RubyGems - imagine_cms - Versions diffs - 4.2.4 → 5.2.0 - Mend

imagine_cms 4.2.4 → 5.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

data/app/controllers/manage/cms_snippets_controller.rb ADDED

@@ -0,0 +1,67 @@
+class Manage::CmsSnippetsController < Manage::ApplicationController
+  before_action :check_permissions
+  before_action :block_basic_users
+  cache_sweeper :cms_content_sweeper
+  def index
+    @cms_snippets = CmsSnippet.order(:name)
+  end
+  def new
+    @cms_snippet = CmsSnippet.new
+    render action: 'edit'
+  end
+  def create
+    @cms_snippet = CmsSnippet.new
+    update
+  end
+  def edit
+    @cms_snippet = CmsSnippet.find_by_id(params[:id])
+  end
+  def update
+    @cms_snippet ||= CmsSnippet.find(params[:id])
+    @cms_snippet.assign_attributes(cms_snippet_params)
+    begin
+      puts Cms::ContentController.renderer.new('action_dispatch.request.path_parameters' => {
+        controller: '/cms/content', action: 'show', id: CmsPage.new }).render inline: @cms_snippet.content
+    rescue ScriptError, StandardError => e
+      flash.now[:error] = "<pre title=\"#{ERB::Util.html_escape(e.backtrace.join("\n"))}\">#{ERB::Util.html_escape(e.message)}</pre>".html_safe
+      render action: 'edit' and return
+    end
+    if !@cms_snippet.save
+      flash.now[:error] = @cms_snippet.errors.full_messages.join('<br>').html_safe
+      render action: 'edit'
+    else
+      flash[:notice] = 'Snippet saved.'
+      redirect_to action: 'edit', id: @cms_snippet
+    end
+  end
+  protected
+    def check_permissions
+      if !user_has_permission?(:manage_cms)
+        render '/imagine_cms/errors/permission_denied', layout: false
+        return false
+      end
+    end
+    def block_basic_users
+      return true unless UseCmsAccessLevels
+      unless user_has_permission?(:manage_cms_full_access)
+        render '/imagine_cms/errors/permission_denied'
+        return false
+      end
+    end
+    def cms_snippet_params
+      params.require(:cms_snippet).permit(:name, :content)
+    end
+end

data/app/controllers/manage/cms_templates_controller.rb ADDED

@@ -0,0 +1,71 @@
+class Manage::CmsTemplatesController < Manage::ApplicationController
+  before_action :check_permissions
+  before_action :block_basic_users
+  cache_sweeper :cms_content_sweeper
+  def index
+    @cms_templates = CmsTemplate.order(:name)
+  end
+  def new
+    @cms_template = CmsTemplate.new
+    render action: 'edit'
+  end
+  def create
+    @cms_template = CmsTemplate.new
+    update
+  end
+  def edit
+    @cms_template = CmsTemplate.find(params[:id])
+  end
+  def update
+    @cms_template ||= CmsTemplate.find(params[:id])
+    @cms_template.assign_attributes(cms_template_params)
+    begin
+      puts Cms::ContentController.renderer.new('action_dispatch.request.path_parameters' => {
+        controller: '/cms/content', action: 'show', id: @cms_template.pages.last || CmsPage.new }).render inline: @cms_template.content
+    rescue ScriptError, StandardError => e
+      flash.now[:error] = "<pre title=\"#{ERB::Util.html_escape(e.backtrace.join("\n"))}\">#{ERB::Util.html_escape(e.message)}</pre>".html_safe
+      render action: 'edit' and return
+    end
+    # this must come after the render_to_string so that we capture template
+    # options embedded in snippets
+    @cms_template.options = @cms_template_options
+    if !@cms_template.save
+      flash.now[:error] = @cms_template.errors.full_messages.join('<br>').html_safe
+      render action: 'edit'
+    else
+      flash[:notice] = 'Template saved.'
+      redirect_to action: 'edit', id: @cms_template
+    end
+  end
+  protected
+    def check_permissions
+      if !user_has_permission?(:manage_cms)
+        render '/imagine_cms/errors/permission_denied', layout: false
+        return false
+      end
+    end
+    def block_basic_users
+      return true unless UseCmsAccessLevels
+      unless user_has_permission?(:manage_cms_full_access)
+        render '/imagine_cms/errors/permission_denied'
+        return false
+      end
+    end
+    def cms_template_params
+      params.require(:cms_template).permit(:name, :content)
+    end
+end

