RubyGems - georgia - Versions diffs - 0.7.8 → 0.8.0 - Mend

georgia 0.7.8 → 0.8.0

Files changed (315) hide show

data/app/assets/stylesheets/georgia/vendor/_textext.core.scss ADDED

@@ -0,0 +1,29 @@
+.text-core {
+  position: relative;
+}
+.text-core .text-wrap {
+  background: #fff;
+  position: absolute;
+}
+.text-core .text-wrap textarea,
+.text-core .text-wrap input {
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  -webkit-border-radius: 0px;
+  -moz-border-radius: 0px;
+  border-radius: 0px;
+  border: 1px solid #9daccc;
+  outline: none;
+  resize: none;
+  position: absolute;
+  z-index: 1;
+  background: none;
+  overflow: hidden;
+  margin: 0;
+  padding: 3px 5px 4px 5px;
+  white-space: nowrap;
+  font: 11px "lucida grande", tahoma, verdana, arial, sans-serif;
+  line-height: 13px;
+  height: auto;
+}

data/app/assets/stylesheets/georgia/vendor/_textext.plugin.arrow.scss ADDED

@@ -0,0 +1,13 @@
+.text-core .text-wrap .text-arrow {
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  position: absolute;
+  top: 0;
+  right: 0;
+  width: 22px;
+  height: 22px;
+  background: asset-url("georgia/arrow.png") 50% 50% no-repeat;
+  cursor: pointer;
+  z-index: 2;
+}

data/app/assets/stylesheets/georgia/vendor/_textext.plugin.autocomplete.scss ADDED

@@ -0,0 +1,35 @@
+.text-core .text-wrap .text-dropdown {
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  padding: 0;
+  position: absolute;
+  z-index: 3;
+  background: #fff;
+  border: 1px solid #9daccc;
+  width: 100%;
+  max-height: 100px;
+  padding: 1px;
+  font: 11px "lucida grande", tahoma, verdana, arial, sans-serif;
+  display: none;
+  overflow-x: hidden;
+  overflow-y: auto;
+}
+.text-core .text-wrap .text-dropdown.text-position-below {
+  margin-top: 1px;
+}
+.text-core .text-wrap .text-dropdown.text-position-above {
+  margin-bottom: 1px;
+}
+.text-core .text-wrap .text-dropdown .text-list .text-suggestion {
+  padding: 3px 5px;
+  cursor: pointer;
+}
+.text-core .text-wrap .text-dropdown .text-list .text-suggestion em {
+  font-style: normal;
+  text-decoration: underline;
+}
+.text-core .text-wrap .text-dropdown .text-list .text-suggestion.text-selected {
+  color: #fff;
+  background: #6d84b4;
+}

data/app/assets/stylesheets/georgia/vendor/_textext.plugin.clear.scss ADDED

@@ -0,0 +1,13 @@
+.text-core .text-wrap .text-clear {
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  position: absolute;
+  top: 0;
+  right: 14px;
+  width: 22px;
+  height: 22px;
+  background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAwAAAAMCAYAAABWdVznAAAAYUlEQVR42mP4////P1IwA5RBNIBr+Pj5+/9Tlx78v373OYoCkBgIY2gACWr7tP63CO8BanoBlmyfuQssBsIYGtAVLNpwEsMADA0gAFMIw+hOpEwDSU4i2dMkByvJEUcsAABHaALCQIZDrAAAAABJRU5ErkJggg==") 50% 50% no-repeat;
+  cursor: pointer;
+  z-index: 2;
+}

data/app/assets/stylesheets/georgia/vendor/_textext.plugin.focus.scss ADDED

@@ -0,0 +1,12 @@
+.text-core .text-wrap .text-focus {
+  -webkit-box-shadow: 0px 0px 6px #6d84b4;
+  -moz-box-shadow: 0px 0px 6px #6d84b4;
+  box-shadow: 0px 0px 6px #6d84b4;
+  position: absolute;
+  width: 100%;
+  height: 100%;
+  display: none;
+}
+.text-core .text-wrap .text-focus.text-show-focus {
+  display: block;
+}

data/app/assets/stylesheets/georgia/vendor/_textext.plugin.prompt.scss ADDED

@@ -0,0 +1,16 @@
+.text-core .text-wrap .text-prompt {
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  position: absolute;
+  width: 100%;
+  height: 100%;
+  margin: 1px 0 0 2px;
+  font: 11px "lucida grande", tahoma, verdana, arial, sans-serif;
+  color: #c0c0c0;
+  overflow: hidden;
+  white-space: pre;
+}
+.text-core .text-wrap .text-prompt.text-hide-prompt {
+  display: none;
+}

