lean_cms 0.2.12

data/app/controllers/lean_cms/notification_settings_controller.rb

@@ -0,0 +1,145 @@
+module LeanCms
+  class NotificationSettingsController < ApplicationController
+    include LeanCms::Authorization
+    skip_before_action :check_content_lock
+    before_action :require_settings_access
+
+    def edit
+      @settings = NotificationSetting.instance
+    end
+
+    def update
+      @settings = NotificationSetting.instance
+
+      # Update basic toggles
+      @settings.email_enabled = params[:email_enabled] == '1'
+      @settings.sms_enabled = params[:sms_enabled] == '1'
+      @settings.in_app_enabled = params[:in_app_enabled] == '1'
+      @settings.email_provider = params[:email_provider] || 'none'
+
+      # Update email credentials (only if provider is set and new value provided)
+      # Password fields will be empty if not changed, so only update if present
+      if params[:email_provider] == 'sendgrid'
+        @settings.sendgrid_api_key = params[:sendgrid_api_key] if params[:sendgrid_api_key].present?
+        @settings.mailgun_api_key = nil
+        @settings.mailgun_domain = nil
+      elsif params[:email_provider] == 'mailgun'
+        @settings.mailgun_api_key = params[:mailgun_api_key] if params[:mailgun_api_key].present?
+        @settings.mailgun_domain = params[:mailgun_domain] if params[:mailgun_domain].present?
+        @settings.sendgrid_api_key = nil
+      else
+        # Only clear if switching away from a provider
+        @settings.sendgrid_api_key = nil if @settings.email_provider == 'sendgrid'
+        @settings.mailgun_api_key = nil if @settings.email_provider == 'mailgun'
+        @settings.mailgun_domain = nil if @settings.email_provider == 'mailgun'
+      end
+
+      # Update SMS credentials
+      if params[:sms_enabled] == '1'
+        @settings.twilio_account_sid = params[:twilio_account_sid] if params[:twilio_account_sid].present?
+        @settings.twilio_auth_token = params[:twilio_auth_token] if params[:twilio_auth_token].present?
+        @settings.twilio_from_number = params[:twilio_from_number] if params[:twilio_from_number].present?
+      else
+        @settings.twilio_account_sid = nil
+        @settings.twilio_auth_token = nil
+        @settings.twilio_from_number = nil
+      end
+
+      # Update notification recipients
+      if params[:notification_emails].present?
+        emails = params[:notification_emails].split(',').map(&:strip).reject(&:blank?)
+        @settings.notification_email_list = emails
+      end
+
+      if params[:notification_phones].present?
+        phones = params[:notification_phones].split(',').map(&:strip).reject(&:blank?)
+        @settings.notification_phone_list = phones
+      end
+
+      if @settings.save
+        redirect_to edit_lean_cms_notification_settings_path, notice: 'Notification settings updated successfully.'
+      else
+        flash[:alert] = @settings.errors.full_messages.join(', ')
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    def test_email
+      @settings = NotificationSetting.instance
+
+      unless @settings.email_enabled? && @settings.email_provider != 'none'
+        flash[:alert] = 'Email notifications must be enabled and configured before testing.'
+        redirect_to edit_lean_cms_notification_settings_path
+        return
+      end
+
+      # Create a test form submission
+      test_submission = LeanCms::FormSubmission.create!(
+        form_type: 'contact',
+        name: 'Test User',
+        email: 'test@example.com',
+        phone: '(555) 555-5555',
+        company_name: 'Test Company',
+        city: 'Test City',
+        state: 'WI',
+        zip: '54311',
+        message: 'This is a test notification from the CMS settings page.',
+        ip_address: request.remote_ip,
+        status: :new_submission
+      )
+
+      # Trigger notification
+      begin
+        ContactFormNotifier.with(submission: test_submission).deliver_later(User.where(can_access_settings: true).limit(1))
+        flash[:notice] = 'Test email notification sent successfully!'
