drg_cms 0.7.0.2 → 0.7.1.1

data/app/controllers/dc_application_controller.rb

@@ -27,7 +27,6 @@
 ##########################################################################
 class DcApplicationController < ActionController::Base
 protect_from_forgery with: :null_session, only: Proc.new { |c| c.request.format.json? }
-before_action :dc_reload_patches if Rails.env.development?
 before_action :dc_set_locale
 
 ########################################################################
@@ -86,12 +85,12 @@ def dc_get_site
   uri  = URI.parse(request.url)
   cache_key = ['dc_site', uri.host]
 
-  @site = dc_cache_read(cache_key)
+  @site = DrgCms.cache_read(cache_key)
   return @site if @site
 
   @site = DcSite.find_by(name: uri.host)
   # Site can be aliased
-  if @site && !@site.alias_for.blank?
+  if @site&.alias_for.present?
     @site = DcSite.find_by(name: @site.alias_for)
   end
   # Development environment. Check if site with name test exists and use
@@ -101,7 +100,7 @@ def dc_get_site
     @site = DcSite.find_by(name: @site.alias_for) if @site
   end
   @site = nil if @site && !@site.active # site is disabled
-  dc_cache_write(cache_key, @site)
+  DrgCms.cache_write(cache_key, @site)
 end
 
 ##########################################################################
@@ -161,15 +160,11 @@ protected
 #   if dc_user_can(DcPermission::CAN_VIEW, params[:table]) then ...
 ############################################################################
 def dc_user_can(permission, table = params[:table])
+  return false if session[:user_roles].nil?
+
   table = table.underscore
-  cache_key = ['dc_permission', table, session[:user_id], dc_get_site.id]
-  permissions = dc_cache_read(cache_key)
-  if permissions.nil?
-    permissions = DcPermission.permissions_for_table(table)
-    dc_cache_write(cache_key, permissions)
-  end
-  session[:user_roles].each { |r| return true if permissions[r] && permissions[r] >= permission }
-  false
+  permissions = DrgCms.cache_read(['dc_permission', table, dc_get_site.id]) { DcPermission.permissions_for_table(table) }
+  session[:user_roles].inject(false) { |r, rule| break true if permissions[rule] && permissions[rule] >= permission }
 end
 
 ####################################################################
@@ -440,7 +435,7 @@ def dc_error_messages_for(document)
   msg = ''
   document.errors.each do |error|
     label = t("helpers.label.#{decamelize_type(document.class)}.#{error.attribute}")
-    label = error.attribute if label.match( 'translation missing' )
+    label = error.attribute if label.match(/translation missing/i)
     msg << "<li>#{label} : #{error.message}</li>"
   end
 
@@ -800,7 +795,7 @@ private
 #
 # @return [Boolean] : True if  redis cache store is active
 ########################################################################
-def redis_cache_store?
+def xredis_cache_store?
   (Rails.application.config.cache_store.first == :redis_cache_store) rescue false
 end
 
@@ -809,31 +804,33 @@ end
 #
 # @return [Object] : Redis object
 ########################################################################
-def redis
+def xredis
   Rails.cache.redis
 end
 
 ########################################################################
-# Extends DRGCMS form file. Extended file is processed first and then merged
+# Extends DRG CMS form file. Extended file is processed first and then merged
 # with code in this form file. Form can extend only single form file.
 #
 # [Parameters:]
 # [extend_option] : Value of @form['extend'] option
 ########################################################################
 def dc_form_extend(extend_option)
-  form_file_name = CmsHelper.form_file_find(extend_option)
-  @form_js << read_js_drg_form(form_file_name)
-  form  = YAML.load_file( form_file_name )
-  @form = CmsHelper.forms_merge(form, @form)
-  # If combined form contains tabs and fields options, merge fields into tabs
-  if @form['form']['tabs'] && @form['form']['fields']
-    @form['form']['tabs']['fields'] = @form['form']['fields']
-    @form['form']['fields'] = nil
+  extend_option.chomp.split(',').each do |a_file|
+    form_file_name = CmsHelper.form_file_find(a_file.strip)
+    @form_js << read_js_drg_form(form_file_name)
+    form  = YAML.load_file( form_file_name )
+    @form = CmsHelper.forms_merge(form, @form)
+    # If combined form contains tabs and fields options, move fields into fields tab
+    if @form.dig('form', 'tabs') && @form.dig('form', 'fields')
+      @form['form']['tabs']['fields'] = @form['form']['fields']
+      @form['form']['fields'] = nil
+    end
   end
 end
 
