infopark_rails_connector 6.8.0.beta.200.621.4c8e1b0

data/app/controllers/rails_connector/default_pdf_controller.rb

@@ -0,0 +1,136 @@
+module RailsConnector
+  #
+  # This controller provides an interface for generating PDFs from CMS objects.
+  # It has two modes: internal mode and external mode.
+  #
+  # =Internal mode
+  #
+  # In the internal mode the PDF generator comes with a ready-made action, <code>index</code>.
+  # You can customize this action and/or add your own custom actions.
+  #
+  # To add your own action you need to provide:
+  # - a controller action
+  # - an XML template
+  # - an XSL stylesheet
+  #
+  # The XML template must be named <code><em>ACTION_NAME</em>.html.erb</code> and the XSL stylesheet
+  # must be named <code><em>ACTION_NAME</em>.xsl</code>. Place these files into <code>RAILS_ROOT/app/views/pdf/</code>.
+  #
+  # Use the module <code>RailsConnector::FopOnRails</code> to generate the PDF.
+  # Inside your action, the XML template has already been rendered and can be referenced by means of <code>@xml_path</code>.
+  # The XSL stylesheet can be referenced by means of <code>@xsl_path</code>.
+  #
+  # In your ERb template you can use <code>@obj</code> to reference the CMS object and the <code>display_value</code> method to
+  # render its attributes:
+  #   <h1><%= display_value(@obj.title) %></h1>
+  #
+  # The named route is <code>pdf_with_action</code>:
+  #   <%= link_to('Generate custom PDF', pdf_with_action_path(:action => 'my_action', :id => 1234)) %>
+  #   # This will produce <a href="/pdf/my_action/1234">Generate custom PDF</a>
+  #
+  # =External mode
+  #
+  # In the external mode the PDF generator has a named route <code>pdf_external</code>
+  # and is accessed through the URL <code>/pdf/external</code>.
+  #
+  # In order to produce a PDF file, the GET parameters <code>xml_url</code> and <code>xsl_url</code>
+  # need to be provided.
+  #
+  # Optional GET-parameters are:
+  #   filename: string
+  #   tidy:     true or false (default is false)
+  #
+  # Example:
+  #   curl -d "xml_url=http://example.com/test.xml&xsl_url=http://example.com/test.xsl" -g http://localhost:3000/pdf/external
+  #
+  # To allow a host to be the source for XML or XSL, add it to the so called "white list". Add
+  # following to <code>RAILS_ROOT/config/initializers/rails_connector.rb</code> to do that:
+  #   RailsConnector::Configuration::PdfGenerator.host_whitelist(
+  #     'example1.com',
+  #     'example2.com',
+  #     'example3.com'
+  #   )
+  #
+  # You can add as many hosts as you need. If no hosts have been added to the "white list", then the
+  # PDF generator will refuse to produce PDF files from any external source.
+  #
+  # If the host given through <code>xml_url</code> or <code>xsl_url</code> is not included in the
+  # "white list", then an error message will be rendered as inline text with response status "403
+  # Forbidden".
+  #
+  class DefaultPdfController < DefaultCmsController
+    # Returns false by default to exclude this controller from regular Obj dispatch.
+    # @see DefaultCmsController#use_for_obj_dispatch?
+    def self.use_for_obj_dispatch?
+      # If this method would to return true, an Obj with ObjClass "pdf" would be delivered by
+      # the PdfController as an actual generated Pdf, which would be surprising to most developers.
+      false
+    end
+
+    before_filter :dump_obj
+    before_filter :compute_xsl_path
+    before_filter :send_pdf
+
+    after_filter :cleanup_xml
+
+    #
+    # Generates a PDF from a CMS object.
+    #
+    # Takes a GET-parameter, <code>id</code>, to determine the object.
+    #
+    # As a default, the built-in XML template and XSL stylesheet will be used. You can replace them
+    # with the files <code>RAILS_ROOT/app/views/pdf/index.html.erb</code> and <code>RAILS_ROOT/app/views/pdf/index.xsl</code> respectively.
+    #
+    # By default, the PDF will contain the title and the body of the object.
+    # The PDF will be named <code><em>NAME_OF_THE_OBJECT</em>.pdf</code>.
+    #
+    # The named route is called <code>pdf</code> and is accessed through
+    # <code>/pdf/<em>OBJECT_ID</em></code>.
+    #
+    # Example:
+    #
+    #   <%= link_to 'Generate PDF', pdf_path(@obj) %>
+    #   # This will generate a PDF containing the title and the body of the current object
+    #
+    def index
+    end
+
+    protected
+
+    def send_pdf
+      send_file(
+        FopOnRails.generate_pdf(@xml_path, @xsl_path),
+        :filename => "#{@obj.name}.pdf",
+        :type => 'application/pdf'
+      )
+    end
+
+    private
+
+    def dump_obj
+      base_folder = Rails.root + "tmp"
+      FileUtils.mkdir_p(base_folder)
+      @xml_path = File.join(base_folder, "#{Time.now.to_f}_#{$$}")
+      data = render_to_string(:controller => 'pdf', :action => action_name, :layout => false)
+      File.open(@xml_path, 'w') do |f|
+        f.write(data)
+      end
+    end
+
+    def compute_xsl_path
+      @xsl_path = nil
+      view_paths.each do |view_path|
+        xsl_path = "#{view_path}/#{controller_name}/#{action_name}.xsl"
+        if File.exist?(xsl_path)
+          @xsl_path = xsl_path
+          return
+        end
+      end
+      raise 'No XSL template found' unless @xsl_path
+    end
+
+    def cleanup_xml
+      FileUtils.rm_rf(@xml_path)
+    end
+  end
+end