data/app/assets/stylesheets/georgia/vendor/_textext.plugin.tags.scss ADDED

@@ -0,0 +1,49 @@
+.text-core .text-wrap .text-tags {
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  position: absolute;
+  width: 100%;
+  height: 100%;
+  padding: 3px 35px 3px 3px;
+  cursor: text;
+}
+.text-core .text-wrap .text-tags.text-tags-on-top {
+  z-index: 2;
+}
+.text-core .text-wrap .text-tags .text-tag {
+  float: left;
+}
+.text-core .text-wrap .text-tags .text-tag .text-button {
+  -webkit-border-radius: 2px;
+  -moz-border-radius: 2px;
+  border-radius: 2px;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  position: relative;
+  float: left;
+  border: 1px solid #9daccc;
+  background: #e2e6f0;
+  color: #000;
+  padding: 0px 17px 0px 3px;
+  margin: 0 2px 2px 0;
+  cursor: pointer;
+  height: 16px;
+  font: 11px "lucida grande", tahoma, verdana, arial, sans-serif;
+}
+.text-core .text-wrap .text-tags .text-tag .text-button a.text-remove {
+  position: absolute;
+  right: 3px;
+  top: 2px;
+  display: block;
+  width: 11px;
+  height: 11px;
+  background: asset-url("georgia/close.png") 0 0 no-repeat;
+}
+.text-core .text-wrap .text-tags .text-tag .text-button a.text-remove:hover {
+  background-position: 0 -11px;
+}
+.text-core .text-wrap .text-tags .text-tag .text-button a.text-remove:active {
+  background-position: 0 -22px;
+}

data/app/controllers/georgia/api/media_controller.rb CHANGED

@@ -3,8 +3,10 @@ module Georgia
     class MediaController < Georgia::ApplicationController
       def pictures
-        @search = Georgia::Indexer.search(Ckeditor::Picture, params.merge(per: 12))
-        @pictures = Ckeditor::PictureDecorator.decorate_collection(@search.results)
+        authorize Ckeditor::Asset
+        search_conditions = Georgia::MediaSearch.new(params.merge(only: [:pictures])).definition
+        @search = Ckeditor::Asset.search(search_conditions).page(params[:page]).per(params.fetch(:per, 12))
+        @pictures = Ckeditor::PictureDecorator.decorate_collection(@search.records)
         render layout: false
       end

data/app/controllers/georgia/api/tags_controller.rb CHANGED

@@ -1,17 +1,20 @@
-# TODO: Move to Georgia::Indexer
 module Georgia
   module Api
     class TagsController < Georgia::ApplicationController
       respond_to :json
-      def search
-        @tags = Georgia::Indexer.search(ActsAsTaggableOn::Tag, params).results
-        # Format for select2
-        @tags = @tags.map{|t| {id: t.id, text: t.name}}
+      def index
+        authorize ActsAsTaggableOn::Tag
+        @tags = ActsAsTaggableOn::Tag.pluck(:name)
+        respond_with(@tags)
+      end
-        respond_with(results: @tags)
+      def search
+        authorize ActsAsTaggableOn::Tag
+        search_conditions = Georgia::TagSearch.new(params).definition
+        @search = ActsAsTaggableOn::Tag.search(search_conditions).page(params[:page])
+        respond_with(@search.records.map(&:name))
       end
     end

data/app/controllers/georgia/application_controller.rb CHANGED

@@ -1,10 +1,15 @@
 module Georgia
   class ApplicationController < ActionController::Base
-    before_filter :authenticate_user!
+    include Pundit
+    after_action :verify_authorized
+    rescue_from Pundit::NotAuthorizedError do
+      redirect_to new_user_session_path
+    end
     layout :layout_by_resource
-    protect_from_forgery
+    protect_from_forgery with: :exception
     def current_ability
       @current_ability ||= Ability.new(current_user)
@@ -21,5 +26,15 @@ module Georgia
       devise_controller? ? "georgia/devise" : "georgia/application"
     end
+    def user_not_authorized
+      flash[:alert] = "You are not authorized to perform this action."
+      redirect_to(request.referrer || root_path)
+    end
+    # Overwriting the sign_out redirect path method
+    def after_sign_out_path_for(resource_or_scope)
+      new_user_session_path
+    end
   end
 end

