jeffrafter-spreadhead 0.4.0 → 0.6.0

data/CHANGELOG.textile

@@ -1,7 +1,18 @@
-h2. 0.3.0 
+h2. 0.6.0
+
+* Changed filter behavior, made editing disabled by default (Jeff Rafter)
+
+h2. 0.5.0 
+
+* Added tasks for importing and exporting (Jeff Rafter)
+
+h2. 0.4.0 
 
 * Removed to_param behavior for page resource (Jeff Rafter)
 * Allowed for "/" in urls (Jeff Rafter)
+
+h2. 0.3.0 
+
 * Added a view link (Jeff Rafter)
 
 h2. 0.2.0 (unreleased)

data/README.textile

@@ -2,7 +2,7 @@ h1. Spreadhead
 
 <strong>spreadhead</strong> <em>noun</em> two facing pages of a book or other publication.
 
-Rails content mangement for pages that shouldn't be views.
+Rails content management for pages that shouldn't be views.
 
 h2. Installation
 
@@ -39,20 +39,15 @@ Run the migration:
 rake db:migrate
 </pre>
 
+Modify the initializer in @config/initializers/spreadhead.rb@ to control access.
+
 h2. Routes
 
 Spreadhead installs default catch-all routes. These are given the lowest priority in your application. If your application is already catching these routes then you may not be able to access your spreadhead pages.
 
-h2. Cucumber Features
-
-As your application evolves, you want to know that your pages still work. Cucumber tests are included.
-
-Run the Cucumber generator (if you haven't already) and the feature generator:
+h2. Tutorial
 
-<pre>
-script/generate cucumber
-script/generate spreadhead_features
-</pre>
+Checkout the "tutorial":http://wiki.github.com/jeffrafter/spreadhead/tutorial.
 
 h2. Authors
 

data/TODO.textile

@@ -1,4 +1,6 @@
 h1. To-do
 
-* Include alternate views
-* Allow authentication and role to be checked
+* Include alternate views for the forms
+* Allow alternate layouts
+* Caching, clearing cache
+* Uploading images (basic)

