pages_core 3.4.3 → 3.5.1

data/app/controllers/concerns/pages_core/policies_helper.rb

@@ -8,10 +8,7 @@ module PagesCore
 
     module ClassMethods
       def require_authorization(collection, member, options = {})
-        options = {
-          collection: [:index, :new, :create],
-          member:     [:show, :edit, :update, :destroy]
-        }.merge(options)
+        options = default_options.merge(options)
         before_action do |controller|
           action = params[:action].to_sym
           if options[:collection].include?(action)
@@ -21,6 +18,13 @@ module PagesCore
           end
         end
       end
+
+      def default_options
+        {
+          collection: [:index, :new, :create],
+          member:     [:show, :edit, :update, :destroy]
+        }
+      end
     end
 
     def policy(object)
@@ -33,8 +37,8 @@ module PagesCore
     end
 
     def verify_policy(record)
-      return true if policy(record).public_send(params[:action] + "?")
-      fail PagesCore::NotAuthorized
+      return true if policy(record).public_send(action_name + "?")
+      raise PagesCore::NotAuthorized
     end
   end
 end

data/app/controllers/concerns/pages_core/preview_pages_controller.rb

@@ -0,0 +1,43 @@
+# encoding: utf-8
+
+module PagesCore
+  module PreviewPagesController
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :disable_xss_protection, only: [:preview]
+    end
+
+    def preview
+      redirect_to(page_url(@locale, @page)) && return unless logged_in?
+      @page.attributes = page_params.merge(
+        status: 2,
+        published_at: Time.zone.now,
+        locale: @locale,
+        redirect_to: nil
+      )
+      render_page
+    end
+
+    private
+
+    def disable_xss_protection
+      # Disabling this is probably not a good idea,
+      # but the header causes Chrome to choke when being
+      # redirected back after a submit and the page contains an iframe.
+      response.headers["X-XSS-Protection"] = "0"
+    end
+
+    def permitted_page_attributes
+      [:template, :user_id, :status, :feed_enabled, :published_at,
+       :redirect_to, :comments_allowed, :image_link, :news_page,
+       :unique_name, :pinned, :parent_page_id]
+    end
+
+    def page_params
+      params.require(:page).permit(
+        Page.localized_attributes + permitted_page_attributes
+      )
+    end
+  end
+end

data/app/controllers/concerns/pages_core/process_titler.rb

@@ -32,13 +32,13 @@ module PagesCore
     def set_process_title
       PagesCore::ProcessTitler.inc_number_of_requests do |i|
         $0 = PagesCore::ProcessTitler.original_title +
-          ": Handling #{request.path} (#{i} reqs)"
+             ": Handling #{request.path} (#{i} reqs)"
       end
     end
 
     def unset_process_title
       $0 = PagesCore::ProcessTitler.original_title +
-        ": Idle (#{PagesCore::ProcessTitler.number_of_requests} reqs)"
+           ": Idle (#{PagesCore::ProcessTitler.number_of_requests} reqs)"
     end
   end
 end

data/app/controllers/concerns/pages_core/rss_controller.rb

@@ -0,0 +1,25 @@
+# encoding: utf-8
+
+module PagesCore
+  module RssController
+    extend ActiveSupport::Concern
+
+    private
+
+    def all_feed_items
+      feeds = Page.enabled_feeds(locale, include_hidden: true)
+      Page.where(parent_page_id: feeds)
+          .order("published_at DESC")
+          .published
+          .limit(20)
+          .localized(locale)
+    end
+
+    def render_rss(items, title: nil)
+      @title = PagesCore.config.site_name
+      @title += ": #{title}" if title
+      @items = items
+      render template: "feeds/pages", layout: false
+    end
+  end
+end