data/app/controllers/georgia/concerns/frontendable.rb CHANGED

@@ -7,8 +7,7 @@ module Georgia
       included do
-        caches_action :show, cache_path: :page_cache_key.to_proc
-        cache_sweeper :navigation_sweeper, only: :show
+        include Pundit
         # Loads the page according to request url
         # Restore the latest published revision of the given page
@@ -33,7 +32,7 @@ module Georgia
           @page = Georgia::Page.from_url(params[:request_path]).first || not_found
           @page = Georgia::PageDecorator.decorate(@page)
           @page.current_revision = Georgia::Revision.find(params[:r])
-          authorize! :preview, @page
+          authorize @page, :preview?
         end
         # Triggers a 404 page not found

data/app/controllers/georgia/dashboard_controller.rb CHANGED

@@ -2,13 +2,11 @@ module Georgia
   class DashboardController < Georgia::ApplicationController
     def show
-      if can?(:approve, Georgia::Revision) or can?(:review, Georgia::Revision)
-        @awaiting_revisions = Georgia::Revision.reviews.select{|r| r.revisionable.present?}
-      end
-      if defined? GeorgiaMailer::Message
-        if can?(:index, GeorgiaMailer::Message)
-          @messages = GeorgiaMailer::Message.ham.latest.limit(5).decorate
-        end
+      authorize Georgia::Dashboard
+      @activities = PublicActivity::Activity.order(created_at: :desc).page(params[:page]).per(20)
+      @awaiting_revisions = Georgia::Revision.where("status = ?", Georgia::Revision.statuses[:review])
+      if defined? Georgia::Mailer::Message and policy(Georgia::Mailer::Message).index?
+        @messages = Georgia::Mailer::Message.ham.latest.limit(5).decorate
       end
     end

data/app/controllers/georgia/links_controller.rb CHANGED

@@ -4,6 +4,7 @@ module Georgia
     # Renders new portlet for menus#edit
     def create
       @link = Link.create
+      authorize @link
       @link.contents.build(locale: current_locale)
       render :show, layout: false
     end