data/app/controllers/management/application_controller.rb CHANGED

@@ -1,4 +1,4 @@
 class Management::ApplicationController < ApplicationController
-  before_filter :authenticate_user
+  before_action :authenticate_user
   layout 'management'
 end

data/app/controllers/management/user_controller.rb CHANGED

@@ -1,5 +1,5 @@
 class Management::UserController < Management::ApplicationController
-  skip_before_filter :authenticate_user, :only => [ :login, :logout, :create_first ]
+  skip_before_action :authenticate_user, :only => [ :login, :logout, :create_first ]
   ###
   ### login
@@ -10,9 +10,9 @@ class Management::UserController < Management::ApplicationController
     if request.post?
       test = ::User.find_by_username(params[:login][:username]) rescue nil
       if (test && test.password_hash == User.hash_password(params[:login][:password], test.password_hash[0,16]))
-        if (test.active != 1)
+        if test.active != true && test.active != 1
           flash[:error] = 'Your account has been disabled by an administrator.'
-          redirect_to :action => 'login' and return false
+          redirect_to action: 'login' and return false
         end
         session[:user_authenticated] = true
@@ -30,7 +30,7 @@ class Management::UserController < Management::ApplicationController
         end
       else
         flash[:error] = 'Invalid username or password, please try again.'
-        redirect_to params[:redirect_on_failure] || { :action => 'login' }
+        redirect_to params[:redirect_on_failure] || { action: 'login' }
       end
     end
   end
@@ -96,7 +96,8 @@ class Management::UserController < Management::ApplicationController
   ###
   def create_first
-    redirect_to :action => 'login' and return unless User.list.empty?
+    redirect_to action: 'login' and return unless User.list.size == 0
     @user = User.new(params[:user])
     if request.post?
@@ -105,7 +106,7 @@ class Management::UserController < Management::ApplicationController
       if @user.save
         flash[:notice] = 'User created successfully. Please log in now.'
-        redirect_to :controller => 'user', :action => 'login'
+        redirect_to action: 'login'
       else
         @errors = 'The following errors occurred:'
         @errors = @user.errors.full_messages