data/app/controllers/concerns/pages_core/search_pages_controller.rb

@@ -0,0 +1,40 @@
+# encoding: utf-8
+
+module PagesCore
+  module SearchPagesController
+    extend ActiveSupport::Concern
+
+    def search
+      @search_query = params[:q] || params[:query] || ""
+      @search_category_id = params[:category_id]
+
+      @pages = Page.search(
+        normalize_search_query(@search_query),
+        search_options(category_id: @search_category_id)
+      )
+      @pages.each { |p| p.localize!(locale) }
+      @pages
+    end
+
+    private
+
+    def normalize_search_query(str)
+      str.split(/\s+/)
+         .map { |p| "#{p}*" }
+         .join(" ")
+    end
+
+    def search_options(category_id: nil)
+      options = {
+        page:      (params[:page] || 1).to_i,
+        per_page:  20,
+        include:   [:localizations, :categories, :image, :author],
+        order:     :published_at,
+        sort_mode: :desc,
+        with:      { status: 2, autopublish: 0 }
+      }
+      options[:with][:category_ids] = category_id unless category_id.blank?
+      options
+    end
+  end
+end

data/app/controllers/errors_controller.rb

@@ -19,6 +19,18 @@ class ErrorsController < ::ApplicationController
     render_error params[:id].to_i
   end
 
+  def not_found
+    render_error 404
+  end
+
+  def unacceptable
+    render_error 422
+  end
+
+  def internal_error
+    render_error 500
+  end
+
   private
 
   def deliver_error_report(report, from, description)
@@ -39,7 +51,7 @@ class ErrorsController < ::ApplicationController
 
   def error_report_path
     Rails.root
-      .join("log", "error_reports")
-      .join("#{session[:error_report]}.yml")
+         .join("log", "error_reports")
+         .join("#{session[:error_report]}.yml")
   end
 end

data/app/controllers/pages_core/admin_controller.rb

@@ -11,6 +11,13 @@ module PagesCore
 
     layout "admin"
 
+    class << self
+      # Get name of class with in lowercase, with underscores.
+      def underscore
+        ActiveSupport::Inflector.underscore(to_s).split("/").last
+      end
+    end
+
     def redirect
       if Page.news_pages.any?
         redirect_to news_admin_pages_url(@locale)
@@ -65,11 +72,6 @@ module PagesCore
 
     # --- HELPERS ---
 
-    # Get name of class with in lowercase, with underscores.
-    def self.underscore
-      ActiveSupport::Inflector.underscore(to_s).split(/\//).last
-    end
-
     # Add a stylesheet
     def add_stylesheet(css_file)
       @admin_stylesheets ||= []

data/app/controllers/pages_core/frontend/page_files_controller.rb

@@ -6,7 +6,7 @@ module PagesCore
       before_action :find_page_file, only: [:show, :edit, :update, :destroy]
 
       def show
-        if !modified?(@page_file)
+        unless modified?(@page_file)
           render(text: "304 Not Modified", status: 304) && return
         end
 
@@ -14,12 +14,10 @@ module PagesCore
           response.headers["Last-Modified"] = @page_file.updated_at.httpdate
         end
 
-        send_data(
-          @page_file.data,
-          filename:    @page_file.filename,
-          type:        @page_file.content_type,
-          disposition: "attachment"
-        )
+        send_data(@page_file.data,
+                  filename: @page_file.filename,
+                  type: @page_file.content_type,
+                  disposition: "attachment")
       end
 
       private

data/app/controllers/pages_core/frontend/pages_controller.rb

@@ -7,113 +7,37 @@ module PagesCore
       include PagesCore::Templates::ControllerActions
       include PagesCore::HeadTagsHelper
 
+      include PagesCore::AddCommentsController
+      include PagesCore::PreviewPagesController
+      include PagesCore::RssController
+      include PagesCore::SearchPagesController
+
       caches_page :index if PagesCore.config(:page_cache)
 
