lean_cms 0.2.12

data/app/javascript/controllers/notifications_controller.js

@@ -0,0 +1,19 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  connect() {
+    // Subscribe to Turbo Streams for real-time updates
+    if (typeof Turbo !== 'undefined') {
+      this.subscribeToNotifications()
+    }
+  }
+
+  subscribeToNotifications() {
+    const userId = this.element.dataset.userId || document.body.dataset.userId
+    if (!userId) return
+
+    // Subscribe to notification channel for this user
+    // This would require ActionCable setup - for now, we'll rely on page refreshes
+    // In a full implementation, you'd set up ActionCable here
+  }
+}

data/app/javascript/controllers/settings_inline_edit_sync_controller.js

@@ -0,0 +1,38 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = ["checkbox"]
+
+  connect() {
+    // Sync the checkbox state with localStorage on load
+    const isEnabled = localStorage.getItem('cms-inline-editing-enabled')
+    if (isEnabled !== null) {
+      this.checkboxTarget.checked = isEnabled === 'true'
+    }
+  }
+
+  toggle(event) {
+    const enabled = event.target.checked
+    
+    // Update localStorage to match the settings page toggle
+    localStorage.setItem('cms-inline-editing-enabled', enabled.toString())
+    
+    // Show feedback
+    this.showFeedback(enabled ? 'Inline editing will be enabled after save' : 'Inline editing will be disabled after save')
+  }
+
+  showFeedback(message) {
+    const feedback = document.createElement('div')
+    feedback.textContent = message
+    feedback.className = 'fixed top-4 right-4 bg-gray-800 text-white px-4 py-2 rounded shadow-lg z-[70] transition-opacity'
+    feedback.style.opacity = '0'
+    
+    document.body.appendChild(feedback)
+    
+    setTimeout(() => { feedback.style.opacity = '1' }, 10)
+    setTimeout(() => {
+      feedback.style.opacity = '0'
+      setTimeout(() => { feedback.remove() }, 300)
+    }, 3000)
+  }
+}

data/app/javascript/controllers/settings_override_controller.js

@@ -0,0 +1,45 @@
+import { Controller } from "@hotwired/stimulus"
+
+// Handles the override toggle for settings-based page content
+// Shows/hides the edit form and saves the override preference
+export default class extends Controller {
+  static targets = ["checkbox", "form"]
+  static values = { section: String }
+
+  connect() {
+    this.updateFormVisibility()
+  }
+
+  toggle(event) {
+    const isChecked = event.target.checked
+    const settingsKey = this.sectionValue === 'info' ? 'contact_info_override' : 'contact_hours_override'
+
+    // Save the setting via AJAX
+    fetch('/lean-cms/settings/update_override', {
+      method: 'PATCH',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').content
+      },
+      body: JSON.stringify({
+        key: settingsKey,
+        value: isChecked ? 'true' : 'false'
+      })
+    }).then(response => {
+      if (response.ok) {
+        this.updateFormVisibility()
+      }
+    })
+  }
+
+  updateFormVisibility() {
+    if (this.hasFormTarget) {
+      const isChecked = this.checkboxTarget.checked
+      if (isChecked) {
+        this.formTarget.classList.remove('hidden')
+      } else {
+        this.formTarget.classList.add('hidden')
+      }
+    }
+  }
+}

data/app/mailers/lean_cms/application_mailer.rb

@@ -0,0 +1,6 @@
+module LeanCms
+  class ApplicationMailer < ActionMailer::Base
+    default from: -> { LeanCms.mailer_from }
+    layout "mailer"
+  end
+end

data/app/mailers/lean_cms/passwords_mailer.rb

@@ -0,0 +1,8 @@
+module LeanCms
+  class PasswordsMailer < LeanCms::ApplicationMailer
+    def reset(user)
+      @user = user
+      mail subject: "Reset your password", to: user.email_address
+    end
+  end
+end