+      rescue StandardError => e
+        Rails.logger.error "Test email error: #{e.message}"
+        flash[:alert] = "Failed to send test email: #{e.message}"
+      ensure
+        # Clean up test submission
+        test_submission.destroy
+      end
+
+      redirect_to edit_lean_cms_notification_settings_path
+    end
+
+    def test_sms
+      @settings = NotificationSetting.instance
+
+      unless @settings.sms_enabled?
+        flash[:alert] = 'SMS notifications must be enabled before testing.'
+        redirect_to edit_lean_cms_notification_settings_path
+        return
+      end
+
+      # Create a test form submission
+      test_submission = LeanCms::FormSubmission.create!(
+        form_type: 'contact',
+        name: 'Test User',
+        email: 'test@example.com',
+        phone: '(555) 555-5555',
+        company_name: 'Test Company',
+        city: 'Test City',
+        state: 'WI',
+        zip: '54311',
+        message: 'This is a test SMS notification from the CMS settings page.',
+        ip_address: request.remote_ip,
+        status: :new_submission
+      )
+
+      # Trigger notification
+      begin
+        ContactFormNotifier.with(submission: test_submission).deliver_later(User.where(can_access_settings: true).limit(1))
+        flash[:notice] = 'Test SMS notification sent successfully!'
+      rescue StandardError => e
+        Rails.logger.error "Test SMS error: #{e.message}"
+        flash[:alert] = "Failed to send test SMS: #{e.message}"
+      ensure
+        # Clean up test submission
+        test_submission.destroy
+      end
+
+      redirect_to edit_lean_cms_notification_settings_path
+    end
+  end
+end

data/app/controllers/lean_cms/notifications_controller.rb

@@ -0,0 +1,26 @@
+module LeanCms
+  class NotificationsController < ApplicationController
+    include LeanCms::Authorization
+
+    def index
+      @notifications = current_user.notifications.order(created_at: :desc).page(params[:page]).per(20)
+      @unread_count = current_user.notifications.unread.count
+    end
+
+    def show
+      @notification = current_user.notifications.find(params[:id])
+      @notification.mark_as_read! unless @notification.read?
+    end
+
+    def mark_as_read
+      @notification = current_user.notifications.find(params[:id])
+      @notification.mark_as_read!
+      redirect_to lean_cms_notifications_path, notice: 'Notification marked as read.'
+    end
+
+    def mark_all_as_read
+      current_user.notifications.unread.update_all(read_at: Time.current)
+      redirect_to lean_cms_notifications_path, notice: 'All notifications marked as read.'
+    end
+  end
+end

data/app/controllers/lean_cms/page_contents_controller.rb

@@ -0,0 +1,403 @@
+module LeanCms
+  class PageContentsController < LeanCms::ApplicationController
+    before_action :require_page_editing
+    skip_before_action :check_content_lock
+    before_action :check_content_lock, only: [:update, :update_field, :undo_field]
+
+    def index
+      # Get all pages that have content associated with them
+      @pages = LeanCms::Page
+                .joins(:page_contents)
+                .select('lean_cms_pages.*, MIN(lean_cms_page_contents.page_order) as min_page_order')
+                .group('lean_cms_pages.id')
+                .order('min_page_order, lean_cms_pages.position, lean_cms_pages.title')
+                .distinct
+                .map { |page| { key: page.slug, display_title: page.title, page: page } }
+
+      @page_structure = {}
+      @pages.each do |page_data|
+        page_slug = page_data[:key]
+        page = page_data[:page]
+
+        sections = LeanCms::PageContent
+                    .where(page_id: page.id)
+                    .select(:section, :section_order, :display_title)
+                    .distinct
+                    .order(:section_order)
+                    .pluck(:section, :display_title)
+                    .uniq
+
+        @page_structure[page_slug] = sections.map do |section, display_title|
+          {
+            section: section,
+            display_title: display_title || section.humanize,
+            field_count: LeanCms::PageContent.where(page_id: page.id, section: section).count,
+            last_updated: LeanCms::PageContent.where(page_id: page.id, section: section).maximum(:updated_at),
+            has_cards: LeanCms::PageContent.where(page_id: page.id, section: section, key: 'cards').exists?,
+            has_bullets: LeanCms::PageContent.where(page_id: page.id, section: section, key: 'bullets').exists?