-      before_action :disable_xss_protection, only: [:preview]
       before_action :load_root_pages
+      before_action :find_page_by_path, only: [:show]
       before_action :find_page, only: [:show, :preview, :add_comment]
+      before_action :require_page, only: [:show, :preview, :add_comment]
       before_action :canonicalize_url, only: [:show]
       after_action :cache_page_request, only: [:show]
 
       def index
         respond_to do |format|
-          format.html do
-            if self.respond_to?(:no_page_given)
-              no_page_given
-            elsif root_pages.any?
-              @page = root_pages.first
-              render_page
-            else
-              render_error 404
-            end
-          end
-          format.rss do
-            render_rss(all_feed_items)
-          end
+          format.html { render_published_page(root_pages.try(&:first)) }
+          format.rss { render_rss(all_feed_items) }
         end
       end
 
       def show
         respond_to do |format|
-          format.html do
-            if @page && @page.published?
-              render_page
-            else
-              render_error 404
-            end
-          end
-          format.rss do
-            render_rss(
-              @page.pages.limit(20),
-              title: "#{PagesCore.config(:side_name)}: #{@page.name}"
-            )
-          end
-          format.json do
-            render json: @page
-          end
+          format.html { render_published_page(@page) }
+          format.rss { render_rss(@page.pages.limit(20), title: @page.name) }
+          format.json { render json: @page }
         end
       end
 
-      # Add a comment to a page. Recaptcha is performed if
-      # PagesCore.config(:recaptcha) is set.
-      def add_comment
-        @comment = new_comment(@page)
-
-        unless captcha_verified?
-          @comment.invalid_captcha = true
-          render_page
-          return
-        end
-
-        if @page.comments_allowed? && !honeypot_triggered?
-          @comment.save
-          if PagesCore.config(:comment_notifications)
-            deliver_comment_notifications(@page, @comment)
-          end
-        end
-
-        redirect_to(page_url(@locale, @page))
-      end
-
-      # Search pages
-      def search
-        @search_query = params[:q] || params[:query] || ""
-        @search_category_id = params[:category_id]
-
-        @pages = Page.search(
-          normalize_search_query(@search_query),
-          search_options(category_id: @search_category_id)
-        )
-        @pages.each { |p| p.localize!(locale) }
-        @pages
-      end
-
-      def preview
-        redirect_to(page_url(@locale, @page)) && return unless logged_in?
-
-        @page.attributes = page_params.merge(
-          status: 2,
-          published_at: Time.now,
-          locale: @locale,
-          redirect_to: nil
-        )
-
-        render_page
-      end
-
       private
 
-      def all_feed_items
-        Page
-          .where(
-            parent_page_id: Page.enabled_feeds(locale, include_hidden: true)
-          )
-          .order("published_at DESC")
-          .published
-          .limit(20)
-          .localized(locale)
-      end
-
       def canonical_path(page)
         if page.redirects?
           page.redirect_path(locale: page.locale)
@@ -123,22 +47,11 @@ module PagesCore
       end
 
       def canonicalize_url
-        unless @page.redirects?
-          if request.path != canonical_path(@page)
-            redirect_to canonical_path(@page)
-          end
-        end
-      end
-
-      def disable_xss_protection
-        # Disabling this is probably not a good idea,
-        # but the header causes Chrome to choke when being
-        # redirected back after a submit and the page contains an iframe.
-        response.headers['X-XSS-Protection'] = "0"
-      end
-
-      def preview?
-        @page.new_record?
+        return if @page.redirects?
+        return if request.path == canonical_path(@page)
+        # Don't canonicalize if any unknown params are present
+        return if (params.keys - %w(controller action path locale id)).any?
+        redirect_to(canonical_path(@page), status: :moved_permanently)
       end
 
       def render(*args)
@@ -151,10 +64,6 @@ module PagesCore
         super
       end
 
-      def rendered?
-        @already_rendered ? true : false
-      end
-
       def page_template(page)
         if PagesCore::Templates.names.include?(page.template)
           page.template
@@ -164,144 +73,57 @@ module PagesCore
       end
 
       def render_page
-        if @page.redirects?
-          redirect_to(@page.redirect_path(locale: @locale))
-          return
-        end
+        return if redirect_page(@page)
 
         unless document_title?
-          if @page.meta_title?
-            document_title(@page.meta_title)
-          else
-            document_title(@page.name)
-          end
+          document_title(@page.meta_title? ? @page.meta_title : @page.name)
         end
 