data/TUTORIAL.textile

@@ -0,0 +1,248 @@
+Before you can use Spreadhead you are going to need a few things, most importantly the spreadhead gem:
+
+<pre>
+<code>
+  sudo gem install jeffrafter-spreadhead --source=http://gems.github.com
+</code>
+</pre>
+
+By default this should install the RedCloth gem, the BlueCloth gem, and the rsl-stringex gem. These handle the text and url formatting. If you want to run the spreadhead-specific tests, you will need Thoughtbot's shoulda and factory_girl. Once you have all of the requisite gems, you need to configure your Rails application to use the gem. You can do this by adding a config.gem statement to your environment.rb (or to a specific environment). For example:
+
+<pre>
+<code>
+  Rails::Initializer.run do |config|
+    # Specify gems that this application depends on and have them installed with 
+    # rake gems:install
+    config.gem "spreadhead", :lib => "spreadhead"
+
+    # Skip frameworks you're not going to use. To use Rails without a database,
+    # you must remove the Active Record framework.
+    config.frameworks -= [ :active_resource ]
+
+    # Set Time.zone default to the specified zone and make Active Record 
+    # auto-convert to this zone. Run "rake -D time" for a list of tasks for 
+    # finding time zone names.
+    config.time_zone = 'UTC'
+  end
+</code>
+</pre>
+
+After you have done this, you can use the spreadhead generator from the console (while in the rails root).
+
+<pre>
+<code>
+  script/generate spreadhead
+</code>
+</pre>
+
+This will create (or update) a migration for the pages table, which is used to store all of the pages in your system. Additionally, it will create a Page model in your app/models folder. The model is blank except for an include statement to bring in all of the base functionality. By default the page creation and editing is completely disabled, you need to enable it in the @config/initializers/spreadhead.rb@ file.This is all you need to get started, you should be able to run the migration and restart your application and navigate to the "/pages" url. 
+
+h2. Security
+
+It is important to note that allowing users to create pages, especially pages that can contain &lt;script&gt; tags is just a bad idea. You need to trust the user, which is also a bad idea. Because of this, page creation, editing, deleting - _everything_ - is disabled when you install it into your application. This is a safety feature to protect your app from some accidental inclusion or deployment.
+
+To enable the application you need to modify initializer, where you can control which users get access to create, edit, destroy and update pages. To do this, you can add a before filter. If you are using a toolkit like Clearance, then you can use the something like the following:
+
+<pre>
+<code>
+   module Spreadhead
+     module PagesAuth
+       def self.filter(controller)
+         controller.redirect_to_root unless signed_in?
+       end
+     end  
+   end    
+</code>
+</pre>
+
+If you give everyone access, this is probably still a bad idea and you will want to check that the current user is an admin:
+
+<pre>
+<code>
+   module Spreadhead
+     module PagesAuth
+       def self.filter(controller)
+         controller.redirect_to_root unless admin?
+       end
+     end  
+   end    
+</code>
+</pre>
+
+Of course, you will probably want to add something to your application controller for checking if the current user is an admin:
+
+<pre>
+<code>
+  def admin?
+    signed_in? && current_user.admin?
+  end
+</code>
+</pre>
+
+Remember to protect that admin attribute in your user model so that it can't be mass assigned. 
+
+This same kind of methodology will work for authlogic, restful_authentication, or your favorite authorization toolkit or homegrown solution. This really isn't the place for security how-to, but just keep in mind that if the hackers get access to this, they will win.
+
+h2. What do I get?
+
+By default you will have the "/pages":http://localhost:3000/pages resource. This is where you make new pages:
+
+<div class="thumbnail"><a href="http://skitch.com/jeffrafter/b5anb/malachite.org-simpler-message-service"><img src="http://img.skitch.com/20090818-bfje6q835cdcnaf9hx2adj5qxx.preview.jpg" alt="Malachite.org - Simpler message service." /></a><br /><span style="font-family: Lucida Grande, Trebuchet, sans-serif, Helvetica, Arial; font-size: 10px; color: #808080">Uploaded with <a href="http://plasq.com/">plasq</a>'s <a href="http://skitch.com">Skitch</a>!</span></div>
+
+Once you have made a page you can access that by the created URL. If you title your page "Brachiosaurus or woozle!" and leave the URL blank it will be located at "/brachiosaurus-or-woozle" (notice that you don't need the leading "/"). If you wanted to get fancy you could set the URL yourself (or change it) to something like "2004/09/13/brachs-and-woo" and then you can access this full path from the root of your site.