data/app/mailers/lean_cms/users_mailer.rb

@@ -0,0 +1,39 @@
+module LeanCms
+  class UsersMailer < LeanCms::ApplicationMailer
+    def invitation(user, magic_link)
+      @user = user
+      @magic_link = magic_link
+      @setup_url = lean_cms_password_setup_url(token: magic_link.token)
+      @site_name = LeanCms.site_name
+
+      mail(
+        to: user.email_address,
+        subject: "You've been invited to #{@site_name} CMS"
+      )
+    end
+
+    def reactivation(user, magic_link)
+      @user = user
+      @magic_link = magic_link
+      @setup_url = lean_cms_password_setup_url(token: magic_link.token)
+      @site_name = LeanCms.site_name
+
+      mail(
+        to: user.email_address,
+        subject: "Your #{@site_name} CMS account has been reactivated"
+      )
+    end
+
+    def admin_triggered_password_reset(user, magic_link)
+      @user = user
+      @magic_link = magic_link
+      @setup_url = lean_cms_password_setup_url(token: magic_link.token)
+      @site_name = LeanCms.site_name
+
+      mail(
+        to: user.email_address,
+        subject: "Password reset requested for #{@site_name} CMS"
+      )
+    end
+  end
+end

data/app/models/lean_cms/current.rb

@@ -0,0 +1,6 @@
+module LeanCms
+  class Current < ActiveSupport::CurrentAttributes
+    attribute :session
+    delegate :user, to: :session, allow_nil: true
+  end
+end

data/app/models/lean_cms/form_submission.rb

@@ -0,0 +1,45 @@
+module LeanCms
+  class FormSubmission < ApplicationRecord
+    self.table_name = 'lean_cms_form_submissions'
+
+    has_paper_trail
+
+    validates :form_type, presence: true
+    validates :email, format: { with: URI::MailTo::EMAIL_REGEXP }, allow_blank: true
+
+    enum :status, { new_submission: 0, read: 1, replied: 2, archived: 3 }
+
+    scope :recent, -> { order(created_at: :desc) }
+    scope :unread, -> { where(status: :new_submission) }
+    scope :quote_requests, -> { where(form_type: 'quote_request') }
+
+    # Mark as read
+    def mark_as_read!
+      update(status: :read)
+    end
+
+    # Mark as replied
+    def mark_as_replied!
+      update(status: :replied)
+    end
+
+    # Get all form data as hash
+    def form_data
+      {
+        name: name,
+        email: email,
+        phone: phone,
+        company_name: company_name,
+        city: city,
+        state: state,
+        zip: zip,
+        message: message
+      }.merge(additional_data || {})
+    end
+
+    # Check if unread
+    def unread?
+      status == 'new_submission'
+    end
+  end
+end

data/app/models/lean_cms/magic_link.rb

@@ -0,0 +1,76 @@
+module LeanCms
+  class MagicLink < ApplicationRecord
+    self.table_name = "lean_cms_magic_links"
+
+    belongs_to :user, class_name: "User"
+
+    PURPOSES = %w[invitation password_reset].freeze
+    EXPIRATION_TIMES = {
+      "invitation" => 24.hours,
+      "password_reset" => 2.hours
+    }.freeze
+
+    validates :token, presence: true, uniqueness: true
+    validates :purpose, presence: true, inclusion: { in: PURPOSES }
+    validates :expires_at, presence: true
+
+    before_validation :generate_token, on: :create
+    before_validation :set_expiration, on: :create
+
+    scope :valid, -> { where(used_at: nil).where("expires_at > ?", Time.current) }
+    scope :expired, -> { where("expires_at <= ?", Time.current) }
+    scope :for_purpose, ->(purpose) { where(purpose: purpose) }
+
+    def self.create_for_invitation(user, created_by_ip: nil)
+      create!(
+        user: user,
+        purpose: "invitation",
+        created_by_ip: created_by_ip
+      )
+    end
+
+    def self.create_for_password_reset(user, created_by_ip: nil)
+      where(user: user).for_purpose("password_reset").valid.update_all(used_at: Time.current)
+
+      create!(
+        user: user,
+        purpose: "password_reset",
+        created_by_ip: created_by_ip
+      )
+    end
+
+    def expired?
+      expires_at <= Time.current
+    end
+
+    def used?
+      used_at.present?
+    end
+
+    def valid_for_use?
+      !expired? && !used?
+    end
+
+    def mark_as_used!(ip_address = nil)
+      update!(used_at: Time.current, used_from_ip: ip_address)
+    end
+
+    def invitation?
+      purpose == "invitation"
+    end
+
+    def password_reset?
+      purpose == "password_reset"
+    end
+
+    private
+
+    def generate_token
+      self.token ||= SecureRandom.urlsafe_base64(32)
+    end
+
+    def set_expiration
+      self.expires_at ||= EXPIRATION_TIMES[purpose].from_now
+    end
+  end
+end

