RubyGems - pageflow - Versions diffs - 12.0.4 → 12.1.0 - Mend

pageflow 12.0.4 → 12.1.0

Potentially problematic release.

This version of pageflow might be problematic. Click here for more details.

Files changed (217) hide show

data/app/models/pageflow/invitation_form.rb CHANGED Viewed

@@ -36,17 +36,23 @@ module Pageflow
         initial_account && initial_account.users.find_by_email(user.email)
     end
+    def initial_account
+      @initial_account ||=
+        if initial_account_id
+          available_accounts.find_by_id(initial_account_id)
+        else
+          available_accounts.first
+        end
+    end
     private
     def existing_user
       @existing_user ||=
+        Pageflow.config.allow_multiaccount_users &&
         User.find_by_email(user.email)
     end
-    def initial_account
-      @initial_account ||= available_accounts.find_by_id(initial_account_id)
-    end
     def initial_account_id
       @attributes.fetch(:membership, {})[:entity_id]
     end

data/app/models/pageflow/managed_user_query.rb ADDED Viewed

@@ -0,0 +1,44 @@
+module Pageflow
+  # @api private
+  class ManagedUserQuery < ApplicationQuery
+    class Scope < Scope
+      def initialize(current_user, scope)
+        @current_user = current_user
+        @scope = scope
+      end
+      def resolve
+        if current_user.admin?
+          scope.all
+        else
+          scope
+            .distinct
+            .joins(account_memberships)
+            .joins(account_manager_memberships_of_current_user)
+        end
+      end
+      private
+      attr_reader :current_user, :scope
+      def account_memberships
+        <<-SQL
+          INNER JOIN pageflow_memberships account_memberships ON
+          account_memberships.user_id = users.id AND
+          account_memberships.entity_type = "Pageflow::Account"
+        SQL
+      end
+      def account_manager_memberships_of_current_user
+        sanitize_sql(<<-SQL, user_id: current_user.id)
+          INNER JOIN pageflow_memberships account_manager_memberships ON
+          account_manager_memberships.entity_type = account_memberships.entity_type AND
+          account_manager_memberships.entity_id = account_memberships.entity_id AND
+          account_manager_memberships.user_id = :user_id AND
+          account_manager_memberships.role = "manager"
+        SQL
+      end
+    end
+  end
+end

data/app/models/pageflow/membership.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Pageflow
-  class Membership < ActiveRecord::Base
+  class Membership < ApplicationRecord
     belongs_to :user
     belongs_to :entity, polymorphic: true
     belongs_to :entry,

data/app/models/pageflow/overview_button.rb CHANGED Viewed

@@ -1,15 +1,14 @@
 module Pageflow
   class OverviewButton
-    attr_reader :revision, :theming
+    attr_reader :revision
-    def initialize(revision, theming)
+    def initialize(revision)
       @revision = revision
-      @theming = theming
     end
     def enabled?
       revision.overview_button_enabled? &&
-        theming.theme.has_overview_button?
+        revision.theme.has_overview_button?
     end
     def enabled_value

data/app/models/pageflow/page.rb CHANGED Viewed

@@ -1,13 +1,13 @@
 module Pageflow
-  class Page < ActiveRecord::Base
+  class Page < ApplicationRecord
+    include SerializedConfiguration
     belongs_to :chapter, :touch => true
     attr_accessor :is_first
     validates_inclusion_of :template, :in => ->(_) { Pageflow.config.page_types.names }
-    serialize :configuration, JSON
     scope :displayed_in_navigation, -> { where(:display_in_navigation => true) }
     before_save :ensure_perma_id
@@ -28,10 +28,6 @@ module Pageflow
       Pageflow.config.page_types.find_by_name!(template)
     end
-    def configuration
-      super || {}
-    end
     def configuration=(value)
       self.display_in_navigation = value['display_in_navigation']
       super