+
+You can blank the URL out at any time and Spreadhead will generate a new one. If there is a conflict it will add "-1" to the end (or "-2" and so on).
+
+h2. Hey my routes aren't working
+
+Maybe you have some fancy routes already, maybe something using a glob? Maybe something like:
+
+<pre>
+<code>
+  map.connect '/:username/:project_name', :controller => 'projects', :action => 'show', :conditions => {:method => :put}
+</code>
+</pre>
+
+Well, that is going to catch anything before it gets to Spreadhead's routes (which have the lowest priority). You will probably want to redeclare the pages resource with a higher priority. Put this before the special route:
+
+<pre>
+<code>
+  map.resources :pages, :controller => 'spreadhead/pages'
+</code>
+</pre>
+
+h2. Adding some style
+
+The views for the admin interface are pretty plain:
+
+<div class="thumbnail"><a href="http://skitch.com/jeffrafter/b5ab9/malachite.org-simpler-message-service"><img src="http://img.skitch.com/20090818-rpcd6uqf9u678a68rc5r4ed1tu.preview.jpg" alt="Malachite.org - Simpler message service." /></a><br /><span style="font-family: Lucida Grande, Trebuchet, sans-serif, Helvetica, Arial; font-size: 10px; color: #808080">Uploaded with <a href="http://plasq.com/">plasq</a>'s <a href="http://skitch.com">Skitch</a>!</span></div>
+
+But you might want to dress them up. I wanted to just drop some basic CSS here for now, but updates are welcome:
+
+<pre>
+<code>
+div.checkbox, 
+div.text, 
+div.textarea, 
+div.select {
+  float:none;
+  clear:both;
+  padding-top:8px;
+}
+div.checkbox label, 
+div.text label, 
+div.textarea label, 
+div.select label {
+  padding-top:5px;
+  padding-right:15px;
+  display:block;
+  width:150px;
+  float:left;
+  text-align:right;
+}
+div.submit { 
+  margin-top:10px; 
+  padding-top:10px; 
+  width:90%; 
+  float:right; 
+  border-top:1px dotted silver;
+}
+div.optional {
+  color:gray;
+}
+div.required {
+}
+div.syntax {
+  background:#4C5E29;
+  padding:4px;
+  color:white;
+  margin-left:165px;
+  margin-top:-3px;
+  width:324px;
+  text-align:right;
+}
+div.syntax a {
+  color:white;
+}
+input { 
+  margin-top:4px; 
+}
+select { 
+  margin-top:4px; 
+}
+textarea { 
+  margin-top:4px; 
+}
+</code>
+</pre>
+
+And some basic table styling:
+
+<pre>
+<code>
+table.pages {
+  background:#FFFFFF none repeat scroll 0 0;
+  border-collapse:collapse;
+  margin-bottom:20px;
+  text-align:left;
+  -moz-background-clip:border;
+  -moz-background-inline-policy:continuous;
+  -moz-background-origin:padding;  
+}
+table.pages th {
+  border-bottom:2px solid #4C5E29;
+  font-family:"Helvetica Neue",Arial,Helvetica,Geneva,sans-serif;
+  color:#4C5E29;
+  font-weight:normal;
+  padding:10px 8px;
+}
+table.pages td {
+  border-bottom:1px solid silver;
+  padding:6px 8px;
+  background:#EAEAEA;
+}
+table.pages td.odd {
+}
+table.pages td.even {
+  background:#DBDBDB;
+}
+table.pages tr:hover td {
+  background:#F3F3F3;
+}
+table.pages td.published, th.published {
+  text-align:center;
+}
+table.pages td.commands {
+  text-align:right;  
+}
+</code>
+</pre>
+
+
+h2. Layouts and adding extension points to your site
+
+The pages should render using the default application layout just fine, but you can add a few things to make this better. Spreadhead wants to push content for the title, the description, and even keywords. This allows you to do some basic page-specific optimization. Add the following to the &lt;head&gt; section of your site:
+
+<pre>
+<code>
+    <title>Yoursite.org - <%= @title || yield(:title) -%></title>
+    <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
+    <meta name="Description" content="<%= yield :description -%>" />
+    <meta name="Keywords" content="<%= yield :keywords -%>" />
+</code>
+</pre>
+
+You can also create nice little extension points for your users to modify smaller areas of the site. For example, you might have a welcome page that needs to have various cover information, but you want your client to be able to modify the copy on the front. Simply do the following:
+
+<pre>
+<code>
+  <div id="blurb"><%= spreadhead "welcome" -%></div>
+</code>
+</pre>
+
+Then, the client simply needs to create a page with the URL "welcome" and Spreadhead will insert the content. This could be used for headers, footers (including links).
+
+
+h2. Importing and exporting
+
+Spreadhead comes with some basic rake tasks for importing and exporting the pages: @rake spreadhead:export@ and @rake spreadhead:import@. Exporting will dump a set of Yaml fixutres to the file @db/data/pages.yml@ in your rails root. Importing will erase all of the current pages and replace them with those in the @db/data/pages.yml@ file (or none if the file does not exist). 

