kit_cms 2.3.20 → 2.3.22

data/app/controllers/q_controller.rb

@@ -0,0 +1,235 @@
+class QController < ApiController
+  before_filter :publisher_authenticate, :except=>[:token, :extauth, :auth, :messages, :subscribe, :unsubscribe]
+  before_filter :user_authenticate, :only=>[:messages, :subscribe, :unsubscribe]
+
+  # notification messages
+  # params: auth_id, user_id, session_token
+  # optional: after (date/time)
+  #           status
+  #           page (paginated results)
+  #           per (number per page, default 10)
+  #           limit (default 100)
+  #           min_id (IDs must be greater than this)
+  def messages
+    s = @quser.q_messages.sys(_sid).includes(:q_publisher).order("id desc")
+    s = s.where(["created_at > ?", params[:after]]) if params[:after]
+    s = s.where(["status = ?", params[:status]]) if params[:status]
+    s = s.where(["id > ?", params[:min_id]]) if params[:min_id]
+    s = s.limit(params[:limit] || 100) 
+    s = s.page(params[:page]).per(params[:per] || 10) if params[:page]
+    
+    r = []
+    s.all.each do |ss|
+      r << { :id=>ss.id, :status=>ss.status, :h1=>ss.h1, :h2=>ss.h2, :body=>ss.body, :publisher=>ss.q_publisher.name, :created_at=>ss.created_at }
+      unless params[:nomark]
+        ss.status = "OK"
+        ss.save
+      end
+    end 
+    logger.debug r.to_json
+    render :json=>r, :callback=>params[:callback]
+  end
+
+  # call client's authentication URL with whatever params are passed to this method
+  # returns: if auth URL returns status code 200, return the same as "register" would return
+  # else, return whatever the auth URL returned
+  def extauth
+    head :error 
+  end
+
+  # authenticate an already-registered user, and potentially set their notification method
+  # params: auth_id
+  #         user: id
+  #         password: unencrypted
+  def auth
+    @publisher = QPublisher.sys(_sid).where(:auth_id=>params[:auth_id]).first
+
+    quser = @publisher.q_users.sys(_sid).where(:id=>params[:user_id]).first
+
+    if quser && quser.password == params[:password]
+      update_notification(quser)
+      quser.generate_session_token 
+      quser.save
+      render :json=>{:error=>nil, :session=>quser.session_token}, :callback=>params[:callback]
+    else
+      render :json=>{:error=>"Incorrect username or password"}, :callback=>params[:callback]
+    end
+  end
+
+  # send system_id and password to get a token which can be use for token authentication (if publisher auth method is token) or encrypting requests (if publisher auth method is digest)
+  # params: auth_id, auth_secret
+  # returns: token
+  def token
+    publisher = QPublisher.sys(_sid).where(:auth_id=>params[:auth_id]).first
+
+    if publisher && publisher.auth_secret == params[:auth_secret]
+      render :json=>{:auth_id=>publisher.auth_id, :token=>publisher.token}
+    else
+      head :forbidden
+    end
+  end
+
+  # associate a user ID with a notification method/address
+  # params: user (the external ID by which the user is known)
+  #         auth_id (the publisher auth ID)
+  #         method (the notification method)
+  #         address (the address at which they can be notified)
+  #         encrypted_password (optional, to allow direct authentication, should already be bcrypted)
+  #         password (optional, to allow direct authentication, will be bcrypted)
+  def register
+    quser = @publisher.q_users.sys(_sid).where(:q_external_id=>params[:user]).first
+    
+    if quser
+      if quser.password != params[:password]
+        head :forbidden
+        return
+      else
+        quser.password = params[:new_password] if params[:new_password]
+      end
+    else
+      quser = QUser.new
+      quser.system_id = _sid
+      quser.q_publisher = @publisher.id
+      quser.q_external_id = params[:user]
+      quser.encrypted_password = params[:encrypted_password] if params[:encrypted_password]
+    end
+
+    update_notification(quser) 
+    quser.save
+    unless quser.q_external_id
+      quser.q_external_id = quser.id
+      quser.save
+    end
+    render :json=>{:id=>quser.q_external_id}, :callback=>params[:callback]
+  end
+
+
+  # deregistered a User ID with a notification method/address - i.e. destroy the user account
+  # params: user (the external ID by which the user is known)
+  def deregister
+    quser = @publisher.q_users.sys(_sid).where(:q_external_id=>params[:user]).first
+
+    quser.destroy
+    head :ok
+  end
+
+  # subscribe to a topic (i.e. receive a notification when that topic happens)
+  # params: user (the external ID by which the user is known)
+  #         topic (the topic to which is being subscribed)
+  def subscribe
+    quser = @publisher.q_users.sys(_sid).where(:q_external_id=>params[:user]).first
+
+    unless quser
+     head :bad_request
+     return
+    end
+    
+    qs = QSubscription.sys(_sid).where(:q_publisher_id=>@publisher.id).where(:q_user_id=>quser.id).where(:topic=>params[:topic]).first
+    unless qs
+      qs = QSubscription.new
+      qs.system_id = _sid
+      qs.q_publisher = @publisher
+      qs.q_user = quser
+      qs.topic = params[:topic]
+      qs.save
+    end
+
+    render :json=>{:subscription=>qs.id}
+  end
+
+  # unsubscribe from topic (i.e. stop receiving notifications when a topic happens)
+  # params: user (the external ID by which the user is known)
+  #         topic (the topic to which is being unsubscribed)
+  def unsubscribe
+    quser = @publisher.q_users.sys(_sid).where(:q_external_id=>params[:user]).first
+
+    unless quser
+     head :bad_request
+     return
+    end
+
+    qs = QSubscription.sys(_sid).where(:q_publisher_id=>@publisher.id).where(:q_user_id=>quser.id).where(:topic=>params[:topic]).first
+
+    qs.destroy    
+
+    head :ok
+  end
+
+  def event
+    event = QEvent.create(:system_id=>_sid, :q_publisher_id=>@publisher.id, 
+                          :topic=>params[:topic], :data=>params[:data], 
+                          :klass=>params[:class])
+
+    render :json=>{:event=>event.id} 
+  end
+
+  private
+
+  def user_authenticate
+   if params[:auth_id] && params[:user_id]
+     @publisher = QPublisher.sys(_sid).where(:auth_id=>params[:auth_id]).first
+     @quser = @publisher.q_users.sys(_sid).where(:id=>params[:user_id]).first if @publisher
+    end
+
+    unless @publisher && @quser
+      head :forbidden
+      return
+    end
+
+   return true if @quser.session_token && @quser.session_token == params[:session_token]
+   return publisher_authenticate
+  end
+  
+  def publisher_authenticate
+    @publisher ||= QPublisher.sys(_sid).where(:auth_id=>params[:auth_id]).first
+
+    auth = false
+
+    if @publisher.auth_method=='token'
+      auth = authenticate_token
+    elsif @publisher.auth_method=='digest'
+      auth = authenticate_digest
+    end
+
+    if auth
+      return true
+    else
+      head :forbidden
+      return false
+    end
+  end
+
+  # encrypt, using the token, the digest_secret, the user ID (or '0'), the topic (or '0')
+  def authenticate_digest
+    return false unless params[:digest]
+    aes = FastAES.new(@publisher.token)
+    data = aes.decrypt(params[:digest]).split('-')
+#    logger.debug "*** #{data[0]} #{data[1]} #{data[2]}"
+    return false unless data[0] == @publisher.digest_secret
+    return false unless data[1] == params[:user] unless data[1]=='0'
+    return false unless data[2] == params[:topic] unless data[2]=='0'
+    return true 
+  end
+
+  def authenticate_token
+      if @publisher.token == params[:token]
+        return true
+      else
+        return false
+      end
+  end    
+
+  def update_notification(quser)
+     quser.notification_method = params[:method] if params[:method]
+      if params[:method]=='twitter'
+        quser.twitter_handle  = params[:address]
+      elsif params[:method]=='email'
+        quser.email = params[:address]
+      elsif params[:method]=='ios'
+        quser.ios_device_token = params[:address]
+      end
+
+      return quser
+  end  
+end
+