data/app/models/pageflow/potential_memberships.rb ADDED Viewed

@@ -0,0 +1,112 @@
+module Pageflow
+  # @api private
+  class PotentialMemberships
+    def initialize(current_user)
+      @current_user = current_user
+    end
+    def self.creatable_by(user)
+      new(user)
+    end
+    def accounts_for_user(user)
+      exclude_accounts_with_membership(user, managed_accounts)
+    end
+    def entries_for_user(user)
+      exclude_entries_with_membership(user, entries_managed_by_current_user_in_accounts_of(user))
+    end
+    def users_for_account(account)
+      exclude_users_with_membership(account, users_of_managed_accounts)
+    end
+    def users_for_entry(entry)
+      return User.none unless manages_entry?(entry)
+      exclude_users_with_membership(entry, entry.account.users)
+    end
+    private
+    def managed_accounts
+      if @current_user.admin?
+        Account.all
+      else
+        AccountRoleQuery::Scope
+          .new(@current_user, Account)
+          .with_role_at_least(:manager)
+      end
+    end
+    def entries_managed_by_current_user_in_accounts_of(user)
+      EntryRoleQuery::Scope
+        .new(user, entries_managed_by_current_user, table_alias_prefix: 'member')
+        .with_account_role_at_least(:member)
+    end
+    def entries_managed_by_current_user
+      if @current_user.admin?
+        Entry.all
+      else
+        EntryRoleQuery::Scope
+          .new(@current_user, Entry, table_alias_prefix: 'manager')
+          .with_role_at_least(:manager)
+      end
+    end
+    def users_of_managed_accounts
+      ManagedUserQuery::Scope
+        .new(@current_user, User)
+        .resolve
+    end
+    def manages_entry?(entry)
+      @current_user.admin? ||
+        EntryRoleQuery.new(@current_user, entry).has_at_least_role?(:manager)
+    end
+    def exclude_accounts_with_membership(user, accounts)
+      accounts
+        .joins(existing_memberships_of(user, Account))
+        .where(existing_membership_is_missing)
+    end
+    def exclude_entries_with_membership(user, entries)
+      entries
+        .joins(existing_memberships_of(user, Entry))
+        .where(existing_membership_is_missing)
+    end
+    def exclude_users_with_membership(entity, users)
+      users
+        .joins(existing_memberships_on(entity))
+        .where(existing_membership_is_missing)
+    end
+    def existing_memberships_of(user, entity_model)
+      sanitize_sql_array(['LEFT OUTER JOIN pageflow_memberships existing_memberships ON ' \
+                          'existing_memberships.user_id = :user_id AND ' \
+                          "existing_memberships.entity_id = #{entity_model.table_name}.id AND " \
+                          'existing_memberships.entity_type = :entity_type',
+                          user_id: user.id,
+                          entity_type: entity_model.name])
+    end
+    def existing_memberships_on(entity)
+      sanitize_sql_array(['LEFT OUTER JOIN pageflow_memberships existing_memberships ON ' \
+                          'existing_memberships.user_id = users.id AND ' \
+                          'existing_memberships.entity_id = :entity_id AND ' \
+                          'existing_memberships.entity_type = :entity_type',
+                          entity_id: entity.id,
+                          entity_type: entity.class.name])
+    end
+    def existing_membership_is_missing
+      'existing_memberships.id IS NULL'
+    end
+    def sanitize_sql_array(array)
+      ActiveRecord::Base.send(:sanitize_sql_array, array)
+    end
+  end
+end

data/app/models/pageflow/published_entry.rb CHANGED Viewed

@@ -23,6 +23,7 @@ module Pageflow
              :share_url, :share_image_id, :share_image_x, :share_image_y,
              :locale,
              :author, :publisher, :keywords,
+             :theme,
              :password_protected?,
              :to => :revision)
@@ -68,7 +69,7 @@ module Pageflow
     end
     def overview_button
-      OverviewButton.new(revision, theming)
+      OverviewButton.new(revision)
     end
     def resolve_widgets(options = {})