data/app/controllers/management/users_controller.rb CHANGED

@@ -1,106 +1,106 @@
 class Management::UsersController < Management::ApplicationController
-  before_filter :check_permissions, :except => [ :edit ]
-  def check_permissions
-    render :action => 'permission_denied' if !user_has_permission?(:manage_users)
-  end
+  before_action :check_permissions, except: [ :edit, :update ]
   ###
   ### user list
   ###
   def index
-    @users = User.order('active desc, username').all
+    @usrs = User.order('active desc, username').all
   end
   def new
-    @user = User.new
+    @usr = User.new
   end
   def create
-    @user = User.new
-    @user.username = params[:user][:username]
-    @user.first_name = params[:user][:first_name]
-    @user.last_name = params[:user][:last_name]
-    @user.email_address = params[:user][:email_address]
-    @user.password = params[:user][:password]
-    @user.password_confirmation = params[:user][:password_confirmation]
-    @user.active = true
+    @usr = User.new
+    @usr.username = params[:user][:username]
+    @usr.first_name = params[:user][:first_name]
+    @usr.last_name = params[:user][:last_name]
+    @usr.email_address = params[:user][:email_address]
+    @usr.password = params[:user][:password]
+    @usr.password_confirmation = params[:user][:password_confirmation]
+    @usr.active = true
     if request.post?
-      if @user.save
+      if @usr.save
         flash[:notice] = "User created successfully. Please check the boxes below to set this user's permissions, then click Save when you are done."
-        redirect_to :action => 'edit', :id => @user.id
+        redirect_to action: 'edit', id: @usr.id
       else
-        flash.now[:error] = @user.errors.full_messages.join('; ')
+        flash.now[:error] = @usr.errors.full_messages.join('; ')
         render :action => 'new'
       end
     end
   end
   def edit
-    return update if request.post?
-    user = authenticate_user
-    unless user.is_superuser || user.can_manage_users || user.id.to_s == params[:id]
-      render :layout => true, :text => "Sorry, you don't have permission to access this section." and return false
+    unless user_has_permission?(:manage_users) || @user.id == params[:id].to_i
+      render plain: "Sorry, you don't have permission to access this section.", layout: true and return false
     end
-    @user = User.find(params[:id])
+    @usr = User.find(params[:id])
   end
   def update
-    user = authenticate_user
-    unless user.is_superuser || user.can_manage_users || user.id.to_s == params[:id]
-      render :layout => true, :text => "Sorry, you don't have permission to access this section." and return false
-    end
+    @usr = User.find(params[:id])
-    @user = User.find(params[:id])
+    unless user_has_permission?(:manage_users) || @user.id == @usr.id
+      render plain: "Sorry, you don't have permission to access this section.", layout: true and return false
+    end
-    if user.is_superuser || user.can_manage_users
-      params[:user].each { |k,v| @user.send("#{k}=", v) }
-    elsif user.id.to_s == params[:id]
-      @user.first_name = params[:user][:first_name]
-      @user.last_name = params[:user][:last_name]
-      @user.email_address = params[:user][:email_address]
-      @user.password = params[:user][:password]
-      @user.password_confirmation = params[:user][:password_confirmation]
+    if user_has_permission?(:manage_users)
+      params[:user].each { |k,v| @usr.send("#{k}=", v) }
+    elsif @user.id == @usr.id
+      @usr.first_name = params[:user][:first_name]
+      @usr.last_name = params[:user][:last_name]
+      @usr.email_address = params[:user][:email_address]
+      @usr.password = params[:user][:password]
+      @usr.password_confirmation = params[:user][:password_confirmation]
     end
-    if @user.save
-      flash[:notice] = 'User updated successfully. Please note that the user must log out and log back in for permission changes to take effect.'
-      user = authenticate_user
-      if user.is_superuser || user.can_manage_users
-        redirect_to :action => 'index'
+    if @usr.save
+      if user_has_permission?(:manage_users)
+        flash[:notice] = 'User updated successfully. Please note that the user must log out and log back in for permission changes to take effect.'
+        redirect_to action: 'index'
       else
-        redirect_to :controller => '/manage/default', :action => 'index'
+        flash[:notice] = 'Account updated successfully.'
+        redirect_to controller: '/management/default', action: 'index'
       end
     else
-      flash.now[:error] = @user.errors.full_messages.join('; ')
-      render :action => 'edit'
+      flash.now[:error] = @usr.errors.full_messages.join('; ')
+      render action: 'edit'
     end
   end
   def disable
-    @user = User.find(params[:id])
-    @user.active = false
-    @user.save
-    flash[:notice] = 'Login privileges have been suspended for ' + @user.username + '.'
+    @usr = User.find(params[:id])
+    @usr.active = false
+    @usr.save
+    flash[:notice] = 'Login privileges have been suspended for ' + @usr.username + '.'
     redirect_to :action => 'index'
   end
   def enable
-    @user = User.find(params[:id])
-    @user.active = true
-    @user.save
-    flash[:notice] = 'Login privileges for ' + @user.username + ' have been restored.'
+    @usr = User.find(params[:id])
+    @usr.active = true
+    @usr.save
+    flash[:notice] = 'Login privileges for ' + @usr.username + ' have been restored.'
     redirect_to :action => 'index'
   end
   def destroy
-    @user = User.find(params[:id])
-    flash[:notice] = @user.username + ' has been removed from the system.'
-    @user.destroy
+    @usr = User.find(params[:id])
+    flash[:notice] = @usr.username + ' has been removed from the system.'
+    @usr.destroy
     redirect_to :action => 'index'
   end
+  protected
+    def check_permissions
+      render :action => 'permission_denied' if !user_has_permission?(:manage_users)
+    end
 end

data/app/controllers/util_controller.rb CHANGED

@@ -1,5 +1,4 @@
 class UtilController < ApplicationController # :nodoc:
-  skip_before_filter :check_ssl_requirement
   def calendar
     @month = (params[:month] || Time.now.month).to_i

