
+            else
+              "#{img_h*new_ratio}x#{img_h}+0+0"
+            end
+  image.crop(formula)
+
+  image.resize("#{new_w}x#{new_h}")
+  image.write(file_name)
+  image_reduce(file_name)
+end
+
+######################################################################
+# Reduce image quality of image
+######################################################################
+def image_reduce(file_name)
+  if (quality = dc_get_site.params.dig('dc_image', 'quality').to_i) > 0
+    convert = MiniMagick::Tool::Convert.new
+    convert << file_name
+    convert.quality(quality)
+    convert << file_name
+    convert.call
+  end
+end
+
+######################################################################
+# Offset image if requested
+######################################################################
+def image_offset(image, offset)
+  img_w, img_h = image.width - offset[0], image.height - offset[1]
+  image.crop("#{img_w}x#{img_h}+#{offset[0]}+#{offset[1]}")
+end
+
+######################################################################
+# Returns location of images files relative to public directory
+######################################################################
+def images_location
+  dc_get_site.params.dig('dc_image', 'location') || 'images'
+end
+
+end

data/app/controls/dc_page_control.rb

@@ -22,14 +22,14 @@
 #++
 
 ######################################################################
-# DrgcmsControls for DcPage model.
+# DRG Controls for DcPage model.
 ######################################################################
 module DcPageControl
 
 ######################################################################
 # Called when new empty record is created
 ######################################################################
-def dc_new_record()
+def dc_new_record
   # Called from menu. Fill in values, that could be obtained from menu
   if params[:from_menu]
     # find menu and submenu. Menu class is defined in Site.
@@ -59,7 +59,7 @@ end
 ######################################################################
 # Called just after record is saved to DB.
 ######################################################################
-def dc_after_save()
+def dc_after_save
   if params.dig(:_record,:_update_menu).to_s == '1'
     dc_get_site.menu_klass.update_menu_item_link(@record)
   end

data/app/controls/dc_poll_result_control.rb

@@ -1,4 +1,3 @@
-#encoding: utf-8
 #--
 # Copyright (c) 2014+ Damjan Rems
 #
@@ -23,14 +22,14 @@
 #++
 
 ######################################################################
-# DrgcmsControls for DcPage model.
+# DRG Controls for DcPage model.
 ######################################################################
 module DcPollResultControl
 
 ######################################################################
 # Filter result data when filter is set
 ######################################################################
-def poll_filter()
+def poll_filter
   get_query
 end
 
@@ -55,15 +54,15 @@ def do_export
     # ensure, that fields are always in same order
     data = YAML.load(doc.data)
     if c.blank?
-      data.each {|k,v| keys << k}
+      data.each { |k, v| keys << k }
       c << I18n.t('helpers.label.dc_poll_result.created_at') + "\t"
       c << keys.join("\t") + "\n"
     end
     c << doc.created_at.strftime(I18n.t('date.formats.default') ) + "\t"
-    keys.each {|k| c << data[k] + "\t"}
+    keys.each { |k| c << data[k] + "\t" }
     c << "\n"
   end
-  File.write(Rails.root.join('public','export.csv'), c)
+  File.write(Rails.root.join('public', 'export.csv'), c)
   dc_render_ajax(operation: :window, value: 'export.csv')
 end
 
@@ -71,8 +70,8 @@ private
 ######################################################################
 # Creates query for Poll results
 ######################################################################
-def get_query()
-  if params.dig(:record,:dc_poll_id).nil?
+def get_query
+  if params.dig(:record, :dc_poll_id).nil?
     qry = DcPollResult.all
   else  
     qry = DcPollResult.where(dc_poll_id: params[:record][:dc_poll_id])

data/app/controls/dc_report.rb

@@ -55,7 +55,7 @@ def print
     render json: { msg_error: t('drgcms.runtime_error') } and return
   end
 
-  pdf_file = "tmp/dokument-#{Time.now.to_i}.pdf"
+  pdf_file = "tmp/document-#{Time.now.to_i}.pdf"
   @pdf.render_file Rails.root.join('public', pdf_file)
 
   render json: print_response(pdf_file)
@@ -142,14 +142,19 @@ def export_to_excel(report_id)
   columns.each_with_index do |column, i|
     caption = column.last['caption'] || column.last['label']
     label = t(caption)
-    excel[n, i] = label.match('translation missing') ? caption : label
+    excel[n, i] = label.match(/translation missing/i) ? caption : label
   end
 
   data_filter.each do |doc|
     n += 1
     columns.each_with_index do |column, i|
-      value = doc[column.last['name']].to_s.gsub('<br>', ";")
-      value = value.gsub(/\<\/strong\>|\<strong\>|\<\/b\>|\<b\>/, '')
+      value = doc[column.last['name']]
+      value = case value.class.to_s
+              when /Integer|Float/ then value
+              when /Decimal/ then value.to_s.to_f
+              else
+                value.to_s.gsub('<br>', ";").gsub(/\<\/strong\>|\<strong\>|\<\/b\>|\<b\>/, '')
+              end
       excel[n, i] = value
     end
   end