data/app/models/pageflow/revision.rb CHANGED Viewed

@@ -1,21 +1,24 @@
 module Pageflow
-  class Revision < ActiveRecord::Base
+  class Revision < ApplicationRecord
     PAGE_ORDER = [
       'pageflow_storylines.position ASC',
       'pageflow_chapters.position ASC',
       'pageflow_pages.position ASC'
     ].join(',')
+    include ThemeReferencer
     belongs_to :entry, touch: :edited_at
     belongs_to :creator, :class_name => 'User'
     belongs_to :restored_from, :class_name => 'Pageflow::Revision'
-    has_many :widgets, :as => :subject
-    has_many :storylines, -> { order('pageflow_storylines.position ASC') }
+    has_many :widgets, as: :subject, dependent: :destroy
+    has_many :storylines, -> { order('pageflow_storylines.position ASC') }, dependent: :destroy
     has_many :chapters, -> { order('position ASC') }, through: :storylines
     has_many :pages, -> { reorder(PAGE_ORDER) }, through: :storylines
-    has_many :file_usages
+    has_many :file_usages, dependent: :destroy
     has_many :image_files, -> { extending WithFileUsageExtension },
     :through => :file_usages, :source => :file, :source_type => 'Pageflow::ImageFile'
@@ -37,6 +40,8 @@ module Pageflow
     scope :publications, -> { where('published_at IS NOT NULL') }
     scope :publications_and_user_snapshots, -> { where('published_at IS NOT NULL OR snapshot_type = "user"') }
+    scope :user_snapshots, -> { where(snapshot_type: 'user') }
+    scope :auto_snapshots, -> { where(snapshot_type: 'auto') }
     validates :entry, :presence => true
     validates :creator, :presence => true, :if => :published?
@@ -148,5 +153,9 @@ module Pageflow
     def published_at_blank?
       published_at.blank?
     end
+    def available_themes
+      Pageflow.config_for(entry).themes
+    end
   end
 end

data/app/models/pageflow/storyline.rb CHANGED Viewed

@@ -1,16 +1,15 @@
 module Pageflow
-  class Storyline < ActiveRecord::Base
+  class Storyline < ApplicationRecord
+    include SerializedConfiguration
     include RevisionComponent
     belongs_to :revision, touch: true
-    has_many :chapters, -> { order('pageflow_chapters.position ASC') }
+    has_many :chapters, -> { order('pageflow_chapters.position ASC') }, dependent: :destroy
     has_many :pages, through: :chapters
     delegate :entry, to: :revision
-    serialize :configuration, JSON
     def copy_to(revision)
       storyline = dup
       revision.storylines << storyline

data/app/models/pageflow/text_track_file.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Pageflow
-  class TextTrackFile < ActiveRecord::Base
+  class TextTrackFile < ApplicationRecord
     include HostedFile
     processing_state_machine do

data/app/models/pageflow/theming.rb CHANGED Viewed

@@ -1,7 +1,9 @@
 module Pageflow
-  class Theming < ActiveRecord::Base
+  class Theming < ApplicationRecord
+    include ThemeReferencer
     belongs_to :account
-    has_many :widgets, as: :subject
+    has_many :widgets, as: :subject, dependent: :destroy
     has_many :entries
@@ -9,7 +11,6 @@ module Pageflow
     scope :for_request, ->(request) { Pageflow.config.theming_request_scope.call(all, request) }
     validates :account, :presence => true
-    validates_inclusion_of :theme_name, :in => ->(_) { Pageflow.config.themes.names }
     def resolve_widgets(options = {})
       widgets.resolve(Pageflow.config_for(account), options)
@@ -19,25 +20,29 @@ module Pageflow
       cname.split('.').pop(2).join('.')
     end
-    def theme
-      Pageflow.config.themes.get(theme_name)
-    end
     def name
       I18n.t('pageflow.admin.themings.name', :account_name => account.name, :theme_name => theme_name)
     end
     def copy_defaults_to(revision)
       widgets.copy_all_to(revision)
-      copy_default_meta_tags(revision)
+      copy_attributes_to(revision)
     end
-    def copy_default_meta_tags(revision)
+    private
+    def copy_attributes_to(revision)
       revision.update(
         author: default_author.presence || Pageflow.config.default_author_meta_tag,
         publisher: default_publisher.presence || Pageflow.config.default_publisher_meta_tag,
-        keywords: default_keywords.presence || Pageflow.config.default_keywords_meta_tag
+        keywords: default_keywords.presence || Pageflow.config.default_keywords_meta_tag,
+        theme_name: theme_name,
+        home_button_enabled: home_button_enabled_by_default
       )
     end
+    def available_themes
+      Pageflow.config_for(account).themes
+    end
   end
 end