 ########################################################################
-# Include code from another DRGCMS form file. Included code is merged
+# Include code from another DRG CMS form file. Included code is merged
 # with current form file code. Form can include more than one other DRGCMS forms.
 #
 # [Parameters:]

data/app/controllers/dc_common_controller.rb

@@ -124,19 +124,20 @@ end
 ####################################################################
 def process_login
   # Somebody is probably playing
-  return dc_render_404 unless ( params[:record] && params[:record][:username] && params[:record][:password] )
+  return dc_render_404 unless ( params.dig(:record, :username) && params.dig(:record, :password) )
 
-  unless params[:record][:password].blank? #password must not be empty
+  return_to = request.env['HTTP_REFERER'] || '/'
+  if params[:record][:password].present? #password must not be empty
     user  = DcUser.find_by(username: params[:record][:username], active: true)
     if user && user.authenticate(params[:record][:password])
       fill_login_data(user, params[:record][:remember_me].to_i == 1)
-      return redirect_to(params[:return_to] ||  '/', allow_other_host: true)
+      return redirect_to(params[:return_to] || return_to, allow_other_host: true)
     else
       clear_login_data # on the safe side
     end
   end
   flash[:error] = t('drgcms.invalid_username')
-  redirect_to(params[:return_to] ||  '/', allow_other_host: true)
+  redirect_to return_to
 end
 
 ####################################################################
@@ -219,8 +220,10 @@ def copy_clipboard
     format.html do
       table = CmsHelper.table_param(params)
       doc   = dc_find_document(table, params[:id], params[:ids])
-      text  = "<br><br>[#{table},#{params[:id]},#{params[:ids]}]<br>"
-      render plain: text + doc.as_document.to_json
+      text  = '<style>body {font-family: monospace;}</style><pre>'
+      text << "JSON:<br>[#{table},#{params[:id]},#{params[:ids]}]<br>#{doc.as_document.to_json}<br><br>"
+      text << "YAML:<br>#{doc.as_document.to_hash.to_yaml.gsub("\n", '<br>')}</pre>"
+      render plain: text
     end
   end  
 end

data/app/controllers/dc_main_controller.rb

@@ -1,4 +1,3 @@
-#coding: utf-8
 #--
 # Copyright (c) 2012+ Damjan Rems
 #

data/app/controls/{dc_category_control.rb → dc_gallery_control.rb}

@@ -1,5 +1,5 @@
 #--
-# Copyright (c) 2014+ Damjan Rems
+# Copyright (c) 2022+ Damjan Rems
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -22,40 +22,25 @@
 #++
 
 ######################################################################
-# DrgcmsControls for DcPage model.
+# DRG CMS controls for DcGallery collection
 ######################################################################
-module DcCategoryControl
+module DcGalleryControl
 
 ######################################################################
-# Called when new empty record is created
+# Remove picture from gallery.
 ######################################################################
-def dc_new_record
-  if params[:selected]
-
-  end
-  if params[:from_menu]
-    # find menu and submenu. Menu class is defined in Site.
-    menu_a = params[:id].split(';')
-    menu   = dc_get_site.menu_klass.find(menu_a.shift)
-    menu_items_method = "#{dc_get_site.menu_class}_items".underscore
-    menu_i = menu.send(menu_items_method).find(menu_a.shift)
-    while menu_a.size > 0 do menu_i = menu_i.send(menu_items_method).find(menu_a.shift) end
-    # Fill values for form
-    @record.subject = menu_i.caption    
-    @record.dc_site_id = menu.dc_site_id
-    @record.menu_id = params[:id]
-    # set update_menu on save parameter
-    params['p__update_menu'] = '1'
-  else
-    @record.design_id = params[:design_id] if params[:design_id]
-    return unless params[:page_id]
-    # inherit some values from currently active page
-    if page = DcPage.find(params[:page_id])
-      @record.design_id  = page.design_id
-      @record.menu       = page.menu
-      @record.dc_site_id = page.dc_site_id
-    end
+def picture_remove
+  unless dc_user_can(DcPermission::CAN_DELETE, 'dc_gallery')
+    return render json: { alert: t('drgcms.not_authorized') }
   end
+
+  doc = DcGallery.find(params[:id])
+  pic = Rails.root.join('public', doc.picture.delete_prefix('/'))
+  File.delete(pic) if File.exist?(pic)
+  pic = Rails.root.join('public', doc.thumbnail.delete_prefix('/'))
+  File.delete(pic) if File.exist?(pic)
+  doc.delete
+  render json: { reload: true }
 end
 