-        # Call template method
         template = page_template(@page)
-
         run_template_actions_for(template, @page)
-
-        @page_template_layout = false if @disable_layout
-
-        return if rendered?
-
-        if instance_variables.include?("@page_template_layout")
-          render(
-            template: "pages/templates/#{template}",
-            layout: @page_template_layout
-          )
-        else
-          render template: "pages/templates/#{template}"
-        end
+        return if @already_rendered
+        render template: "pages/templates/#{template}"
       end
 
       # Cache pages by hand. This is dirty, but it works.
       def cache_page_request
         status_code = response.status.try(&:to_i)
         unless status_code == 200 &&
-            PagesCore.config(:page_cache) &&
-            @page && @locale
+               PagesCore.config(:page_cache) &&
+               @page && @locale
           return
         end
 
         self.class.cache_page response.body, request.path
       end
 
-      def permitted_page_attributes
-        [
-          :template, :user_id, :status, :content_order,
-          :feed_enabled, :published_at, :redirect_to, :comments_allowed,
-          :image_link, :news_page, :unique_name, :pinned,
-          :parent_page_id
-        ]
-      end
-
-      def page_params
-        params.require(:page).permit(
-          Page.localized_attributes + permitted_page_attributes
-        )
-      end
-
-      def captcha_verified?
-        !PagesCore.config(:recaptcha) || verify_recaptcha
-      end
-
-      def honeypot_triggered?
-        PagesCore.config(:comment_honeypot) && !params[:email].to_s.empty?
-      end
-
-      def remote_ip
-        request.env["REMOTE_ADDR"]
-      end
-
-      def new_comment(page)
-        PageComment.new(
-          page_comment_params.merge(remote_ip: remote_ip, page_id: page.id)
-        )
-      end
-
-      def comment_recipients(page)
-        PagesCore.config(:comment_notifications)
-          .map { |r| r == :author ? page.author.name_and_email : r }
-          .uniq
-      end
-
-      def deliver_comment_notifications(page, comment)
-        comment_recipients(page).each do |r|
-          AdminMailer.comment_notification(
-            r,
-            page,
-            comment,
-            page_url(locale, page)
-          ).deliver_now
-        end
+      def find_page_by_path
+        return unless params[:path]
+        @page ||= PagePath.get(locale, params[:path]).try(&:page)
       end
 
       def find_page
-        @page ||= find_page_by_id(params[:id]) || unique_page(params[:id])
-        @page.locale = @locale || I18n.default_locale.to_s
-      end
-
-      def find_page_by_id(id)
-        Page.find(id)
-      rescue
-        nil
-      end
-
-      def page_comment_params
-        params.require(:page_comment).permit(:name, :email, :url, :body)
+        @page ||= Page.find_by(id: params[:id]) || unique_page(params[:id])
+        @page.locale = @locale || I18n.default_locale.to_s if @page
       end
 
-      def normalize_search_query(str)
-        str
-          .split(/\s+/)
-          .map { |p| "#{p}*" }
-          .join(" ")
+      def render_published_page(page)
+        if page && page.published?
+          @page = page
+          render_page
+        else
+          render_error 404
+        end
       end
 
-      def render_rss(items, title: nil)
-        @items, @title = items, title
-        response.headers["Content-Type"] = "application/rss+xml;charset=utf-8"
-        render template: "feeds/pages", layout: false
+      def redirect_page(page)
+        return false unless page.redirects?
+        redirect_to(page.redirect_path(locale: locale))
       end
 
-      def search_options(category_id: nil)
-        options = {
-          page:      (params[:page] || 1).to_i,
-          per_page:  20,
-          include:   [:localizations, :categories, :image, :author],
-          order:     :published_at,
-          sort_mode: :desc,
-          with: {
-            status:      2,
-            autopublish: 0
-          }
-        }
-        unless category_id.blank?
-          options[:with][:category_ids] = category_id
-        end
-        options
+      def require_page
+        return if @page
+        render_error 404
       end
     end
   end