data/app/models/pageflow/url_template.rb CHANGED Viewed

@@ -1,13 +1,19 @@
 module Pageflow
   module UrlTemplate
-    module_function
+    extend self
     def from_attachment(attachment, *style)
       insert_id_partition_placeholder(attachment.url(*style))
     end
+    private
     def insert_id_partition_placeholder(url)
-      url.gsub(%r'(\d{3}/)+', ':id_partition/')
+      replace_last_group_of_digit_segments(url, with: '/:id_partition/')
+    end
+    def replace_last_group_of_digit_segments(str, with:)
+      str.reverse.sub(%r'/(\d{3}/)+', with.reverse).reverse
     end
   end
 end

data/app/models/pageflow/user_name_query.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Pageflow
+  # @api private
+  class UserNameQuery < ApplicationQuery
+    class Scope < Scope
+      def initialize(term, scope)
+        @term = term
+        @scope = scope
+      end
+      def resolve
+        scope.where(word_conditions(term))
+      end
+      private
+      attr_reader :term, :scope
+      def word_conditions(term)
+        term.split(' ').map { |word|
+          word_condition(word)
+        }.join(' AND ')
+      end
+      def word_condition(word)
+        sanitize_sql('(users.first_name LIKE :word OR users.last_name LIKE :word)',
+                     word: "%#{word}%")
+      end
+    end
+  end
+end

data/app/models/pageflow/video_file.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Pageflow
-  class VideoFile < ActiveRecord::Base
+  class VideoFile < ApplicationRecord
     include HostedFile
     include EncodedFileStateMachine
     include OutputSource
@@ -43,6 +43,10 @@ module Pageflow
       "s3://#{File.join(attachment_on_s3.bucket_name, attachment_on_s3.path)}"
     end
+    def encode_highdef?
+      entry.feature_state('highdef_video_encoding')
+    end
     def mp4_4k
       ZencoderAttachment.new(self, '4k.mp4')
     end

data/app/models/pageflow/widget.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 module Pageflow
-  class Widget < ActiveRecord::Base
+  class Widget < ApplicationRecord
+    include SerializedConfiguration
     belongs_to :subject, polymorphic: true, touch: true
     validates :subject, presence: true

data/app/models/pageflow/zencoder_attachment.rb CHANGED Viewed

@@ -1,12 +1,13 @@
+require 'uri'
 module Pageflow
   class ZencoderAttachment
     cattr_accessor :default_options
     self.default_options = {
-      path: "/:zencoder_asset_version/:host/:class/:id_partition/:filename",
-      url: ":zencoder_protocol//:zencoder_host_alias:zencoder_path",
-      hls_url: ":zencoder_protocol//:zencoder_hls_host_alias:zencoder_path",
-      hls_origin_url: ":zencoder_protocol//:zencoder_hls_origin_host_alias:zencoder_path"
+      path: '/:zencoder_asset_version/:host/:class/:id_partition/:filename',
+      url: ':zencoder_protocol//:zencoder_host_alias:zencoder_path',
+      hls_url: ':zencoder_protocol//:zencoder_hls_host_alias:zencoder_path',
+      hls_origin_url: ':zencoder_protocol//:zencoder_hls_origin_host_alias:zencoder_path'
     }
     attr_reader :file_name_pattern, :instance, :options, :styles
@@ -44,6 +45,16 @@ module Pageflow
                               url_options)
     end
+    def url_relative_to(attachment)
+      dir_path = File.dirname(URI.parse(attachment.url).path)
+      unless URI.parse(url).path.start_with?(dir_path)
+        raise("Could not generate relative url for #{url} based on #{attachment.url}.")
+      end
+      url.split("#{dir_path}/", 2).last
+    end
     private
     def ensure_default_protocol(url, url_options)