+          }
+        end
+      end
+    end
+
+    def edit
+      @page = params[:page]
+      @section = params[:section]
+
+      # Find the LeanCms::Page by slug
+      page_record = LeanCms::Page.find_by(slug: @page)
+      
+      @fields = if page_record
+        # Use page_id for new data structure
+        LeanCms::PageContent.where(page_id: page_record.id, section: @section).ordered
+      else
+        # Fallback to string-based lookup for legacy data
+        LeanCms::PageContent.where("page = ? AND section = ?", @page, @section).ordered
+      end
+
+      redirect_to lean_cms_page_contents_path, alert: 'Section not found' if @fields.empty?
+    end
+
+    def update
+      @page = params[:page]
+      @section = params[:section]
+
+      success = true
+      errors = []
+
+      # Find the LeanCms::Page by slug
+      page_record = LeanCms::Page.find_by(slug: @page)
+
+      # Handle business hours special case (hours_json field)
+      if params[:hours_labels].present? || params[:hours_note].present?
+        hours_json_field = if page_record
+          LeanCms::PageContent.find_by(page_id: page_record.id, section: @section, key: 'hours_json')
+        else
+          LeanCms::PageContent.find_by("page = ? AND section = ? AND key = ?", @page, @section, 'hours_json')
+        end
+        if hours_json_field
+          hours_data = {
+            'hours' => build_hours_array,
+            'note' => params[:hours_note].to_s
+          }
+          hours_json_field.value = hours_data.to_json
+          hours_json_field.last_edited_by = current_user
+          unless hours_json_field.save
+            success = false
+            errors << "Hours: #{hours_json_field.errors.full_messages.join(', ')}"
+          end
+        end
+      end
+
+      # Handle bullets special case
+      if params[:bullet_items].present? && params[:bullets_field_id].present?
+        bullets_field = LeanCms::PageContent.find_by(id: params[:bullets_field_id])
+        if bullets_field
+          bullets_array = params[:bullet_items].map(&:to_s).reject(&:blank?)
+          bullets_field.value = bullets_array.to_json
+          bullets_field.last_edited_by = current_user
+          unless bullets_field.save
+            success = false
+            errors << "Bullets: #{bullets_field.errors.full_messages.join(', ')}"
+          end
+        end
+      end
+
+      # Update each field in the section
+      content_params = params[:page_contents] || {}
+
+      content_params.each do |field_id, field_data|
+        content = LeanCms::PageContent.find(field_id)
+        content.last_edited_by = current_user
+
+        # Handle different content types
+        if content.rich_text?
+          content.rich_content = field_data[:value]
+        elsif content.image? && field_data[:image_file].present?
+          content.image_file.attach(field_data[:image_file])
+        elsif content.boolean?
+          content.value = (field_data[:value] == '1' || field_data[:value] == 'true').to_s
+        elsif content.cards?
+          # For cards, the value is already JSON from the hidden input
+          cards_json = JSON.parse(field_data[:value]) rescue []
+
+          # Don't overwrite existing cards with an empty array — the cards editor
+          # hidden input may be blank when editing other fields in the same section form.
+          if cards_json.empty? && content.value.present?
+            existing = JSON.parse(content.value) rescue []
+            next if existing.any?
+          end
+          
+          # Handle image uploads for cards
+          if field_data[:card_images].present?
+            # card_images is a hash with index keys: {"0" => file, "1" => file}
+            field_data[:card_images].each do |index_str, image_file|
+              index = index_str.to_i
+              next unless image_file.present? && cards_json[index].present?