data/app/models/lean_cms/meta_tag.rb

@@ -0,0 +1,30 @@
+module LeanCms
+  class MetaTag < ApplicationRecord
+    self.table_name = 'lean_cms_meta_tags'
+
+    belongs_to :taggable, polymorphic: true
+
+    validates :title, length: { maximum: 60 }, allow_blank: true
+    validates :description, length: { maximum: 160 }, allow_blank: true
+
+    # Get title with fallback
+    def title_with_fallback(fallback = nil)
+      title.presence || fallback
+    end
+
+    # Get description with fallback
+    def description_with_fallback(fallback = nil)
+      description.presence || fallback
+    end
+
+    # Check if has open graph image
+    def has_og_image?
+      og_image_url.present?
+    end
+
+    # Check if has structured data
+    def has_structured_data?
+      structured_data.present? && structured_data.is_a?(Hash)
+    end
+  end
+end

data/app/models/lean_cms/notification_setting.rb

@@ -0,0 +1,69 @@
+module LeanCms
+  class NotificationSetting < ApplicationRecord
+    self.table_name = 'lean_cms_notification_settings'
+
+    # Encrypt sensitive credentials using Rails built-in encryption
+    encrypts :sendgrid_api_key
+    encrypts :mailgun_api_key
+    encrypts :twilio_account_sid
+    encrypts :twilio_auth_token
+
+    # Singleton pattern - only one settings record
+    def self.instance
+      first_or_create! do |setting|
+        setting.email_provider = 'none'
+        setting.email_enabled = false
+        setting.sms_enabled = false
+        setting.in_app_enabled = true
+        setting.notification_emails = '[]'
+        setting.notification_phones = '[]'
+      end
+    end
+
+    def notification_email_list
+      JSON.parse(notification_emails || '[]')
+    end
+
+    def notification_email_list=(emails)
+      self.notification_emails = emails.is_a?(Array) ? emails.to_json : emails
+    end
+
+    def notification_phone_list
+      JSON.parse(notification_phones || '[]')
+    end
+
+    def notification_phone_list=(phones)
+      self.notification_phones = phones.is_a?(Array) ? phones.to_json : phones
+    end
+
+    # Validation
+    validates :email_provider, inclusion: { in: %w[sendgrid mailgun none] }, allow_nil: true
+    validate :email_provider_required_if_enabled
+    validate :credentials_required_if_enabled
+
+    private
+
+    def email_provider_required_if_enabled
+      if email_enabled? && email_provider == 'none'
+        errors.add(:email_provider, 'must be selected when email notifications are enabled')
+      end
+    end
+
+    def credentials_required_if_enabled
+      if email_enabled? && email_provider == 'sendgrid' && sendgrid_api_key.blank?
+        errors.add(:sendgrid_api_key, 'is required when Sendgrid is enabled')
+      end
+
+      if email_enabled? && email_provider == 'mailgun'
+        errors.add(:mailgun_api_key, 'is required when Mailgun is enabled') if mailgun_api_key.blank?
+        errors.add(:mailgun_domain, 'is required when Mailgun is enabled') if mailgun_domain.blank?
+      end
+
+      if sms_enabled?
+        errors.add(:twilio_account_sid, 'is required when SMS is enabled') if twilio_account_sid.blank?
+        errors.add(:twilio_auth_token, 'is required when SMS is enabled') if twilio_auth_token.blank?
+        errors.add(:twilio_from_number, 'is required when SMS is enabled') if twilio_from_number.blank?
+      end
+    end
+  end
+end

