RubyGems - pages_core - Versions diffs - 3.5.1 → 3.6.0 - Mend

pages_core 3.5.1 → 3.6.0

Files changed (312) hide show

data/app/controller_dummies/admin/admin_controller.rb CHANGED Viewed

@@ -1,5 +1,3 @@
-# encoding: utf-8
 module Admin
   class AdminController < PagesCore::AdminController #:nodoc:
   end

data/app/controller_dummies/application_controller.rb CHANGED Viewed

@@ -1,6 +1,4 @@
-# encoding: utf-8
-class ApplicationController < PagesCore::ApplicationController #:nodoc:
+class ApplicationController < PagesCore::BaseController #:nodoc:
   helper :all
-  protect_from_forgery
+  protect_from_forgery with: :exception
 end

data/app/controller_dummies/attachments_controller.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ class AttachmentsController < PagesCore::AttachmentsController #:nodoc:
2	+ end

data/app/controller_dummies/frontend_controller.rb CHANGED Viewed

@@ -1,4 +1,2 @@
-# encoding: utf-8
 class FrontendController < PagesCore::FrontendController #:nodoc:
 end

data/app/controller_dummies/images_controller.rb CHANGED Viewed

@@ -1,4 +1,2 @@
-# encoding: utf-8
 class ImagesController < PagesCore::ImagesController #:nodoc:
 end

data/app/controller_dummies/page_files_controller.rb CHANGED Viewed

@@ -1,4 +1,2 @@
-# encoding: utf-8
 class PageFilesController < PagesCore::Frontend::PageFilesController #:nodoc:
 end

data/app/controller_dummies/pages_controller.rb CHANGED Viewed

@@ -1,4 +1,2 @@
-# encoding: utf-8
 class PagesController < PagesCore::Frontend::PagesController #:nodoc:
 end

data/app/controller_dummies/sitemaps_controller.rb CHANGED Viewed

@@ -1,4 +1,2 @@
-# encoding: utf-8
 class SitemapsController < PagesCore::SitemapsController #:nodoc:
 end

data/app/controllers/admin/attachments_controller.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module Admin
+  class AttachmentsController < Admin::AdminController
+    before_action :find_attachment, only: %i[update]
+    def create
+      @attachment = Attachment.create(
+        attachment_params.merge(user: current_user)
+      )
+      return unless @attachment.valid?
+      respond_to do |format|
+        format.json do
+          render_attachment(@attachment)
+        end
+      end
+    end
+    def update
+      @attachment.update(attachment_params)
+      respond_to do |format|
+        format.json { render_attachment(@attachment) }
+      end
+    end
+    protected
+    def attachment_params
+      params.require(:attachment).permit(
+        :file,
+        localized_attributes.each_with_object({}) do |a, h|
+          h[a] = I18n.available_locales
+        end
+      )
+    end
+    def localized_attributes
+      %i[name description]
+    end
+    def find_attachment
+      @attachment = Attachment.find(params[:id])
+    end
+    def render_attachment(attachment)
+      render json: attachment, serializer: Admin::AttachmentSerializer
+    end
+  end
+end

data/app/controllers/admin/categories_controller.rb CHANGED Viewed

@@ -1,8 +1,6 @@
-# encoding: utf-8
 module Admin
   class CategoriesController < Admin::AdminController
-    before_action :find_category, only: [:show, :edit, :update, :destroy]
+    before_action :find_category, only: %i[show edit update destroy]
     def index
       @categories = Category.all
@@ -26,8 +24,7 @@ module Admin
       end
     end
-    def edit
-    end
+    def edit; end
     def update
       if @category.update(category_params)