data/app/controllers/repo_controller.rb

@@ -0,0 +1,7 @@
+class RepoController < KitController
+
+  def index
+    @blocks = Block.sys(_sid).where(:repo=>1).all
+  end
+
+end

data/app/controllers/user_controller.rb

@@ -1,15 +1,12 @@
 class UserController < KitController
 
-  layout Preference.get_cached!(0,"user_profile_layout", "application")
-  append_view_path Layout.resolver  
-
-  before_filter :authenticate_user!
+  before_filter :authenticate
 
   def preferences
     @page_title = 'Preferences'
     @user = current_user
 
-
+    render "preferences", :layout=>profile_layout
   end
 
   def profile
@@ -28,9 +25,11 @@ class UserController < KitController
   def edit_profile
     form = Preference.get_cached(_sid, 'user_profile_edit_form')
     if form.not_blank?
-      render :inline=>form, :layout=>Preference.get_cached!(0,"user_profile_layout", "application") #TODO sub in auth token
+      render :inline=>form, :layout=>profile_layout # Preference.get_cached!(0,"user_profile_layout", "application") #TODO sub in auth token
       return
     end
+
+    render "edit_profile", :layout=>profile_layout
   end
 
   def attribute
@@ -135,7 +134,7 @@ class UserController < KitController
       end
     end
 