data/app/controllers/rails_connector/default_ratings_controller.rb

@@ -0,0 +1,84 @@
+module RailsConnector
+  #
+  # This controller provides an interface for rating CMS objects.
+  #
+  # =Before Filters
+  # <tt>load_object</tt>: finds the Obj instance using <tt>params[:obj_id]</tt>
+  # <tt>ensure_object_is_rateable</tt>: renders nothing unless <tt>@obj.allow_rating?</tt> AND <tt>user_has_already_rated?(@obj.id)</tt> return <tt>true</tt>.
+  #
+  # =Hooks
+  #
+  # <tt>after_create</tt>: redefine this method in your application in order to specify additional functionality that should occur after a rating has been created.
+  #
+  # Example:
+  #
+  #   class RatingsController < RailsConnector::DefaultRatingsController
+  #     private
+  #     def after_create
+  #       # * send an email
+  #       # * create an inquiry in the OMC
+  #     end
+  #   end
+  class DefaultRatingsController < ApplicationController
+
+    before_filter :load_object
+    before_filter :ensure_object_is_rateable, :only => [:rate]
+    before_filter :ensure_admin, :only => :reset
+
+    layout nil
+
+    # Rate a CMS object.
+    def rate
+      respond_to do |format|
+        format.html do
+          score = params[:score].to_i
+          if @obj.rate(score)
+            store_rating_in_session(@obj.id, score)
+            after_create
+          end
+          render :partial => "cms/rating"
+        end
+      end
+    end
+
+    # Reset rating for a CMS object.
+    def reset
+      respond_to do |format|
+        format.html do
+          @obj.reset_rating
+          store_rating_in_session(@obj.id, nil)
+          redirect_to :back
+        end
+      end
+    end
+
+    private
+
+    def after_create;end
+
+    def load_object
+      @obj = Obj.find(params[:id])
+    end
+
+    def ensure_object_is_rateable
+      render(:nothing => true) if (!@obj.allow_rating? || user_has_already_rated?(@obj.id))
+      unless @obj.allow_anonymous_rating? or logged_in?
+        render '/errors/403_forbidden', :status => 403
+      end
+    end
+
+    def user_has_already_rated?(obj_id)
+      session[:rated_objs] && session[:rated_objs][obj_id]
+    end
+
+    def store_rating_in_session(obj_id, score)
+      session[:rated_objs] ||= {}
+      session[:rated_objs][obj_id] = score
+    end
+
+    def ensure_admin
+      render("errors/403_forbidden", :status => 403) unless admin?
+    end
+  end
+
+end

