RubyGems - pages_core - Versions diffs - 3.4.3 → 3.7.0 - Mend

pages_core 3.4.3 → 3.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (375) hide show

data/app/controllers/admin/password_resets_controller.rb CHANGED Viewed

@@ -1,23 +1,23 @@
-# encoding: utf-8
+# frozen_string_literal: true
 module Admin
   class PasswordResetsController < Admin::AdminController
-    before_action :find_password_reset_token, only: [:show, :update]
-    before_action :check_for_expired_token, only: [:show, :update]
-    before_action :require_authentication, except: [:create, :show, :update]
+    before_action :find_password_reset_token, only: %i[show update]
+    before_action :check_for_expired_token, only: %i[show update]
+    before_action :require_authentication, except: %i[create show update]
     layout "admin"
     def create
-      if params[:username] &&
-          @user = User.find_by_username_or_email(params[:username])
+      @user = find_user_by_email(params[:username])
+      if @user
         @password_reset_token = @user.password_reset_tokens.create
         deliver_password_reset(@user, @password_reset_token)
         flash[:notice] = "An email with further instructions has been sent"
       else
         flash[:notice] = "Couldn't find a user with that email address"
       end
-      redirect_to login_url
+      redirect_to login_admin_users_url
     end
     def show
@@ -26,11 +26,11 @@ module Admin
     def update
       @user = @password_reset_token.user
-      if !user_params[:password].blank? && @user.update(user_params)
+      if user_params[:password].present? && @user.update(user_params)
         @password_reset_token.destroy
         authenticate!(@user)
         flash[:notice] = "Your password has been changed"
-        redirect_to login_url
+        redirect_to login_admin_users_url
       else
         render action: :show
       end
@@ -44,40 +44,42 @@ module Admin
         admin_password_reset_with_token_url(
           password_reset, password_reset.token
         )
-      ).deliver_now
+      ).deliver_later
     end
-    def login_url
-      # TODO: Validate URL
-      params[:login_url] || login_admin_users_url
+    def find_user_by_email(email)
+      return unless email
+      User.login_name(params[:username])
     end
     def user_params
       params.require(:user).permit(:password, :confirm_password)
     end
-    def valid_token?(pr)
-      pr && secure_compare(pr.token, params[:token])
+    def valid_token?(reset)
+      reset && secure_compare(reset.token, params[:token])
     end
     def find_password_reset_token
       @password_reset_token = begin
-                                PasswordResetToken.find(params[:id])
-                              rescue ActiveRecord::RecordNotFound
-                                nil
-                              end
+        PasswordResetToken.find(params[:id])
+      rescue ActiveRecord::RecordNotFound
+        nil
+      end
       return if valid_token?(@password_reset_token)
       flash[:notice] = "Invalid password reset request"
-      redirect_to(login_url) && return
+      redirect_to(login_admin_users_url) && return
     end
     def check_for_expired_token
       return unless @password_reset_token.expired?
       @password_reset_token.destroy
       flash[:notice] = "Your password reset link has expired"
-      redirect_to(login_url)
+      redirect_to(login_admin_users_url)
     end
   end
 end