data/VERSION

@@ -1 +1 @@
-0.4.0
+0.6.0

data/app/controllers/spreadhead/pages_controller.rb

@@ -1,7 +1,8 @@
 module Spreadhead
   class PagesController < ApplicationController
     unloadable
-
+    before_filter :filter, :except => [:show]
+    
     def new
       @page = ::Page.new    
     end
@@ -22,7 +23,7 @@ module Spreadhead
       @page = ::Page.new(params[:page])
       respond_to do |format|
         if @page.save
-          format.html { redirect_to page_url(@page) }
+          format.html { redirect_to pages_url }
           format.xml  { head :created, :location => pages_url }
         else
           format.html { render :action => "new" }
@@ -52,5 +53,10 @@ module Spreadhead
         format.xml  { head :ok }
       end
     end
+    
+  private
+    def filter
+      Spreadhead::PagesAuth.filter(self)    
+    end
   end
 end

data/app/views/spreadhead/pages/_form.html.erb

@@ -2,35 +2,39 @@
   <%= form.error_messages %>
 </div>    
 
-<div class="text">
+<div class="text required unique">
   <%= form.label :title %>
   <%= form.text_field :title %>
 </div>
-<div class="text">
+<div class="text optional unique">
   <%= form.label :url %>
   <%= form.text_field :url %>
 </div>
-<div class="text">
+<div class="text optional">
   <%= form.label :description %>
   <%= form.text_field :description %>
 </div>
-<div class="text">
+<div class="text optional">
   <%= form.label :keywords %>
   <%= form.text_field :keywords %>
 </div>
-<div class="text">
+<div class="text optional">
   <%= form.label :category %>
   <%= form.text_field :category %>
 </div>
-<div class="textarea">
+<div class="textarea required">
   <%= form.label :text %>
   <%= form.text_area :text %>
 </div>
-<div class="checkbox">
-  <%= form.label :published %>
-  <%= form.check_box :published %>
+<div class="syntax">
+  <a href="http://daringfireball.net/projects/markdown/syntax" target="_blank">Learn Markdown</a> |
+  <a href="http://hobix.com/textile/" target="_blank">Learn Textile</a>
 </div>
-<div class="select">
+<div class="select required">
   <%= form.label :formatting %>
   <%= form.select :formatting, [['Plain','plain'], ['Markdown', 'markdown'], ['Textile', 'textile']] %>
 </div>
+<div class="checkbox optional">
+  <%= form.label :published %>
+  <%= form.check_box :published %>
+</div>

data/app/views/spreadhead/pages/index.html.erb

@@ -1,12 +1,15 @@
 <h2>Pages</h2>
 
 <table class="pages">
-  <tr>
-    <th class="title">Title</th>
-    <th class="path">Path</th>
-    <th class="published">Published</th>
-    <th class="commands"></th>
-  </tr>
+  <thead>
+    <tr>
+      <th class="title">Title</th>
+      <th class="path">Path</th>
+      <th class="published">Published</th>
+      <th class="commands"></th>
+    </tr>
+  </thead>
+  <tbody>  
   <% for page in @pages %>
     <tr class="<%= cycle("even","odd") -%>" >
       <td class="title"><%= link_to page.title || 'No title', edit_page_url(page) %></td>
@@ -15,6 +18,7 @@
       <td class="commands"><%= link_to "View", page.url %> | <%= link_to 'Destroy', page_url(page), :confirm => 'Are you sure?', :method => :delete %></td>
     </tr>
   <% end %>
+  </tbody>
 </table>
 <div>
   <%= link_to 'New page', new_page_url %>

data/generators/spreadhead/spreadhead_generator.rb

@@ -19,6 +19,9 @@ class SpreadheadGenerator < Rails::Generator::Base
       m.directory File.join("test", "factories")
       m.file "factories.rb", "test/factories/spreadhead.rb"      
 
+      m.directory File.join("config", "initializers")
+      m.file "initializer.rb", "config/initializers/spreadhead.rb"      
+
       m.migration_template "migrations/#{migration_name}.rb", 'db/migrate',
         :migration_file_name => "spreadhead_#{migration_name}"
 

data/generators/spreadhead/templates/README

@@ -3,8 +3,8 @@
 
 Ok, enough fancy automatic stuff. Time for some old school monkey copy-pasting.
 
-By default, Spreadhead does not restrict access to page creation, updating and
-deleting. To implement this you will need to modify
+By default, Spreadhead restricts access to page creation, updating and deleting. 
+To implement this you will need to modify
 
   config/initializers/spreadhead.rb
   

data/generators/spreadhead/templates/initializer.rb

@@ -7,6 +7,21 @@
 # filter. If you are using a toolkit like Clearance, then you can use the 
 # following:
 #
-# Spreadhead::PagesController.before_filter :redirect_to_root, 
-#                                           :except => [:show], 
-#                                           :unless => :signed_in?
+#   module Spreadhead
+#     module PagesAuth
+#       def self.filter(controller)
+#         controller.redirect_to_root unless signed_in?
+#       end
+#     end  
+#   end    
+#
+# By default all access to creating an modifying pages is forbidden. You need
+# to make sure you trust the people creating pages because they can easily
+# inject malicious scripts using this tool.
+module Spreadhead
+  module PagesAuth
+    def self.filter(controller)
+      controller.send(:head, 403)
+    end
+  end  
+end    