data/app/controllers/rails_connector/default_rss_controller.rb

@@ -0,0 +1,29 @@
+module RailsConnector
+  #
+  # This class provides a default controller implementation for rendering an RSS feed.
+  # It should be customized by subclassing.
+  #
+  # The RSS feature assumes that you have a root object specified whose direct children will be used as feed entries.
+  #
+  # Specify the RSS root in
+  # <code><em>RAILS_ROOT</em>/config/initializers/rails_connector.rb</code>:
+  #   RailsConnector::Configuration::Rss.root = lambda { NamedLink.get_object('news') }
+  class DefaultRssController < DefaultCmsController
+    #
+    # This action renders the built-in RSS feed.
+    #
+    # To customize feed's layout, override either this method, or the apropriate view.
+    #
+    def index
+      respond_to do |format|
+        format.rss
+      end
+    end
+
+    protected
+
+    def load_object # :nodoc:
+      @obj = Configuration::Rss.root
+    end
+  end
+end

data/app/controllers/rails_connector/default_search_controller.rb

@@ -0,0 +1,60 @@
+require 'will_paginate'
+
+module RailsConnector
+
+  # This class provides a default controller implementation for searching.
+  # It should be customized by subclassing.
+  class DefaultSearchController < ApplicationController
+    class_attribute :options
+    self.options = {:limit => 10}
+
+    # Fetches search hits and paginates them.
+    # In case of an error, flashes appropriate error messages.
+    #
+    # For use in views, hits are stored in the <tt>@hits</tt> variable.
+    # Pagination is done using the limit option (defaults to 10).
+    # You can change that limit by configuring
+    # <tt>RailsConnector::Configuration.search_options = {:limit => X}</tt>.
+    #
+    # To customize the pagination, you should subclass DefaultSearchController:
+    #
+    #   class SearchController < RailsConnector::DefaultSearchController
+    #     def search
+    #       # What this method should do:
+    #       #  * Initialize a SearchRequest obj
+    #       #  * Paginate the results
+    #       #  * Fill the @hits variable for your views
+    #       #  * Flash on errors
+    #     end
+    #   end
+    def search
+      unless (@query = params[:q]).blank?
+        @hits = WillPaginate::Collection.create(current_page, options[:limit]) do |pager|
+          result = SearchRequest.new(@query, options.merge(:offset => pager.offset)).fetch_hits
+          pager.replace(result)
+          pager.total_entries = result.total_hits
+        end
+      else
+        flash.now[:errors] = I18n.t(:"rails_connector.controllers.search.specify_query")
+      end
+    rescue SES::SearchError => e
+      logger.error(e)
+      flash.now[:errors] = I18n.t(:"rails_connector.controllers.search.try_another_key")
+    rescue Errno::ECONNREFUSED, Errno::EAFNOSUPPORT
+      flash.now[:errors] = I18n.t(:"rails_connector.controllers.search.search_disabled")
+    end
+
+    private
+
+    # This is just a convenience wrapper so the +options+ hash can be
+    # accessed easily from an instance of this class.
+    def options
+      self.class.options
+    end
+
+    def current_page
+      [params[:page].to_i, 1].max
+    end
+  end
+
+end