data/app/controllers/admin/users_controller.rb CHANGED Viewed

@@ -1,19 +1,12 @@
-# encoding: utf-8
+# frozen_string_literal: true
 module Admin
   class UsersController < Admin::AdminController
-    before_action :require_authentication, except: [:new, :create, :login]
-    before_action :require_no_users, only: [:new, :create]
+    before_action :require_authentication, except: %i[new create login]
+    before_action :require_no_users, only: %i[new create]
     before_action(
       :find_user,
-      only: [:edit, :update, :show, :destroy, :delete_image]
-    )
-    require_authorization(
-      User,
-      proc { @user },
-      member:     [:delete_image, :update, :destroy, :edit],
-      collection: [:index, :deactivated, :new, :create]
+      only: %i[edit update show destroy delete_image]
     )
     def index
@@ -28,6 +21,7 @@ module Admin
     def login
       return unless logged_in?
       redirect_to admin_default_url
     end
@@ -36,7 +30,7 @@ module Admin
     end
     def create
-      @user = User.create(user_params)
+      @user = PagesCore::CreateUserService.call(user_params)
       if @user.valid?
         authenticate!(@user)
         redirect_to admin_default_url
@@ -45,14 +39,12 @@ module Admin
       end
     end
-    def show
-    end
+    def show; end
-    def edit
-    end
+    def edit; end
     def update
-      if @user.update(user_params)
+      if @user.update(user_params_with_roles)
         flash[:notice] = "Your changed to #{@user.name} were saved."
         redirect_to admin_users_url
       else
@@ -83,18 +75,26 @@ module Admin
     end
     def user_params
-      permitted_params = [
-        :name, :email, :image
-      ]
-      permitted_params += [:activated, role_names: []] if policy(User).manage?
-      if !User.any? || (@user && policy(@user).change_password?)
-        permitted_params += [:password, :confirm_password]
+      permitted_params = %i[name email image image_id]
+      if policy(User).manage?
+        permitted_params += [:activated,
+                             { role_names: [] }]
+      end
+      if User.none? || (@user && policy(@user).change_password?)
+        permitted_params += %i[password confirm_password]
       end
       params.require(:user).permit(permitted_params)
     end
+    def user_params_with_roles
+      return user_params unless policy(User).manage?
+      { role_names: [] }.merge(user_params)
+    end
     def require_no_users
       return unless User.any?
       flash[:error] = "Account holder already exists"
       redirect_to(admin_users_url)
     end

data/app/controllers/concerns/pages_core/admin/news_page_controller.rb ADDED Viewed

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+module PagesCore
+  module Admin
+    module NewsPageController
+      extend ActiveSupport::Concern
+      included do
+        before_action :require_news_pages, only: [:news]
+        before_action :find_news_pages, only: %i[news new_news]
+        before_action :find_year_and_month, only: %i[news]
+      end
+      def news
+        @archive_finder = archive_finder(@news_pages, @locale)
+        unless @year
+          redirect_to(news_admin_pages_path(@locale,
+                                            (@archive_finder.latest_year ||
+                                             Time.zone.now.year)))
+          return
+        end
+        @pages = @archive_finder.by_year_and_maybe_month(@year, @month)
+                                .paginate(per_page: 50, page: params[:page])
+      end
+      def new_news
+        new
+        render action: :new
+      end
+      private
+      def archive_finder(parents, locale)
+        Page.where(parent_page_id: parents)
+            .visible
+            .order("published_at DESC")
+            .in_locale(locale)
+            .archive_finder
+      end
+      def find_news_pages
+        @news_pages = Page.news_pages
+                          .in_locale(@locale)
+                          .reorder("parent_page_id ASC, position ASC")
+        return if @news_pages.any?
+        redirect_to(admin_pages_url(@locale))
+      end
+      def find_year_and_month
+        @year = params[:year]&.to_i
+        @month = params[:month]&.to_i
+      end
+      # Redirect away if no news pages has been configured
+      def require_news_pages
+        return if Page.news_pages.any?
+        redirect_to(admin_pages_url(@locale))
+      end
+      def latest_year
+        archive_finder.latest_year_and_month.first || Time.zone.now.year
+      end
+    end
+  end
+end

data/app/controllers/concerns/pages_core/admin/persistent_params.rb ADDED Viewed

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+module PagesCore
+  module Admin
+    module PersistentParams
+      extend ActiveSupport::Concern
+      included do
+        before_action :restore_persistent_params
+        after_action :save_persistent_params
+      end
+      protected
+      # Loads persistent params from user model and merges with session.
+      def restore_persistent_params
+        return unless current_user&.persistent_data?
+        session[:persistent_params] ||= {}
+        session[:persistent_params] = current_user.persistent_data.merge(
+          session[:persistent_params]
+        )
+      end
+      # Saves persistent params from session to User model if applicable.
+      def save_persistent_params
+        return unless current_user && session[:persistent_params]
+        current_user.persistent_data = session[:persistent_params]
+        current_user.save
+      end
+      def persistent_params(namespace)
+        session[:persistent_params] ||= {}
+        session[:persistent_params][namespace] ||= {}
+        session[:persistent_params][namespace]
+      end
+      def coerce_persistent_param(value)
+        case value
+        when "true"
+          true
+        when "false"
+          false
+        else
+          value
+        end
+      end
+      def get_persistent_param(namespace, key, default)
+        if params.key?(key)
+          params[key]
+        elsif persistent_params(namespace).key?(key)
+          persistent_params(namespace)[key]
+        else
+          default
+        end
+      end
+      # Get a persistent param
+      def persistent_param(key, default = nil, options = {})
+        key = key.to_s
+        namespace = options[:namespace] || self.class.to_s
+        value = coerce_persistent_param(
+          get_persistent_param(namespace, key, default)
+        )
+        persistent_params(namespace)[key] = value unless value.nil?
+        value
+      end
+    end
+  end
+end