data/lib/spreadhead.rb

@@ -3,4 +3,5 @@ require 'redcloth'
 require 'bluecloth'
 require 'spreadhead/extensions/routes'
 require 'spreadhead/page'
+require 'spreadhead/filter'
 

data/lib/spreadhead/filter.rb

@@ -0,0 +1,7 @@
+module Spreadhead
+  module PagesAuth
+    def self.filter(controller)
+      controller.send(:head, 403)
+    end
+  end  
+end

data/lib/spreadhead/page.rb

@@ -37,6 +37,7 @@ module Spreadhead
           validates_presence_of :title
           validates_uniqueness_of :title
           validates_uniqueness_of :url  
+          validates_presence_of :url  
         end
       end
     end
@@ -67,6 +68,15 @@ module Spreadhead
     end  
 
     module ClassMethods
+      def to_fixtures(path=nil)
+        path ||= File.expand_path("db/data/#{table_name}.yml", RAILS_ROOT)
+        path = File.join(path, "#{table_name}.yml") if File.directory?(path)
+        file = File.open(path, "w")
+        file.puts(self.find(:all).inject({}) { |hash, record| 
+          hash.merge("\"#{record.title}\"" => record.attributes) 
+        }.to_yaml(:SortKeys => true))
+        file.close
+      end
     end
   end
 end

data/lib/tasks/spreadhead_tasks.rake

@@ -0,0 +1,16 @@
+require 'active_record/fixtures'    
+
+namespace :spreadhead do
+  desc "Export a set of fixtures from the current database pages"
+  task :export => [:environment] do
+    data = File.join(RAILS_ROOT, 'db', 'data')
+    Dir.mkdir(data) unless File.exists?(data)
+    Page.to_fixtures(data)
+  end
+      
+  desc "Import a set of page fixtures into the current database (overwrites existing pages)"
+  task :import => [:environment] do
+    puts 'Importing fixtures' 
+    Fixtures.create_fixtures("db/data/", 'pages')
+  end
+end

data/test/controllers/pages_controller_test.rb

@@ -5,79 +5,114 @@ class PagesControllerTest < ActionController::TestCase
 
   tests Spreadhead::PagesController
 
-  context "on GET to #new" do
-    setup { get :new }
-
-    should_respond_with :success
-    should_render_template :new
-    should_not_set_the_flash
-  end
-
-  context "on GET to #index" do
-    setup { get :index }
-
-    should_respond_with :success
-    should_render_template :index
-    should_not_set_the_flash
-  end
-
-  context "on GET to #show" do
+  context "default setup" do
     setup do
-      page = Factory(:page)
-      get :show, :url => page.url
+      module Spreadhead::PagesAuth
+        def self.filter(controller); controller.send(:head, 403); end
+      end  
     end  
+          
+    context "on GET to #new" do
+      setup { get :new }
+      should_respond_with 403
+    end
+    
+    context "on GET to #show" do
+      setup do
+        page = Factory(:page)
+        get :show, :url => page.url
+      end  
 
-    should_respond_with :success
-    should_render_template :show
-    should_not_set_the_flash
+      should_respond_with :success
+      should_render_template :show
+      should_not_set_the_flash
+    end
   end
 
-  context "on GET to #edit" do
+  context "authorized" do
     setup do
-      page = Factory(:page)
-      get :edit, :id => page.id
+      module Spreadhead::PagesAuth
+        def self.filter(controller); true; end
+      end  
     end  
+      
+    context "on GET to #new" do
+      setup { get :new }
 
-    should_respond_with :success
-    should_render_template :edit
-    should_not_set_the_flash
-  end
+      should_respond_with :success
+      should_render_template :new
+      should_not_set_the_flash
+    end
 