data/app/controllers/rails_connector/default_user_controller.rb

@@ -0,0 +1,267 @@
+require 'recaptcha'
+require 'active_resource/exceptions'
+
+module RailsConnector
+
+  # This class provides a default controller implementation for user functionality.
+  # It should be customized by subclassing.
+  #
+  # To change how all actions contacting the WebCRM behave in case of an WebCRM error,
+  # override +on_crm_error+ in your subclassed controller. See Crm::Callbacks for details.
+  #
+  # To override what attributes are writable by the user when registering or editing profiles,
+  # use +editable_attributes_on_register+ and +editable_attributes_on_edit+, respectively.
+  # This can be done in your <tt>rails_connector.rb</tt> or in +UserController+ directly.
+  #
+  # By default, users can submit their first name, last name, email and company name.
+  class DefaultUserController < ApplicationController
+
+    before_filter :check_editable_attribute_configuration
+    before_filter :redirect_to_login_unless_logged_in, :only => [
+      :edit, :edit_password, :profile
+    ]
+    before_filter :check_recaptcha_keypair
+    around_filter :handle_crm_errors
+
+    cattr_accessor :editable_attributes_on_register, :editable_attributes_on_edit
+    self.editable_attributes_on_register = {
+      :contact => [:gender, :first_name, :last_name, :email, :phone, :language],
+    }
+    self.editable_attributes_on_edit = {
+      :contact => [:first_name, :last_name, :email, :phone, :language],
+    }
+
+    include Crm::Localizable
+    include Crm::Sanitization
+    include Crm::Callbacks
+    include ReCaptcha::AppHelper
+
+    def self.store_user_attrs_in_session=(fields)
+      raise %Q{
+        DefaultUserController doesn't maintain which fields are stored in the session anymore.
+        Please use RailsConnector::Configuration.store_user_attrs_in_session instead.
+      }
+    end
+
+    # Displays a profile page containing links to all available actions
+    def profile
+    end
+
+    # Logs a CRM user in.
+    #
+    # After successful login, user attributes are stored in <tt>session[:user]</tt>.
+    #
+    # To change which fields are stored in the session use
+    # +RailsConnector::Configuration.store_user_attrs_in_session+.
+    #
+    # Use +current_user+ for a Contact object of the attributes stored in the session.
+    #
+    # The user will be redirected to the path given in the return_to param. If no
+    # return_to param is set, the user will be redirected to the profile page.
+    #
+    # If you merely want to change what happens before or after a user is authenticated,
+    # do not override this method but override +before_authenticate+ or +after_authenticate+.
+    def login
+      if request.post?
+        @user = Infopark::Crm::Contact.new(params[:user] || {:login => nil, :password => nil})
+        before_authenticate
+        @user = Infopark::Crm::Contact.authenticate(@user.login, @user.password)
+        if @user
+          after_authenticate
+          flash[:notice] = tcon('login_successful')
+          self.current_user = @user
+          redirect_to params[:return_to].blank? ?
+            user_path(:action => 'profile') :
+            params[:return_to]
+        else
+          flash.now[:error] = tcon('login_failed')
+        end
+      end
+    rescue Infopark::Crm::AuthenticationFailed, ActiveResource::ResourceInvalid
+      flash.now[:error] = tcon('login_failed')
+    ensure
+      @user.password = nil if @user
+    end
+
+    # Logs the user out by setting <tt>session[:user]</tt> to +nil+.
+    #
+    # To change the behavior before or after invalidating the session,
+    # override +before_logout+ or +after_logout+.
+    def logout
+      before_logout
+      self.current_user = nil
+      after_logout
+      redirect_to params[:return_to].blank? ? root_path : params[:return_to]
+    end
+
+    # Creates a WebCRM user.
+    #
+    # The user login is automatically set to his/her e-mail.
+    #
+    # If you merely want to change what happens before or after a user is registered,
+    # do not override this method but override +before_register+ or +after_register+.
+    def new
+      @user = Infopark::Crm::Contact.new
+      # Load some default attributes so that form_for is working
+      @user.load(Crm::CONTACT_DEFAULT_ATTRS.merge(sanitize_user_params(params[:user],
+          self.class.editable_attributes_on_register)))
+      if request.post?
+        unless validate_recap(params, @user.errors)
+          raise ActiveResource::ResourceInvalid, "captcha failed"
+        end
+        before_register
+        register
+        after_register
+        redirect_to(:action => "register_pending")
+      end
+    rescue ActiveResource::ResourceInvalid
+      flash.now[:error] = tcon('registration_failed')
+    end
+
+    def register_pending
+    end
+
+    # Lets the user change his/her user details.
+    def edit
+      @user = Infopark::Crm::Contact.find(current_user.id)
+      if request.post? || request.put?