+              
+              # Attach the image to card_images collection
+              blob = ActiveStorage::Blob.create_and_upload!(
+                io: image_file,
+                filename: image_file.original_filename,
+                content_type: image_file.content_type
+              )
+              
+              # Attach blob to the PageContent's card_images
+              content.card_images.attach(blob)
+              
+              # Store blob ID in card data
+              cards_json[index]['image_id'] = blob.id.to_s
+              cards_json[index]['use_image'] = true
+            end
+          end
+          
+          # Update cards JSON with image IDs
+          content.value = cards_json.to_json
+        else
+          content.value = field_data[:value]
+        end
+
+        unless content.save
+          success = false
+          errors << "#{content.label}: #{content.errors.full_messages.join(', ')}"
+        end
+      end
+
+      if success
+        # Clear cache for this page.
+        # SolidCache does not support delete_matched, so enumerate keys explicitly.
+        page_slug = @page.to_s
+        cache_scope = page_record ?
+          LeanCms::PageContent.where(page_id: page_record.id) :
+          LeanCms::PageContent.where("page = ?", page_slug)
+
+        cache_scope.pluck(:section, :key).each do |sec, k|
+          Rails.cache.delete("page_content/#{page_slug}/#{sec}/#{k}")
+        end
+        cache_scope.distinct.pluck(:section).each do |sec|
+          Rails.cache.delete("page_section/#{page_slug}/#{sec}")
+        end
+        Rails.cache.delete("page_structure/#{page_slug}")
+        Rails.cache.delete("page_cards/#{page_slug}/#{@section}")
+        Rails.cache.delete("page_bullets/#{page_slug}/#{@section}")
+        
+        # Touch the LeanCms::Page to bust fragment cache
+        page_record&.touch
+
+        redirect_to lean_cms_page_contents_path, notice: 'Content updated successfully.'
+      else
+        redirect_to edit_lean_cms_page_content_path(page: @page, section: @section),
+                    alert: "Errors: #{errors.join('; ')}"
+      end
+    end
+
+    def update_field
+      @field = LeanCms::PageContent.find(params[:id])
+      @field.last_edited_by = current_user
+
+      # Log what we're updating
+      Rails.logger.info "Updating field ##{@field.id}: #{@field.page}/#{@field.section}/#{@field.key}"
+      Rails.logger.info "Old value: #{@field.value.inspect}"
+      Rails.logger.info "New value: #{params[:value].inspect}"
+      Rails.logger.info "Content type: #{@field.content_type}"
+
+      case @field.content_type.to_sym
+      when :text, :url, :color, :dropdown
+        @field.value = params[:value]
+      when :rich_text
+        @field.rich_content = params[:value]
+      when :boolean
+        @field.value = (params[:value] == '1' || params[:value] == 'true').to_s
+      when :cards
+        # Cards are sent as JSON string
+        cards_json = JSON.parse(params[:value]) rescue []
+        
+        # Handle image uploads for cards
+        if params[:card_images].present?
+          # card_images is a hash with index keys: {"0" => file, "1" => file}
+          params[:card_images].each do |index_str, image_file|
+            index = index_str.to_i
+            next unless image_file.present? && cards_json[index].present?
+            
+            # Attach the image to card_images collection
+            blob = ActiveStorage::Blob.create_and_upload!(
+              io: image_file,
+              filename: image_file.original_filename,
+              content_type: image_file.content_type
+            )
+            
+            # Attach blob to the PageContent's card_images
+            @field.card_images.attach(blob)
+            
+            # Store blob ID in card data
+            cards_json[index]['image_id'] = blob.id.to_s
+            cards_json[index]['use_image'] = true
+          end
+        end
+        
+        @field.value = cards_json.to_json
+      when :bullets
+        # Bullets can come as JSON string or array
+        if params[:value].is_a?(Array)
+          @field.value = params[:value].to_json
+        else
+          @field.value = params[:value]
+        end
+      when :image
+        if params[:image_file].present?