 end

data/app/controls/dc_image_control.rb

@@ -0,0 +1,180 @@
+#--
+# Copyright (c) 2022+ Damjan Rems
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+######################################################################
+# DrgcmsControls for DcImage data entry.
+######################################################################
+module DcImageControl
+
+######################################################################
+#
+######################################################################
+def search_filter
+  flash[:record] ||= {}
+
+  created_by = flash[:record][:created_by]
+  qry = created_by.present? ? DcImage.where(created_by: created_by) : DcImage.all
+
+  short_name = flash[:record][:short]
+  qry = qry.and(short: /#{short_name}/i) if short_name.present?
+
+  category = flash[:record][:categories]
+  qry = qry.and(categories: category) if category.present?
+  qry.limit(30).order_by(created_at: -1)
+end
+
+######################################################################
+# Invoke images search. Just forward parameters and reload form. Filter parameters will
+# be taken into account on reload.
+######################################################################
+def images_search
+  flash[:record] = {}
+  flash[:record][:short] = params[:record][:short]
+  flash[:record][:created_by] = params[:record][:created_by]
+  flash[:record][:categories] = params[:record][:categories]
+
+  url = url_for(controller: :cmsedit, table: :dc_image, form_name: :dc_image_search, field_name: params[:field_name])
+  render json: { url: url }
+end
+
+######################################################################
+# Set some default values when new record
+######################################################################
+def dc_new_record
+  default_sizes = dc_get_site.params.dig('dc_image', 'sizes').to_s.split(',')
+  @record.size_ls = default_sizes.shift
+  @record.size_ms = default_sizes.shift
+  @record.size_ss = default_sizes.shift
+end
+
+######################################################################
+# Save uploaded file if selected and extract properties data
+######################################################################
+def dc_before_save
+  return if @record.size_o.present? || !params[:upload_file]
+
+  input_file_name = params[:upload_file].original_filename
+  type = File.extname(input_file_name).to_s.downcase.gsub('.', '').strip
+  unless %w(jpg jpeg png gif svg webp).include?(type)
+    flash[:error] = t 'drgcms.dc_image.wrong_type'
+    return false
+  end
+  name = File.basename(input_file_name)
+  path = File.dirname(params[:upload_file].tempfile)
+
+  @record.img_type = dc_get_site.params.dig('dc_image', 'img_type') || type
+  @record.short = File.basename(input_file_name, '.*') if @record.short.blank?
+  @record.name  = File.join(path, name)
+  FileUtils.mv(params[:upload_file].tempfile, @record.name, force: nil)
+end
+
+######################################################################
+# Prepare additional images
+######################################################################
+def dc_after_save
+  %w[l m s o].each { |size| image_convert(size) }
+end
+
+private
+
+######################################################################
+#
+######################################################################
+def image_convert(which)
+  new_file_name = "#{@record.id}-#{which}.#{@record.img_type}"
+  new_file_name = Rails.root.join('public', images_location, new_file_name)
+  new_size = @record["size_#{which}"]
+  # remove file if not needed
+  if new_size.blank?
+    FileUtils.rm(new_file_name) if File.exist?(new_file_name)
+    return
+  end
+
+  original_file_name = Rails.root.join('public', images_location, "#{@record.id}-o.#{@record.img_type}")
+  @record.name = original_file_name unless @record.name.present? && File.exist?(@record.name)
+  if !File.exist?(@record.name)
+    flash[:warning] = t 'drgcms.dc_image.no_file'
+    return
+  end
+
+  image_magick_do(new_size, new_file_name)
+end
+
+######################################################################
+# Crop and resize image
+#
+# @new_size [String] new_size widthxheight+offsetx+offsety 300x200+1000+0
+# @file_name [String] Image file name
+######################################################################
+def image_magick_do(new_size, file_name)
+  image = MiniMagick::Image.open(@record.name)
+
+  a = new_size.split(/x|\+/).map(&:to_i)
+  a += [0, 0] if a.size < 4
+  image_offset(image, a[2, 2]) if a[2, 2] != [0, 0]
+
+  img_w, img_h = image.width, image.height
+  new_w, new_h = a[0, 2]
+  img_ratio = img_w.to_f / img_h
+  new_ratio = new_w.to_f / new_h
+  formula = if new_ratio > img_ratio
+              "#{img_w}x#{img_w/new_ratio}+0+0"
+            else
+              "#{img_h*new_ratio}x#{img_h}+0+0"
+            end
+  image.crop(formula)
+
+  image.resize("#{new_w}x#{new_h}")
+  image.write(file_name)
+  image_reduce(file_name)
+end
+
+######################################################################
+# Reduce image quality of image
+######################################################################
+def image_reduce(file_name)
+  if (quality = dc_get_site.params.dig('dc_image', 'quality').to_i) > 0
+    convert = MiniMagick::Tool::Convert.new
+    convert << file_name
+    convert.quality(quality)
+    convert << file_name
+    convert.call
+  end
+end
+
+######################################################################
+# Offset image if requested
+######################################################################
+def image_offset(image, offset)
+  img_w, img_h = image.width - offset[0], image.height - offset[1]
+  image.crop("#{img_w}x#{img_h}+#{offset[0]}+#{offset[1]}")
+end
+
+######################################################################
+# Returns location of images files relative to public directory
+######################################################################
+def images_location
+  dc_get_site.params.dig('dc_image', 'location') || 'images'
+end
+
+end