+        @user.load(sanitize_user_params(params[:user], self.class.editable_attributes_on_edit))
+        @user.save
+        flash[:notice] = tcon('edit_successful')
+        redirect_to(:action => 'profile')
+      end
+    rescue ActiveResource::ResourceInvalid
+      flash.now[:error] = tcon('edit_failed')
+    end
+
+    # Lets the user change his/her password.
+    #
+    # Validates the new password using +validate_edit_password_params_for+.
+    def edit_password
+      if request.post?
+        validate_edit_password_params_for(params[:user])
+        @user = Infopark::Crm::Contact.authenticate(current_user.login, params[:user][:old_password])
+        @user.password_set(params[:user][:new_password])
+        flash[:notice] = tcon('edit_password_successful')
+        redirect_to(:action => "profile")
+      end
+    rescue ActiveResource::ResourceInvalid, Infopark::Crm::AuthenticationFailed
+      flash.now[:error] = tcon('edit_password_failed')
+    end
+
+    # Lets the user request a new password (double opt-in).
+    #
+    # Uses the +ConfirmationMailer+ for sending out the confirmation message.
+    def forgot_password
+      if request.post?
+        user = Infopark::Crm::Contact.search(:params => {:login => params[:user][:login]}).first
+        if user
+          confirmation_link = set_password_url_for(user)
+          ConfirmationMailer.reset_password(user.email, confirmation_link).deliver
+          flash[:notice] = tcon('reset_password_successful')
+          redirect_to(:action => "forgot_password")
+        else
+          flash.now[:error] = tcon('request_password_failed')
+        end
+      end
+    end
+
+    def set_password
+      if request.get? && params[:token].blank?
+        flash[:error] = tcon('token_url_invalid')
+      elsif request.post?
+        if params[:user][:new_password].blank?
+          flash.now[:error] = tcon('password_cannot_be_empty')
+        elsif params[:user][:new_password] != params[:user][:new_password_confirm]
+          flash.now[:error] = tcon('password_does_not_match_confirmation')
+        else
+          Infopark::Crm::Contact.password_set(params[:user][:new_password], params[:user][:token])
+          flash[:notice] = tcon('password_set')
+          redirect_to(:action => 'login')
+        end
+      end
+    rescue ActiveResource::ResourceNotFound => e
+      flash[:error] = tcon('set_password_failed')
+    end
+
+    protected
+
+    def check_editable_attribute_configuration
+      raise RuntimeError if editable_attributes_on_edit[:contact].nil? ||
+          editable_attributes_on_register[:contact].nil?
+    rescue
+      raise ConfigurationError, "editable_attributes in UserController is not configured correctly"
+    end
+
+    def register
+      if @user.email.blank?
+        @user.errors.add(:base, tcon('email_blank'))
+        raise ActiveResource::ResourceInvalid.new("E-mail can't be blank")
+      end
+      @user.login = @user.email
+      @user.save!
+      confirmation_link = set_password_url_for(@user)
+      ConfirmationMailer.register_confirmation(@user.email, confirmation_link).deliver
+      flash[:notice] = tcon('registration_successful_awaiting_confirmation')
+    end
+
+    def tcon(x)
+      t("rails_connector.controllers.user.#{x}")
+    end
+
+    ALL_CRM_ERRORS = [
+      Errno::ECONNREFUSED,
+      ActiveResource::ForbiddenAccess,
+      ActiveResource::UnauthorizedAccess,
+      ActiveResource::BadRequest
+    ]
+
+    # invoke user defined callback when an error related to WebCRM occurs
+    def handle_crm_errors
+      yield
+    rescue *ALL_CRM_ERRORS => e
+      on_crm_error(e)
+      default_render unless performed?
+    end
+
+    # Filter to force users to login by redirecting.
+    def redirect_to_login_unless_logged_in
+      redirect_to login_path unless logged_in?
+    end
+
+    # Checks if constants RCC_PUB and RCC_PRIV are set (for reCaptcha)
+    #
+    # Used as a filter in this controller.
+    def check_recaptcha_keypair
+      unless Object.const_defined?(:RCC_PUB) && Object.const_defined?(:RCC_PRIV)
+        raise RuntimeError, <<-EOS
+
+          reCaptcha requires the constants RCC_PUB and RCC_PRIV to be set.
+          Please sign up for the reCaptcha webservice if you haven't already done so.
+
+          Then set your public key in RCC_PUB and your private key in RCC_PRIV.
+        EOS
+      end
+      true
+    end
+
+    # Validates the password for a given user.
+    #
+    # Used by #edit_password.
+    def validate_edit_password_params_for(params)
+      if params[:new_password].empty? || params[:new_password] != params[:new_password_confirm]
+        raise ActiveResource::ResourceInvalid.new(
+          "password is empty or does not match confirmation"
+        )
+      end
+    end
+
+    # Generates a URL for password confirmation.
+    def set_password_url_for(user)
+      url_for(
+        :action => "set_password",
+        :token => user.password_request(:params => {:only_get_token => true})
+      )
+    end
+  end
+end