data/app/controllers/admin/images_controller.rb CHANGED Viewed

@@ -1,43 +1,49 @@
-# encoding: utf-8
 module Admin
   class ImagesController < Admin::AdminController
-    before_action :find_image, only: [:show, :edit, :update, :destroy]
+    before_action :find_image, only: %i[show edit update destroy]
-    def index
-    end
+    def index; end
-    def show
-      respond_to do |format|
-        format.js { render text: @image.to_json, layout: false }
-      end
-    end
+    def show; end
-    def new
-    end
+    def new; end
-    def edit
-    end
+    def edit; end
     def create
+      @image = Image.create(image_params)
+      if @image.valid?
+        respond_to do |format|
+          format.json do
+            render json: @image, serializer: Admin::ImageSerializer
+          end
+        end
+      end
     end
     def update
       @image.update(image_params)
       respond_to do |format|
-        format.json { render text: @image.to_json, layout: false }
+        format.json { render action: :show }
       end
     end
-    def destroy
-    end
+    def destroy; end
     protected
+    def localized_attributes
+      %i[caption alternative]
+    end
     def image_params
       params.require(:image).permit(
-        :name, :alternative, :caption, :description, :file,
-        :crop_start_x, :crop_start_y, :crop_height, :crop_width, :locale
+        :name, :description, :file,
+        :crop_start_x, :crop_start_y, :crop_height, :crop_width, :locale,
+        :crop_gravity_x, :crop_gravity_y,
+        localized_attributes.each_with_object({}) do |a, h|
+          h[a] = I18n.available_locales
+        end
       )
     end

data/app/controllers/admin/invites_controller.rb CHANGED Viewed

@@ -1,22 +1,17 @@
 module Admin
   class InvitesController < Admin::AdminController
-    before_action :require_authentication, except: [:accept, :show]
-    before_action :find_invite, only: [:show, :edit, :update, :destroy, :accept]
-    before_action :require_valid_token, only: [:show, :accept]
+    before_action :require_authentication, except: %i[accept show]
+    before_action :find_invite, only: %i[destroy]
+    before_action :find_and_validate_invite, only: %i[show accept]
-    require_authorization(
-      Invite,
-      proc { @invite },
-      member:     [:show, :edit, :update, :destroy],
-      collection: [:index, :new, :create]
-    )
+    require_authorization
     def index
       redirect_to admin_users_url
     end
     def accept
-      @user = @invite.create_user(user_params)
+      @user = PagesCore::CreateUserService.call(user_params, invite: @invite)
       if @user.valid?
         authenticate!(@user)
         redirect_to admin_default_url
@@ -37,10 +32,11 @@ module Admin
     end
     def create
-      @invite = current_user.invites.create(invite_params)
+      @invite = PagesCore::InviteService.call(invite_params,
+                                              user: current_user,
+                                              host: request.host,
+                                              protocol: request.protocol)
       if @invite.valid?
-        deliver_invite(@invite)
-        @invite.update(sent_at: Time.now.utc)
         redirect_to admin_invites_url
       else
         render action: :new
@@ -55,17 +51,17 @@ module Admin
     private
-    def deliver_invite(invite)
-      AdminMailer.invite(
-        invite,
-        admin_invite_with_token_url(invite, invite.token)
-      ).deliver_now
-    end
     def find_invite
       @invite = Invite.find(params[:id])
     end
+    def find_and_validate_invite
+      @invite = Invite.find_by(id: params[:id])
+      return if @invite && secure_compare(@invite.token, params[:token])
+      flash[:notice] = "This invite is no longer valid."
+      redirect_to(login_admin_users_url) && return
+    end
     def user_params
       params.require(:user).permit(:name, :email, :password, :confirm_password)
     end
@@ -73,11 +69,5 @@ module Admin
     def invite_params
       params.require(:invite).permit(:email, role_names: [])
     end
-    def require_valid_token
-      return if @invite && secure_compare(@invite.token, params[:token])
-      flash[:notice] = "Invalid invite token"
-      redirect_to(login_admin_users_url) && return
-    end
   end
 end