-  context "on POST to #create with valid attributes" do
-    setup do
-      page_attributes = Factory.attributes_for(:page)
-      post :create, :page => page_attributes
+    context "on GET to #index" do
+      setup { get :index }
+
+      should_respond_with :success
+      should_render_template :index
+      should_not_set_the_flash
     end
-      
-    should_respond_with :redirect
-    should_not_set_the_flash
-  end
-  
-  context "on PUT to #update with valid attributes" do
-    setup do
-      page = Factory(:page)              
-      put :update, :id => page.id, :page => page.attributes
+
+    context "on GET to #show" do
+      setup do
+        page = Factory(:page)
+        get :show, :url => page.url
+      end  
+
+      should_respond_with :success
+      should_render_template :show
+      should_not_set_the_flash
     end
-      
-    should_respond_with :redirect
-    should_not_set_the_flash
-  end
-  
-  context "on DELETE to #destroy with valid attributes" do
-    setup do
-      page = Factory(:page)
-      delete :destroy, :id => page.id
+
+    context "on GET to #edit" do
+      setup do
+        page = Factory(:page)
+        get :edit, :id => page.id
+      end  
+
+      should_respond_with :success
+      should_render_template :edit
+      should_not_set_the_flash
     end
-    
-    should_respond_with :redirect
-    should_not_set_the_flash
 
-    should "Destroy the page" do
-      count = Page.count
-      page = Factory(:page)
-      delete :destroy, :id => page.id
-      assert_equal Page.count, count
+    context "on POST to #create with valid attributes" do
+      setup do
+        page_attributes = Factory.attributes_for(:page)
+        post :create, :page => page_attributes
+      end
+        
+      should_respond_with :redirect
+      should_not_set_the_flash
+      should_redirect_to("The list of pages") { pages_url }
+    end
+    
+    context "on PUT to #update with valid attributes" do
+      setup do
+        page = Factory(:page)              
+        put :update, :id => page.id, :page => page.attributes
+      end
+        
+      should_respond_with :redirect
+      should_not_set_the_flash
+      should_redirect_to("The list of pages") { pages_url }
     end
+    
+    context "on DELETE to #destroy with valid attributes" do
+      setup do
+        page = Factory(:page)
+        delete :destroy, :id => page.id
+      end
+      
+      should_respond_with :redirect
+      should_not_set_the_flash
+      should_redirect_to("The list of pages") { pages_url }
 
-  end
+      should "Destroy the page" do
+        count = Page.count
+        page = Factory(:page)
+        delete :destroy, :id => page.id
+        assert_equal Page.count, count
+      end
+
+    end
+  end  
 end

data/test/models/page_test.rb

@@ -42,6 +42,20 @@ class PageTest < ActiveSupport::TestCase
       assert dup.save
       assert !dup.errors.on(:url)
     end
+    
+    should "add suffix and be valid when two different titles generate the same url" do
+      page = Factory(:page, :title => 'smurf', :url => 'smurf')
+      dup = Factory(:page, :title => 'smurf!', :url => 'buttons')
+      assert dup.update_attributes(:url => nil)
+      assert_equal 'smurf-1', dup.url
+    end
+    
+    should "be valid when a url is a subset of another url" do
+      page = Factory(:page, :title => 'smurf', :url => 'woozles')
+      dup = Factory(:page, :title => 'Woo', :url => 'brick-spin-brachiosaurus')
+      assert dup.update_attributes(:url => nil)
+      assert_equal 'woo', dup.url
+    end
 
   end
   

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: jeffrafter-spreadhead
 version: !ruby/object:Gem::Version 
-  version: 0.4.0
+  version: 0.6.0
 platform: ruby
 authors: 
 - Jeff Rafter
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-08-17 00:00:00 -07:00
+date: 2009-08-20 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -57,6 +57,7 @@ files:
 - README.textile
 - Rakefile
 - TODO.textile
+- TUTORIAL.textile
 - VERSION
 - app/controllers/spreadhead/pages_controller.rb
 - app/views/spreadhead/pages/_form.html.erb
@@ -77,8 +78,10 @@ files:
 - generators/spreadhead/templates/page.rb
 - lib/spreadhead.rb
 - lib/spreadhead/extensions/routes.rb
+- lib/spreadhead/filter.rb
 - lib/spreadhead/page.rb
 - lib/spreadhead/render.rb
+- lib/tasks/spreadhead_tasks.rake
 - rails/init.rb
 - test/controllers/pages_controller_test.rb
 - test/models/page_test.rb