data/app/controls/dc_page_control.rb

@@ -22,14 +22,14 @@
 #++
 
 ######################################################################
-# DrgcmsControls for DcPage model.
+# DRG Controls for DcPage model.
 ######################################################################
 module DcPageControl
 
 ######################################################################
 # Called when new empty record is created
 ######################################################################
-def dc_new_record()
+def dc_new_record
   # Called from menu. Fill in values, that could be obtained from menu
   if params[:from_menu]
     # find menu and submenu. Menu class is defined in Site.
@@ -59,7 +59,7 @@ end
 ######################################################################
 # Called just after record is saved to DB.
 ######################################################################
-def dc_after_save()
+def dc_after_save
   if params.dig(:_record,:_update_menu).to_s == '1'
     dc_get_site.menu_klass.update_menu_item_link(@record)
   end

data/app/controls/dc_poll_result_control.rb

@@ -1,4 +1,3 @@
-#encoding: utf-8
 #--
 # Copyright (c) 2014+ Damjan Rems
 #
@@ -23,66 +22,66 @@
 #++
 
 ######################################################################
-# DrgcmsControls for DcPage model.
+# DRG Controls for DcPage model.
 ######################################################################
 module DcPollResultControl
 
 ######################################################################
-# Filter result data when filter is set
+# Set filter action called from form.
 ######################################################################
-def poll_filter()
-  get_query
-end
+def filter_set
+  record = params[:record]
+  filter = "DcPollResult.where(dc_poll_id: '#{record[:dc_poll_id]}')"
+  filter << ".and(:created_at.gte => '#{Time.parse(record[:start_date]).beginning_of_day}')" if record[:start_date].present?
+  filter << ".and(:created_at.lte => '#{Time.parse(record[:end_date]).end_of_day}')" if record[:end_date].present?
 
-######################################################################
-# Filter action called. Update url to reflect filter conditions and reload form.
-######################################################################
-def do_filter
-  url = url_for(controller: 'cmsedit', action: :index, table: :dc_poll_result,
-                'record[dc_poll_id]' => params[:record][:dc_poll_id],
-                'record[start_date]' => params[:record][:start_date],
-                'record[end_date]'   => params[:record][:end_date]
-               )
-  dc_render_ajax(operation: :url, value: url)
+  session['dc_poll_result'][:filter] = {'field'     => I18n.t('drgcms.filter_off'),
+                                        'operation' => 'eval',
+                                        'value'     => filter,
+                                        'input'     => '',
+                                        'table'     => 'dc_poll_result' }.to_yaml
+  session['dc_poll_result'][:page] = 1 # must also be set
+
+  render json: { url: '/cmsedit?t=dc_poll_result'}
 end
 