data/app/controllers/concerns/pages_core/authentication.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# encoding: utf-8
+# frozen_string_literal: true
 module PagesCore
   module Authentication
@@ -24,7 +24,7 @@ module PagesCore
     end
     def deauthenticate!
-      @current_user  = nil
+      @current_user = nil
       session[:current_user_id] = nil
     end
@@ -35,13 +35,14 @@ module PagesCore
         user = User.where(id: session[:current_user_id]).first
       end
-      return unless user && user.can_login?
+      return unless user&.can_login?
       authenticate!(user)
     end
     def finalize_authenticated_session
       return unless current_user
       session[:current_user_id] = current_user.id
     end
   end

data/app/controllers/concerns/pages_core/error_renderer.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+module PagesCore
+  module ErrorRenderer
+    extend ActiveSupport::Concern
+    # Renders a fancy error page from app/views/errors. If the error name
+    # is numeric, it will also be set as the response status. Example:
+    #
+    #   render_error 404
+    #
+    def render_error(error, options = {})
+      options[:status] ||= error if error.is_a? Numeric
+      respond_to do |format|
+        format.html do
+          options[:layout] = error_layout(error, options)
+          @email = current_user.try(&:email) || ""
+          render({ template: "errors/#{error}" }.merge(options))
+        end
+        format.any { head options[:status] }
+      end
+      true
+    end
+    protected
+    def error_layout(error, options = {})
+      return options[:layout] if options.key?(:layout)
+      if error == 404 && PagesCore.config.error_404_layout?
+        PagesCore.config.error_404_layout
+      else
+        "errors"
+      end
+    end
+  end
+end

data/app/controllers/concerns/pages_core/error_reporting.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+module PagesCore
+  module ErrorReporting
+    extend ActiveSupport::Concern
+    included do
+      before_action :configure_sentry_context
+    end
+    protected
+    def configure_sentry_context
+      if Object.const_defined?("Sentry")
+        Sentry.set_user(current_user_context)
+        Sentry.set_tags(locale: params[:locale] || I18n.default_locale.to_s)
+        Sentry.set_extras(params: params.to_unsafe_h)
+      elsif Object.const_defined?("Raven")
+        configure_legacy_sentry_context
+      end
+    end
+    def configure_legacy_sentry_context
+      Raven.user_context(current_user_context)
+      Raven.tags_context(locale: params[:locale] || I18n.default_locale.to_s)
+      Raven.extra_context(params: params.to_unsafe_h)
+    end
+    def current_user_context
+      return { user_id: :guest } unless logged_in?
+      { user_id: current_user.id,
+        user_email: current_user.email }
+    end
+  end
+end

data/app/controllers/concerns/pages_core/policies_helper.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module PagesCore
   module PoliciesHelper
     extend ActiveSupport::Concern
@@ -7,20 +9,20 @@ module PagesCore
     end
     module ClassMethods
-      def require_authorization(collection, member, options = {})
-        options = {
-          collection: [:index, :new, :create],
-          member:     [:show, :edit, :update, :destroy]
-        }.merge(options)
+      def require_authorization(object: nil, instance: nil)
+        object ||= inferred_policy_class
         before_action do |controller|
-          action = params[:action].to_sym
-          if options[:collection].include?(action)
-            verify_policy_with_proc(controller, collection)
-          elsif options[:member].include?(action)
-            verify_policy_with_proc(controller, member)
-          end
+          instance_name = "@#{object.name.underscore}"
+          record = instance || controller.instance_variable_get(instance_name)
+          verify_policy_with_proc(controller, record || object)
         end
       end
+      def inferred_policy_class
+        const_get(name.demodulize.gsub(/Controller$/, "").singularize)
+      end
     end
     def policy(object)
@@ -33,8 +35,9 @@ module PagesCore
     end
     def verify_policy(record)
-      return true if policy(record).public_send(params[:action] + "?")
-      fail PagesCore::NotAuthorized
+      return true if policy(record).public_send("#{action_name}?")
+      raise PagesCore::NotAuthorized
     end
   end
 end