+          @field.image_file.attach(params[:image_file])
+        end
+      end
+
+      if @field.save
+        Rails.logger.info "Field saved successfully. New display value: #{@field.reload.display_value.inspect}"
+        
+        # Clear cache
+        clear_page_cache(@field)
+
+        render json: {
+          success: true,
+          value: @field.display_value,
+          message: 'Content updated successfully'
+        }
+      else
+        Rails.logger.error "Failed to save field: #{@field.errors.full_messages.join(', ')}"
+        render json: {
+          success: false,
+          errors: @field.errors.full_messages
+        }, status: :unprocessable_entity
+      end
+    end
+
+    def edit_field
+      @field = LeanCms::PageContent.find(params[:id])
+
+      render partial: 'lean_cms/page_contents/field_editor',
+             locals: { field: @field },
+             layout: false
+    end
+
+    def preview_undo_field
+      @field = LeanCms::PageContent.find(params[:id])
+
+      previous_version = @field.versions.where(event: 'update').last
+
+      if previous_version && previous_version.object
+        previous_state = YAML.safe_load(
+          previous_version.object,
+          permitted_classes: [Symbol, Time, ActiveSupport::TimeWithZone, ActiveSupport::TimeZone, Date, DateTime],
+          aliases: true
+        )
+
+        old_value = previous_state['value']
+
+        if old_value
+          render json: {
+            success: true,
+            current_value: @field.display_value.to_s,
+            previous_value: old_value.to_s
+          }
+        else
+          render json: { success: false, error: 'Could not extract previous value' }, status: :unprocessable_entity
+        end
+      else
+        render json: { success: false, error: 'No previous version found' }, status: :not_found
+      end
+    end
+
+    def undo_field
+      @field = LeanCms::PageContent.find(params[:id])
+      
+      # Get the most recent version from PaperTrail
+      previous_version = @field.versions.where(event: 'update').last
+      
+      if previous_version && previous_version.object
+        # Parse the object to get the previous state
+        # The 'object' column contains the state BEFORE the change
+        previous_state = YAML.safe_load(
+          previous_version.object, 
+          permitted_classes: [Symbol, Time, ActiveSupport::TimeWithZone, ActiveSupport::TimeZone, Date, DateTime],
+          aliases: true
+        )
+        
+        Rails.logger.info "Previous state: #{previous_state.inspect}"
+        
+        # Extract the old value
+        old_value = previous_state['value']
+        
+        if old_value
+          # Set the old value back
+          case @field.content_type.to_sym
+          when :rich_text
+            @field.rich_content = old_value
+          else
+            @field.value = old_value
+          end
+          
+          @field.last_edited_by = current_user
+          
+          if @field.save
+            Rails.logger.info "Field reverted to previous version. New value: #{@field.reload.display_value.inspect}"
+            
+            # Clear cache
+            clear_page_cache(@field)
+            
+            render json: {
+              success: true,
+              value: @field.display_value,
+              message: 'Reverted to previous version'
+            }
+          else
+            render json: {
+              success: false,
+              error: 'Failed to save reverted version'
+            }, status: :unprocessable_entity
+          end
+        else
+          render json: {
+            success: false,
+            error: 'Could not extract previous value'
+          }, status: :unprocessable_entity
+        end
+      else
+        render json: {
+          success: false,
+          error: 'No previous version found'
+        }, status: :not_found
+        end
+    end
+
+    private
+
+    def clear_page_cache(field)
+      # SolidCache does not support delete_matched, so enumerate keys explicitly.
+      page_obj  = field.page  # LeanCms::Page via belongs_to, or nil for legacy records
+      page_slug = page_obj&.slug || field.read_attribute(:page).to_s
+
+      cache_scope = page_obj ?