data/app/controllers/rails_connector/pdf_external_controller.rb

@@ -0,0 +1,54 @@
+module RailsConnector
+  class PdfExternalController < ApplicationController # :nodoc: all
+    skip_before_filter :verify_authenticity_token
+    before_filter :validate_inputs
+
+    def index
+      send_file(
+        FopOnRails.generate_pdf(
+          params[:xml_url],
+          params[:xsl_url],
+          params[:tidy]
+        ),
+        :filename => "#{params[:filename] || 'output'}.pdf",
+        :type => 'application/pdf'
+      )
+    end
+
+    private
+
+    def validate_inputs
+      validate_input('xml', params['xml_url'])
+      validate_input('xsl', params['xsl_url'])
+      validate_hosts
+    end
+
+    def validate_input(type, url)
+      unless url and valid_url?(url)
+        raise "Invalid #{type} input URL: #{url || 'empty'}"
+      end
+    end
+
+    def valid_url?(url)
+      begin
+        URI.parse(url)
+      rescue URI::InvalidURIError
+        return false
+      end
+      true
+    end
+
+    def validate_hosts
+      xml_host, xsl_host = URI.parse(params['xml_url']).host, URI.parse(params['xsl_url']).host
+      bad_host = [xml_host, xsl_host].detect do |host|
+        !Configuration::PdfGenerator.host_allowed?(host)
+      end
+      if bad_host
+        render(
+          :status => 403,
+          :text => I18n.t(:"rails_connector.controllers.pdf_external.host_not_allowed", :host => bad_host)
+        )
+      end
+    end
+  end
+end

data/app/controllers/rails_connector/time_machine_controller.rb

@@ -0,0 +1,48 @@
+module RailsConnector
+
+  class TimeMachineController < ApplicationController #:nodoc:
+
+    protect_from_forgery :except => :set_preview_time
+
+    before_filter :only_available_in_editor_mode
+
+    def index
+      @language = params[:language] || 'de'
+      @preview_time = session[:preview_time] || Time.now
+    end
+
+    # Set the preview time to the Time as specified by the parameter <tt>:preview_time</tt>.
+    def set_preview_time
+      if preview_time = params[:preview_time]
+        pt = Time.from_iso(preview_time)
+        pt = nil if pt <= Time.now
+        handle_request pt
+      end
+    end
+
+    # Resets the preview time, so <tt>Time::now</tt> will be used as preview time afterwards.
+    def reset_preview_time
+      handle_request nil
+    end
+
+  private
+
+    def handle_request(preview_time)
+      session[:preview_time] = preview_time
+      if request.xhr?
+        render :js => "window.location.reload();"
+      else
+        render :nothing => true
+      end
+    end
+
+    def only_available_in_editor_mode
+      unless Configuration.editor_interface_enabled?
+        render :template => 'errors/403_forbidden', :status => 403, :content_type => Mime::HTML
+        return false
+      end
+    end
+
+  end
+
+end

data/app/controllers/ratings_controller.rb

@@ -0,0 +1,6 @@
+# This controller inherits all of its behavior from
+# RailsConnector::DefaultRatingsController.
+#
+# RatingsController is referenced by the Rails Connector routes.
+class RatingsController < RailsConnector::DefaultRatingsController
+end

data/app/controllers/rss_controller.rb

@@ -0,0 +1,6 @@
+# This controller inherits all of its behavior from
+# RailsConnector::DefaultRssController.
+#
+# RssController is referenced by the Rails Connector routes.
+class RssController < RailsConnector::DefaultRssController
+end