data/app/models/lean_cms/page.rb

@@ -0,0 +1,23 @@
+module LeanCms
+  class Page < ApplicationRecord
+    self.table_name = 'lean_cms_pages'
+
+    has_many :page_contents, class_name: 'LeanCms::PageContent', dependent: :destroy
+    belongs_to :parent, class_name: 'Page', foreign_key: 'parent_slug', 
+               primary_key: 'slug', optional: true
+    has_many :children, class_name: 'Page', foreign_key: 'parent_slug', 
+             primary_key: 'slug'
+    
+    validates :slug, presence: true, 
+              uniqueness: { scope: :parent_slug }
+    validates :title, presence: true
+    
+    scope :published, -> { where(published: true) }
+    scope :root_pages, -> { where(parent_slug: nil) }
+    scope :ordered, -> { order(:position, :title) }
+    
+    def full_path
+      parent_slug ? "#{parent_slug}/#{slug}" : slug
+    end
+  end
+end

data/app/models/lean_cms/page_content.rb

@@ -0,0 +1,245 @@
+module LeanCms
+  class PageContent < ApplicationRecord
+    self.table_name = 'lean_cms_page_contents'
+
+    has_paper_trail
+
+    belongs_to :page, class_name: 'LeanCms::Page', optional: true, touch: true
+    belongs_to :last_edited_by, class_name: 'User', optional: true
+
+    # Look up a content record by its (page-slug, section, key) triple, or
+    # build a new one — bypassing the :page association setter so the string
+    # `page` column gets the slug instead of an AssociationTypeMismatch.
+    # `belongs_to :page` shadows the `page` varchar column for mass-assignment;
+    # this helper is the seam every internal write goes through during the
+    # in-progress migration to the normalized LeanCms::Page model.
+    def self.find_or_initialize_content(page:, section:, key:)
+      # Look up against the `page` varchar column explicitly. `where(page: ...)`
+      # would resolve `:page` to the `belongs_to :page` association and emit
+      # `WHERE page_id = NULL`, missing every existing record — which made
+      # re-running load_structure crash on the SQLite unique index.
+      where("page = ? AND section = ? AND key = ?", page.to_s, section.to_s, key.to_s).first ||
+        new(section: section, key: key).tap { |record| record[:page] = page }
+    end
+
+    # Validate the slug column directly (read_attribute) rather than `:page`,
+    # which `belongs_to :page` shadows — a `presence: true` check on the
+    # association would require a loaded LeanCms::Page record, not a slug.
+    validates :section, :key, presence: true
+    # Built-in uniqueness with scope: [:page, :section] resolves `:page` to
+    # the `page_id` association FK (NULL on fresh installs until the legacy
+    # string slug → LeanCms::Page normalization completes), which collapses
+    # the scope to just `:section` and triggers spurious collisions for
+    # repeated keys like `heading` across pages. We check the slug column
+    # directly instead.
+    validate :key_unique_within_page_section
+    validates :content_type, presence: true
+    validate :validate_max_length
+    validate :page_slug_present
+
+    def page_slug
+      read_attribute(:page)
+    end
+
+    # Content types: text, rich_text, image, boolean, url, color, dropdown, cards, bullets
+    enum :content_type, {
+      text: 0,
+      rich_text: 1,
+      image: 2,
+      boolean: 3,
+      url: 4,
+      color: 5,
+      dropdown: 6,
+      cards: 7,
+      bullets: 8
+    }
+
+    # Rich text for rich_text content type
+    has_rich_text :rich_content
+
+    # Image attachment for image content type
+    has_one_attached :image_file
+
+    # Multiple image attachments for cards content type
+    has_many_attached :card_images
+
+    # Scopes
+    scope :for_page, ->(page) { 
+      if page.is_a?(LeanCms::Page)
+        where(page_id: page.id)
+      else
+        where("page = ?", page.to_s)
+      end
+    }
+    scope :for_section, ->(page, section) { 
+      if page.is_a?(LeanCms::Page)
+        where(page_id: page.id, section: section)
+      else
+        where("page = ?", page.to_s).where(section: section)
+      end
+    }
+    scope :ordered, -> { order(:position, :key) }
+
+    # Class methods to fetch content
+    class << self
+      # Get all content for a page grouped by section
+      def page_structure(page)
+        for_page(page).ordered.group_by(&:section).transform_values do |contents|
+          contents.index_by(&:key).transform_values(&:display_value)
+        end
+      end
+
+      # Get all content for a specific section as a hash
+      def section_content(page, section)
+        for_section(page, section).ordered.index_by(&:key).transform_values(&:display_value)