 ######################################################################
 # Export data to file
 ######################################################################
-def do_export
+def data_export
   c, keys = '', []
-  get_query.to_a.each do |doc|
-    # ensure, that fields are always in same order
+  data_get.each do |doc|
     data = YAML.load(doc.data)
+    # header and ensure fields are always in same order
     if c.blank?
-      data.each {|k,v| keys << k}
-      c << I18n.t('helpers.label.dc_poll_result.created_at') + "\t"
-      c << keys.join("\t") + "\n"
+      keys = data.map(&:first)
+      c << I18n.t('helpers.label.dc_poll_result.created_at') + ";"
+      c << keys.join(";") + "\n"
     end
-    c << doc.created_at.strftime(I18n.t('date.formats.default') ) + "\t"
-    keys.each {|k| c << data[k] + "\t"}
-    c << "\n"
+
+    c << doc.created_at.strftime(I18n.t('time.formats.default')) + ";"
+    keys.each do |k|
+      c << if data[k].class == String
+             %("#{data[k].gsub(/\"/, "'").gsub(';', ',')}";)
+           else
+             %("#{data[k]}";)
+           end
+    end
+    c << "\r\n"
   end
-  File.write(Rails.root.join('public','export.csv'), c)
-  dc_render_ajax(operation: :window, value: 'export.csv')
+  File.write(Rails.root.join('public', 'export.csv'), c)
+  render json: { 'window_' => 'export.csv' }
 end
 
 private
 ######################################################################
 # Creates query for Poll results
 ######################################################################
-def get_query()
-  if params.dig(:record,:dc_poll_id).nil?
-    qry = DcPollResult.all
-  else  
-    qry = DcPollResult.where(dc_poll_id: params[:record][:dc_poll_id])
-    unless params[:record][:start_date].blank?
-      start_date = DrgcmsFormFields::DatePicker.get_data(params,'start_date').beginning_of_day
-      end_date   = DrgcmsFormFields::DatePicker.get_data(params,'end_date').end_of_day
-      qry = qry.and(:created_at.gt => start_date).and(:created_at.lt => end_date)
-    end
-  end
-  qry
+def data_get
+  return [] if session.dig('dc_poll_result', :filter).blank?
+
+  filter = YAML.load(session['dc_poll_result'][:filter])
+  eval filter['value'] rescue []
 end
 
 end 

data/app/controls/dc_report.rb

@@ -55,7 +55,7 @@ def print
     render json: { msg_error: t('drgcms.runtime_error') } and return
   end
 
-  pdf_file = "tmp/dokument-#{Time.now.to_i}.pdf"
+  pdf_file = "tmp/document-#{Time.now.to_i}.pdf"
   @pdf.render_file Rails.root.join('public', pdf_file)
 
   render json: print_response(pdf_file)
@@ -142,14 +142,19 @@ def export_to_excel(report_id)
   columns.each_with_index do |column, i|
     caption = column.last['caption'] || column.last['label']
     label = t(caption)
-    excel[n, i] = label.match('translation missing') ? caption : label
+    excel[n, i] = label.match(/translation missing/i) ? caption : label
   end
 
   data_filter.each do |doc|
     n += 1
     columns.each_with_index do |column, i|
-      value = doc[column.last['name']].to_s.gsub('<br>', ";")
-      value = value.gsub(/\<\/strong\>|\<strong\>|\<\/b\>|\<b\>/, '')
+      value = doc[column.last['name']]
+      value = case value.class.to_s
+              when /Integer|Float/ then value
+              when /Decimal/ then value.to_s.to_f
+              else
+                value.to_s.gsub('<br>', ";").gsub(/\<\/strong\>|\<strong\>|\<\/b\>|\<b\>/, '')
+              end
       excel[n, i] = value
     end
   end

data/app/controls/dc_setup_control.rb

@@ -0,0 +1,53 @@
+#--
+# Copyright (c) 2024+ Damjan Rems
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+################################################################################
+# Controls for DcSetup edit form.
+################################################################################
+module DcSetupControl
+
+################################################################################
+# Update edit form. Admin sees everything while user sees only setup fields.
+################################################################################
+def dc_update_form
+  return unless params[:id]
+
+  record = if BSON::ObjectId.legal?(params[:id])
+             DcSetup.find(params[:id])
+           else
+             DcSetup.find_by(name: params[:id])
+           end
+
+  unless dc_user_has_role('admin')
+    @form['form'].delete('tabs')
+    @form['readonly'] = true unless record.editors.include?(session[:user_id])
+  end
+
+  form = YAML.load(record.form) rescue nil
+  if form.present?
+    @form['form']['tabs'] ||= {}
+    @form['form']['tabs'].merge!(form)
+  end
+end
+
+end