data/app/controllers/georgia/media_controller.rb CHANGED

@@ -1,66 +1,59 @@
 module Georgia
   class MediaController < ApplicationController
-    load_and_authorize_resource class: Ckeditor::Asset
-    # destroy's :id param is an Array and makes load_resource fails
-    skip_load_resource only: :destroy
     def index
+      authorize Ckeditor::Asset
       redirect_to action: :search
     end
     def search
       @asset = Ckeditor::Asset.new
-      @search = Georgia::Indexer.search(Ckeditor::Asset, params)
-      @assets = Ckeditor::AssetDecorator.decorate_collection(@search.results)
+      authorize Ckeditor::Asset
+      search_conditions = Georgia::MediaSearch.new(params).definition
+      @search = Ckeditor::Asset.search(search_conditions).page(params[:page])
+      @assets = Ckeditor::AssetDecorator.decorate_collection(@search.records)
     end
     def create
+      authorize Ckeditor::Asset
       begin
         @assets = params[:assets].map{|asset| CreateMediaAsset.new(asset).call}
         @assets = Ckeditor::AssetDecorator.decorate_collection(@assets)
-      rescue ArgumentError => ex
+      rescue => ex
         flash.now[:alert] = ex.message
       end
       render layout: false
     end
     def show
+      @asset = Ckeditor::Asset.find(params[:id])
+      authorize @asset
       redirect_to edit_media_path(id: params[:id])
     end
     def edit
       @asset = Ckeditor::Asset.find(params[:id])
+      authorize @asset
     end
     def update
       @asset = Ckeditor::Asset.find(params[:id])
-      if @asset.update_attributes(params[:asset])
-        respond_to do |format|
-          format.html { redirect_to edit_media_path(@asset), notice: "Asset was successfully updated." }
-          format.js { head :ok }
-        end
+      authorize @asset
+      if @asset.update_attributes(sanitized_asset_params)
+        render_success("Asset was successfully updated.")
       else
-        respond_to do |format|
-          format.html { redirect_to edit_media_path(@asset), alert: "Oups. Something went wrong." }
-          format.js { head :internal_server_error }
-        end
+        render_error
       end
     end
     # Destroy multiple assets
     def destroy
       @assets = Ckeditor::Asset.where(id: params[:id])
-      if can?(:destroy, Ckeditor::Asset) and @assets.destroy_all
-        respond_to do |format|
-          format.html { redirect_to search_media_index_path, notice: "Assets were successfully deleted." }
-          format.js { head :ok }
-        end
+      authorize @assets
+      if @assets.destroy_all
+        render_success("Assets were successfully deleted.")
       else
-        respond_to do |format|
-          format.html { redirect_to search_media_index_path, alert: "Oups. Something went wrong." }
-          format.js { head :internal_server_error }
-        end
+        render_error
       end
     end
@@ -69,24 +62,40 @@ module Georgia
     # We could then have a download spinner while the request is processing, even a progress bar
     def download
       ids = params[:ids].split(',')
-      @files = Ckeditor::Asset.find(ids)
-      t = Tempfile.new("tmp-zip-#{Time.now.to_i}")
-      Zip::OutputStream.open(t.path) do |zos|
-        @files.each do |file|
-          filename = file.filename
-          zos.put_next_entry(filename)
-          tmp_file = Tempfile.new(filename)
-          open(file.url) do |data|
-            tmp_file.write data.read.force_encoding('UTF-8')
-          end
-          zos.print IO.read(tmp_file)
-          tmp_file.close
-        end
+      @files = Ckeditor::Asset.where(id: ids)
+      authorize @files
+      zip_file = Georgia::CompressFiles.new(@files).file
+      send_file zip_file.path, type: "application/zip", disposition: 'attachment', filename: zip_file.filename
+    end
+    private
+    def asset_params
+      params.require(:asset).permit(:tag_list)
+    end
+    def sanitized_asset_params
+      ParseJsonTags.new(asset_params).call
+    end
+    def render_success success_message
+      @status_message = success_message
+      @status = :notice
+      respond_to do |format|
+        format.html { redirect_to :back, notice: @status_message }
+        format.js   { render layout: false }
+        format.json { render json: { ids: @assets.map(&:id), message: @status_message, status: @status } }
       end
-      filename = "#{Georgia.title.try(:parameterize) || 'georgia'}_assets_#{Time.now.strftime('%Y%m%d%H%M%S')}.zip"
-      t.close
+    end
-      send_file t.path, type: "application/zip", disposition: 'attachment', filename: filename
+    def render_error error_message="Oups. Something went wrong."
+      @status_message = error_message
+      @status = :alert
+      respond_to do |format|
+        format.html { redirect_to :back, alert: @status_message }
+        format.js   { render layout: false }
+        format.json { render json: { message: @status_message, status: @status } }
+      end
     end
   end

data/app/controllers/georgia/menus_controller.rb CHANGED

@@ -1,18 +1,19 @@
 module Georgia
   class MenusController < ApplicationController
-    load_and_authorize_resource class: Menu
     def index
-      @menus = Menu.scoped.page(params[:page])
+      @menus = Menu.all
+      authorize @menus
     end
     def new
       @menu = Menu.new
+      authorize @menu
     end
     def create
-      @menu = Menu.new(params[:menu])
+      @menu = Menu.new(menu_params)
+      authorize @menu
       if @menu.save
         respond_to do |format|
           format.html { redirect_to [:edit, @menu], notice: "#{@menu.title} was successfully created." }
@@ -27,19 +28,23 @@ module Georgia
     end
     def show
-      redirect_to edit_menu_path(params[:id])
+      @menu = Menu.find(params[:id])
+      authorize @menu
+      redirect_to [:edit, @menu]
     end
     def edit
       @menu = Menu.find(params[:id])
+      authorize @menu
       @links = @menu.links.roots
     end
     def update
       @menu = Menu.find(params[:id])
+      authorize @menu
       update_links_attributes(params[:menu].delete(:ancestry))
       update_links_menu_id
-      if @menu.update_attributes(params[:menu])
+      if @menu.update(menu_params)
         respond_to do |format|
           format.html { redirect_to [:edit, @menu], notice: "#{@menu.title} was successfully updated." }
           format.js { head :ok }
@@ -54,6 +59,7 @@ module Georgia
     def destroy
       @menu = Menu.find(params[:id])
+      authorize @menu
       @menu.destroy
       redirect_to menus_url
@@ -76,5 +82,9 @@ module Georgia
       MenuAncestryParser.new(ancestry_tree).to_hash
     end
+    def menu_params
+      params.require(:menu).permit(:name, :ancestry, links_attributes: [:id, :_destroy, :position, :parent_id, contents_attributes: [:id, :title, :text, :locale]])
+    end
   end
 end