+      end
+
+      # Get a single field value
+      def field_value(page, section, key, default: nil)
+        if page.is_a?(LeanCms::Page)
+          find_by(page_id: page.id, section: section, key: key)&.display_value || default
+        else
+          find_by("page = ? AND section = ? AND key = ?", page.to_s, section.to_s, key.to_s)&.display_value || default
+        end
+      end
+    end
+
+    # Get the display value based on content type
+    def display_value
+      case content_type.to_sym
+      when :text
+        value.presence || content
+      when :rich_text
+        rich_content.present? ? rich_content.to_s : value.presence || content
+      when :image
+        image_file.attached? ? image_file : (value.presence || content)
+      when :boolean
+        # Store as string "true"/"false", return as boolean
+        value == "true" || value == true || value == "1"
+      when :url
+        value.presence || content
+      when :color
+        value.presence || content
+      when :dropdown
+        value.presence || content
+      when :cards
+        # Cards are stored as JSON in the value field
+        parse_cards_json
+      when :bullets
+        # Bullets are stored as JSON array
+        parse_bullets_json
+      else
+        value.presence || content
+      end
+    end
+
+    # Parse cards JSON data
+    def parse_cards_json
+      return [] unless cards?
+
+      cards_data = if value.present?
+        JSON.parse(value) rescue []
+      elsif content.present?
+        JSON.parse(content) rescue []
+      else
+        []
+      end
+
+      # Return cards data as-is, image attachments will be looked up separately when needed
+      cards_data.map { |card| card.with_indifferent_access }
+    end
+
+    # Get image attachment for a specific card by image_id
+    def card_image(image_id)
+      return nil unless image_id.present? && card_images.attached?
+      card_images.find { |img| img.blob.id.to_s == image_id.to_s }
+    end
+
+    # Parse bullets JSON data (similar to cards)
+    def parse_bullets_json
+      return [] unless bullets?
+
+      if value.present?
+        JSON.parse(value) rescue []
+      elsif content.present?
+        JSON.parse(content) rescue []
+      else
+        []
+      end
+    end
+
+    # Set the value based on content type
+    def set_value(new_value)
+      case content_type.to_sym
+      when :boolean
+        self.value = new_value.to_s
+      when :rich_text
+        self.rich_content = new_value
+        self.value = new_value.to_s if new_value.present?
+      when :cards
+        # Store cards as JSON
+        self.value = new_value.is_a?(String) ? new_value : new_value.to_json
+      else
+        self.value = new_value.to_s
+      end
+    end
+
+    # Get parsed options for dropdown fields
+    def parsed_options
+      return [] unless dropdown?
+
+      if options.is_a?(Array)
+        options
+      elsif options.is_a?(Hash)
+        options['options'] || []
+      else
+        []
+      end
+    end
+
+    # Get max_length from options (for text fields)
+    def max_length
+      return nil unless options.is_a?(Hash)
+      options['max_length']&.to_i
+    end
+
+    private
+
+    # Custom presence check that reads the `page` varchar column directly
+    # rather than going through the `belongs_to :page` association.
+    def page_slug_present
+      errors.add(:page, "can't be blank") if page_slug.blank?
+    end
+
+    # Custom uniqueness check scoped on the slug column, not the
+    # association FK. See validate :key_unique_within_page_section above.
+    def key_unique_within_page_section
+      return if page_slug.blank? || section.blank? || key.blank?
+
+      scope = self.class
+                  .where(page: page_slug, section: section, key: key)
+      scope = scope.where.not(id: id) if persisted?
+      errors.add(:key, "has already been taken") if scope.exists?
+    end
+
+    # Validate value doesn't exceed max_length
+    def validate_max_length
+      return unless max_length.present? && max_length > 0
+      return unless text? || rich_text?
+
+      content_value = value.presence || content
+      return if content_value.blank?
+
+      # Strip HTML tags for rich_text to get actual character count
+      plain_text = if rich_text?
+        ActionController::Base.helpers.strip_tags(content_value.to_s)
+      else
+        content_value.to_s
+      end
+
+      if plain_text.length > max_length
+        errors.add(:value, "exceeds maximum length of #{max_length} characters (currently #{plain_text.length})")
+      end
+    end
+  end
+end