data/app/helpers/cms_application_helper.rb CHANGED

@@ -11,9 +11,8 @@ module CmsApplicationHelper
   end
   # Returns true if the user is editing the current page.
-  # (This just means that we are rendering :controller => 'management/cms', :action => 'edit_page_content'.)
   def is_editing_page?
-    params[:controller] == 'management/cms' && params[:action] == 'edit_page_content'
+    params[:controller] == 'manage/cms_pages' && params[:action] == 'edit_page_content'
   end
   # Determines whether the input string is a valid email address per RFC specification
@@ -30,7 +29,7 @@ module CmsApplicationHelper
         # require 'net/dns'
         res = Net::DNS::Resolver.new
         valid = valid && res.mx(host).size > 0
-      rescue Exception => e
+      rescue StandardError => e
         logger.error(e)
       end
     end
@@ -38,21 +37,11 @@ module CmsApplicationHelper
     valid
   end
-  ### COMPAT: convert_content_path
   def convert_content_path
-    # logger.debug "DEPRECATION WARNING (Imagine CMS) WARNING: convert_content_path called"
     params[:content_path] = params[:content_path].to_s.split('/') rescue []
   end
-  ### COMPAT - template_exists?
-  def template_exists?(template, extension = nil)
-    # ignore extension
-    # logger.debug("DEPRECATION WARNING (Imagine CMS) WARNING: template_exists? called")
-    partial = File.join(File.dirname(template), '_' + File.basename(template))
-    lookup_context.find_all(template).any? || lookup_context.find_all(partial).any?
-  end
-  ### COMPAT - template_exists?
+  ### COMPAT - url_for_current
   def url_for_current
     # logger.debug("DEPRECATION WARNING (Imagine CMS) WARNING: url_for_current called")
     request.fullpath
@@ -219,7 +208,7 @@ module CmsApplicationHelper
       @pg.revert_to(@pg.published_version)
     end
-    @page_objects = HashObject.new
+    @page_objects = OpenStruct.new
     query = @pg.objects.where(:cms_page_version => @pg.version)
     query = query.where(:obj_type => obj_type) if obj_type
     query = query.where(:name => name) if name
@@ -296,7 +285,7 @@ module CmsApplicationHelper
     # pull all folder content
     folders = []
     for i in 0...@page_objects["#{key}-sources-folder-count"].to_i
-      folders << HashObject.new(src: @page_objects["#{key}-sources-folder#{i}"].strip,
+      folders << OpenStruct.new(src: @page_objects["#{key}-sources-folder#{i}"].strip,
                                 expand_folders: @page_objects["#{key}-sources-folder#{i}-expand-folders"])
     end
     folders = folders.reject { |f| f.src.blank? }
@@ -305,7 +294,7 @@ module CmsApplicationHelper
       folders = substitute_placeholders(options[:folders] || '', pg).split(',').map do |f|
         bits = f.strip.split(':')
-        obj = HashObject.new
+        obj = OpenStruct.new
         obj.src = bits[0]
         obj.expand_folders = 'true'
@@ -320,6 +309,15 @@ module CmsApplicationHelper
         obj
       end
+      folders += substitute_placeholders(options[:pages] || '', pg).split(',').map do |f|
+        bits = f.strip.split(':')
+        obj = OpenStruct.new
+        obj.src = bits[0]
+        obj.expand_folders = 'false'
+        obj
+      end
       folders = folders.reject { |f| f.src.blank? }
       @page_objects["#{key}-sources-folder-count"] = folders.size
@@ -364,7 +362,7 @@ module CmsApplicationHelper
             single_pages << parent_page  # user specified a single page, not a folder
           end
         end
-      rescue Exception => e
+      rescue StandardError => e
         logger.debug e
       end
     end
@@ -567,7 +565,7 @@ module CmsApplicationHelper
   def template_option(name, type = :string)
     return nil unless @pg
-    @template_options ||= {}
+    @template_options ||= OpenStruct.new
     @template_options[name] = type
     key = name.gsub(/[^\w\d]/, '_')