+        LeanCms::PageContent.where(page_id: page_obj.id) :
+        LeanCms::PageContent.where("page = ?", page_slug)
+
+      cache_scope.pluck(:section, :key).each do |sec, k|
+        Rails.cache.delete("page_content/#{page_slug}/#{sec}/#{k}")
+      end
+      cache_scope.distinct.pluck(:section).each do |sec|
+        Rails.cache.delete("page_section/#{page_slug}/#{sec}")
+      end
+      Rails.cache.delete("page_structure/#{page_slug}")
+      Rails.cache.delete("page_cards/#{page_slug}/#{field.section}")
+      Rails.cache.delete("page_bullets/#{page_slug}/#{field.section}")
+
+      # Touch the LeanCms::Page to bust fragment cache
+      (page_obj || LeanCms::Page.find_by(slug: page_slug))&.touch
+    end
+
+    def build_hours_array
+      return [] unless params[:hours_labels]
+      params[:hours_labels]
+        .zip(params[:hours_values] || [])
+        .map { |label, value| { 'label' => label.to_s, 'value' => value.to_s } }
+        .reject { |h| h['label'].blank? && h['value'].blank? }
+    end
+  end
+end

data/app/controllers/lean_cms/password_setup_controller.rb

@@ -0,0 +1,65 @@
+module LeanCms
+  class PasswordSetupController < ::ApplicationController
+    allow_unauthenticated_access
+    before_action :set_magic_link
+    before_action :ensure_link_valid
+
+    layout "lean_cms/auth"
+
+    def show
+      @user = @magic_link.user
+    end
+
+    def update
+      @user = @magic_link.user
+
+      if params[:password].blank?
+        flash.now[:alert] = "Password cannot be blank."
+        render :show, status: :unprocessable_entity
+        return
+      end
+
+      if params[:password] != params[:password_confirmation]
+        flash.now[:alert] = "Passwords do not match."
+        render :show, status: :unprocessable_entity
+        return
+      end
+
+      if params[:password].length < 8
+        flash.now[:alert] = "Password must be at least 8 characters."
+        render :show, status: :unprocessable_entity
+        return
+      end
+
+      @user.password = params[:password]
+      @user.password_confirmation = params[:password_confirmation]
+      @user.active = true
+      @user.must_change_password = false
+
+      if @user.save
+        @magic_link.mark_as_used!(request.remote_ip)
+        LeanCms::Session.where(user: @user).destroy_all
+        redirect_to lean_cms_new_session_path, notice: "Password set successfully. Please log in."
+      else
+        flash.now[:alert] = @user.errors.full_messages.join(", ")
+        render :show, status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def set_magic_link
+      @magic_link = LeanCms::MagicLink.find_by(token: params[:token])
+    end
+
+    def ensure_link_valid
+      if @magic_link.nil?
+        redirect_to lean_cms_new_session_path, alert: "Invalid link."
+      elsif @magic_link.expired?
+        redirect_to lean_cms_new_session_path, alert: "This link has expired. Please request a new one."
+      elsif @magic_link.used?
+        redirect_to lean_cms_new_session_path, alert: "This link has already been used."
+      end
+    end
+  end
+end

data/app/controllers/lean_cms/passwords_controller.rb

@@ -0,0 +1,42 @@
+module LeanCms
+  class PasswordsController < ::ApplicationController
+    allow_unauthenticated_access
+    before_action :set_user_by_token, only: %i[ edit update ]
+    rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to lean_cms_new_password_path, alert: "Try again later." }
+
+    layout "lean_cms/auth"
+
+    def new
+    end
+
+    def create
+      user_class = LeanCms.user_class.constantize
+
+      if user = user_class.find_by(email_address: params[:email_address])
+        LeanCms::PasswordsMailer.reset(user).deliver_later
+      end
+
+      redirect_to lean_cms_new_session_path, notice: "Password reset instructions sent (if user with that email address exists)."
+    end
+
+    def edit
+    end
+
+    def update
+      if @user.update(params.permit(:password, :password_confirmation))
+        LeanCms::Session.where(user: @user).destroy_all
+        redirect_to lean_cms_new_session_path, notice: "Password has been reset."
+      else
+        redirect_to lean_cms_edit_password_path(params[:token]), alert: "Passwords did not match."
+      end
+    end
+
+    private
+
+    def set_user_by_token
+      @user = LeanCms.user_class.constantize.find_by_password_reset_token!(params[:token])
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      redirect_to lean_cms_new_password_path, alert: "Password reset link is invalid or has expired."
+    end
+  end
+end