-    kit_render "preferences", :layout=>Preference.get_cached!(_sid,"user_profile_layout", "application")
+    kit_render "preferences", :layout=>profile_layout
   end
 
   private
@@ -144,11 +143,16 @@ class UserController < KitController
     render :text=>"User not found" and return unless @user
 
     form = Preference.get_cached(_sid, "user_profile_#{owner ? 'owner' : 'view'}_form")
+    
     if form.not_blank?
-      render :inline=>form, :layout=>Preference.get_cached!(0,"user_profile_layout", "application") 
+      render :inline=>form, :layout=>profile_layout
     else
-      render "user_profile"
+      render "user_profile", :layout=>profile_layout
     end
   end
-  
+ 
+  def profile_layout
+    Layout.preference(_sid, 'user_profile_layout').path
+  end
+
 end

data/app/controllers/utility_controller.rb

@@ -27,7 +27,7 @@ class UtilityController < KitController
   end
 
   def markdown_preview
-    render :text=>params[:body].sanitise.friendly_format.html_safe
+    render :text=>params[:body].sanitise.friendly_format({:smilies=>true}).html_safe
   end
 
   def design_history

data/app/helpers/account_helper.rb

@@ -0,0 +1,47 @@
+module AccountHelper
+  include KitHelper
+
+  def users_have_profiles?
+    UserAttribute.sys(_sid).where(:owner_editable=>1).count>0
+  end
+
+  def account_forgotten(options = {})
+    render :partial=>"account/forgotten", :locals=>{:options=>options}
+  end
+
+  def account_sign_in_form(options = {})
+    render :partial=>"account/sign_in", :locals=>{:options=>options}
+  end
+
+  def account_sign_up_form(options = {})
+    render :partial=>"account/sign_up", :locals=>{:options=>options}
+  end
+
+  def account_edit_form(options = {})
+    render :partial=>"account/edit", :locals=>{:options=>options}
+  end
+
+  def sign_up_url
+    sys_pref("account_sign_up_url") || "/users/sign_up"
+  end
+
+  def sign_in_url
+    sys_pref("account_sign_in_url") || "/users/sign_in"
+  end
+
+  def sign_out_url
+    sys_pref("account_sign_out_url") || "/users/sign_out"
+  end
+
+  def forgotten_url
+    sys_pref("account_forgotten_url") || "/users/forgotten"
+  end
+
+  def reset_url
+    sys_pref("account_reset_url") || "/users/reset"
+  end
+
+  def account_reset_failed(options = {})
+    render :partial=>"account/account_reset_failed", :locals=>{:options=>options}
+  end
+end

data/app/helpers/admin/layouts_helper.rb

@@ -1,2 +1,10 @@
 module Admin::LayoutsHelper
+
+  def layout_asset_selected(asset)
+    if @layout && @layout.id!=nil
+      @layout.html_assets.include?(asset)
+    else
+      false
+    end
+  end
 end

data/app/helpers/admin/page_templates_helper.rb

@@ -1,5 +1,13 @@
 module Admin::PageTemplatesHelper
 
+  def page_template_asset_selected(asset)
+    if @page_template && @page_template.id!=nil
+      @page_template.html_assets.include?(asset)
+    else
+      false
+    end
+  end
+  
   def show_html_assets(list, type)
     return '' unless list
     o = ''

data/app/helpers/ads_helper.rb

@@ -28,6 +28,7 @@ module AdsHelper
   end
 
   def kit_ad_by_unit(unit_id, options = {})
+    return "[[ads may appear here]]" if params[:edit]
     begin
       possible_zones = []
       highest_priority = nil
@@ -43,7 +44,7 @@ module AdsHelper
       if possible_zones.length>0 
         return kit_ad_by_zone(possible_zones, options)
       else
-        return "[[no zones found]]"
+        return nil
       end
     rescue Exception => e
       logger.error e.message
@@ -68,17 +69,15 @@ module AdsHelper
   end
 
   def kit_ad(id, options = {})
-  begin
-    ad = Ad.sys(_sid).where(:id=>id).includes(:ad_zones).first
-    
-    ad = Ad.ensure_ad(ad)
-    ad.impress
-    ad.render
-  rescue Exception => e
-    e.message
-  end
-
-
+    begin
+      ad = Ad.sys(_sid).where(:id=>id).includes(:ad_zones).first
+      
+      ad = Ad.ensure_ad(ad)
+      ad.impress
+      ad.render
+    rescue Exception => e
+      e.message
+    end
   end
 
   def zone_with_price(zone)

data/app/helpers/calendar_helper.rb

@@ -129,6 +129,7 @@ module CalendarHelper
     entries = {}
     days_in_this_month = days_in_month(month)
 
+    logger.debug "**** days in month #{month} #{days_in_this_month}"
     for i in 1..days_in_this_month do
       entries[i] = []
     end
@@ -160,8 +161,11 @@ module CalendarHelper
     end
   end
 
-  def days_in_month(d)
-    (Date.new(d.year, 12, 31) << (12-d.month)).day
+  COMMON_YEAR_DAYS_IN_MONTH = [nil, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31]
+
+  def days_in_month(month, year = Time.now.year)
+   return 29 if month == 2 && Date.gregorian_leap?(year)
+   COMMON_YEAR_DAYS_IN_MONTH[month]
   end
 
   def regions_list