data/app/policies/pageflow/account_policy.rb CHANGED Viewed

@@ -1,18 +1,19 @@
 module Pageflow
   class AccountPolicy < ApplicationPolicy
     class Scope < Scope
-      attr_reader :user, :scope
+      attr_reader :user, :scope, :query
       def initialize(user, scope)
         @user = user
         @scope = scope
+        @query = AccountRoleQuery::Scope.new(user, scope)
       end
       def resolve
         if user.admin?
           scope.all
         else
-          scope.joins(memberships_for_account(user)).where(membership_is_present)
+          query.with_role_at_least(:member)
         end
       end
@@ -20,7 +21,7 @@ module Pageflow
         if user.admin?
           scope.all
         else
-          scope.joins(publisher_memberships_for_account(user)).where(membership_is_present)
+          query.with_role_at_least(:publisher)
         end
       end
@@ -40,53 +41,21 @@ module Pageflow
         if user.admin?
           scope.all
         else
-          scope.joins(manager_memberships_for_account(user)).where(membership_is_present)
+          query.with_role_at_least(:manager)
         end
       end
-      private
-      def memberships_for_account(user)
-        sanitize_sql_array(['LEFT OUTER JOIN pageflow_memberships ON ' \
-                            'pageflow_memberships.user_id = :user_id AND ' \
-                            'pageflow_memberships.entity_id = pageflow_accounts.id AND ' \
-                            'pageflow_memberships.entity_type = "Pageflow::Account" AND ' \
-                            'pageflow_memberships.role IN '\
-                            '("member", "previewer", "editor", "publisher", "manager")',
-                            user_id: user.id])
-      end
-      def publisher_memberships_for_account(user)
-        sanitize_sql_array(['LEFT OUTER JOIN pageflow_memberships ON ' \
-                            'pageflow_memberships.user_id = :user_id AND ' \
-                            'pageflow_memberships.entity_id = pageflow_accounts.id AND ' \
-                            'pageflow_memberships.entity_type = "Pageflow::Account" AND ' \
-                            'pageflow_memberships.role IN ("publisher", "manager")',
-                            user_id: user.id])
-      end
-      def manager_memberships_for_account(user)
-        sanitize_sql_array(['LEFT OUTER JOIN pageflow_memberships ON ' \
-                            'pageflow_memberships.user_id = :user_id AND ' \
-                            'pageflow_memberships.entity_id = pageflow_accounts.id AND ' \
-                            'pageflow_memberships.entity_type = "Pageflow::Account" AND ' \
-                            'pageflow_memberships.role IN ("manager")',
-                            user_id: user.id])
-      end
-      def membership_is_present
-        'pageflow_memberships.entity_id IS NOT NULL'
-      end
     end
+    attr_reader :user, :query
     def initialize(user, account)
       @user = user
       @account = account
+      @query = AccountRoleQuery.new(user, account)
     end
     def publish?
-      @user.admin? ||
-        allows?(%w(publisher manager))
+      user.admin? || query.has_at_least_role?(:publisher)
     end
     def configure_folder_on?
@@ -97,49 +66,50 @@ module Pageflow
       publish?
     end
-    def manage?
-      @user.admin? ||
-        allows?(%w(manager))
-    end
     def read?
-      manage?
+      user.admin? ||
+        (query.has_at_least_role?(:manager) &&
+         Pageflow.config.allow_multiaccount_users)
     end
     def update?
-      manage?
+      read?
+    end
+    def update_feature_configuration_on?
+      user.admin? ||
+        (!permissions_config.only_admins_may_update_features &&
+         read?)
     end
     def add_member_to?
-      manage?
+      Pageflow.config.allow_multiaccount_users &&
+        (user.admin? ||
+         query.has_at_least_role?(:manager))
     end
     def edit_role_on?
-      manage?
+      user.admin? || query.has_at_least_role?(:manager)
     end
     def destroy_membership_on?
-      manage?
+      add_member_to?
     end
     def admin?
-      @user.admin?
+      user.admin?
     end
     def see_badge_belonging_to?
-      (@account.entries & @user.entries).any? ||
-        @user.memberships.on_accounts.as_previewer_or_above.where(entity: @account).any? ||
-        @user.admin?
+      (@account.entries & user.entries).any? ||
+        query.has_at_least_role?(:previewer) ||
+        user.admin?
     end
     def index?
-      admin? || @user.memberships.on_accounts.as_manager.any?
-    end
-    private
-    def allows?(roles)
-      @user.memberships.where(role: roles, entity: @account).any?
+      admin? ||
+        (Pageflow.config.allow_multiaccount_users &&
+         @user.memberships.on_accounts.as_manager.any?)
     end
   end
 end

data/app/policies/pageflow/application_policy.rb CHANGED Viewed

@@ -7,5 +7,11 @@ module Pageflow
         ActiveRecord::Base.send(:sanitize_sql_array, array)
       end
     end
+    protected
+    def permissions_config
+      Pageflow.config.permissions
+    end
   end
 end