data/app/controllers/admin/pages_controller.rb CHANGED Viewed

@@ -1,20 +1,21 @@
-# encoding: utf-8
 module Admin
   class PagesController < Admin::AdminController
     include PagesCore::Admin::NewsPageController
-    before_action :find_page, only: [:show, :edit, :preview, :update, :destroy,
-                                     :delete_meta_image, :move]
     before_action :find_categories
+    before_action :find_page, only: %i[show edit update destroy
+                                       delete_meta_image move]
+    require_authorization
-    require_authorization(Page, proc { @page },
-                          collection: [:index, :news, :new, :new_news, :create],
-                          member: [:show, :edit, :preview, :update, :destroy,
-                                   :delete_meta_image, :move])
+    helper_method :page_json
     def index
-      @root_pages = Page.roots.in_locale(@locale).visible
+      @pages = Page.admin_list(@locale)
+    end
+    def deleted
+      @pages = Page.deleted.by_updated_at.in_locale(@locale)
     end
     def show
@@ -22,12 +23,13 @@ module Admin
     end
     def new
-      @page = build_page(@locale)
-      if params[:parent]
-        @page.parent = Page.find(params[:parent])
-      elsif @news_pages
-        @page.parent = @news_pages.first
-      end
+      build_params = params[:page] ? page_params : nil
+      @page = build_page(@locale, build_params)
+      @page.parent = if params[:parent]
+                       Page.find(params[:parent])
+                     elsif @news_pages
+                       @news_pages.first
+                     end
     end
     def create
@@ -42,9 +44,7 @@ module Admin
       end
     end
-    def edit
-      render action: :edit
-    end
+    def edit; end
     def update
       if @page.update(page_params)
@@ -54,7 +54,7 @@ module Admin
           redirect_to edit_admin_page_url(@locale, @page)
         end
       else
-        edit
+        render action: :edit
       end
     end
@@ -80,32 +80,50 @@ module Admin
     def build_page(locale, attributes = nil, categories = nil)
       Page.new.localize(locale).tap do |page|
         page.author = default_author || current_user
-        if attributes
-          page.attributes = attributes
-          page.comments_allowed = page.template_config.value(:comments_allowed)
-        end
+        page.attributes = attributes if attributes
         page.categories = categories if categories
       end
     end
     def default_author
-      return unless PagesCore.config.default_author
-      User.where(email: PagesCore.config.default_author).first
+      User.find_by_email(PagesCore.config.default_author)
     end
     def page_attributes
-      [:template, :user_id, :status, :feed_enabled, :published_at,
-       :redirect_to, :comments_allowed, :image_link, :news_page,
-       :unique_name, :pinned, :parent_page_id, :serialized_tags, :meta_image]
+      %i[template user_id status feed_enabled published_at redirect_to
+         image_link news_page unique_name pinned parent_page_id serialized_tags
+         meta_image starts_at ends_at all_day image_id]
     end
     def page_params
-      params.require(:page).permit(Page.localized_attributes + page_attributes)
+      params.require(:page).permit(
+        PagesCore::Templates::TemplateConfiguration.all_blocks +
+        page_attributes,
+        page_images_attributes: %i[id position image_id primary _destroy],
+        page_files_attributes: %i[id position attachment_id _destroy]
+      )
+    end
+    def page_json(page)
+      { id: page.id,
+        param: page.to_param,
+        parent_page_id: page.parent_page_id,
+        locale: page.locale,
+        status: page.status,
+        news_page: page.news_page,
+        name: page.name,
+        published_at: page.published_at,
+        pinned: page.pinned?,
+        starts_at: page.starts_at,
+        permissions: [(:edit if policy(page).edit?),
+                      (:create if policy(page).edit?)].compact }
     end
     def param_categories
-      return [] unless params[:category] && params[:category].any?
-      params[:category].map { |k, _| Category.find(k.to_i) }
+      return [] unless params[:category]
+      params.permit(category: {})[:category]
+            .to_hash
+            .map { |id, _| Category.find(id) }
     end
     def find_page
@@ -119,7 +137,7 @@ module Admin
     def respond_with_page(page)
       respond_to do |format|
         format.html { yield }
-        format.json { render json: page, serializer: PageTreeSerializer }
+        format.json { render json: page_json(page) }
       end
     end
   end

data/app/controllers/admin/password_resets_controller.rb CHANGED Viewed

@@ -1,10 +1,8 @@
-# encoding: utf-8
 module Admin
   class PasswordResetsController < Admin::AdminController
-    before_action :find_password_reset_token, only: [:show, :update]
-    before_action :check_for_expired_token, only: [:show, :update]
-    before_action :require_authentication, except: [:create, :show, :update]
+    before_action :find_password_reset_token, only: %i[show update]
+    before_action :check_for_expired_token, only: %i[show update]
+    before_action :require_authentication, except: %i[create show update]
     layout "admin"
@@ -17,7 +15,7 @@ module Admin
       else
         flash[:notice] = "Couldn't find a user with that email address"
       end
-      redirect_to login_url
+      redirect_to login_admin_users_url
     end
     def show
@@ -26,11 +24,11 @@ module Admin
     def update
       @user = @password_reset_token.user
-      if !user_params[:password].blank? && @user.update(user_params)
+      if user_params[:password].present? && @user.update(user_params)
         @password_reset_token.destroy
         authenticate!(@user)
         flash[:notice] = "Your password has been changed"
-        redirect_to login_url
+        redirect_to login_admin_users_url
       else
         render action: :show
       end
@@ -49,20 +47,15 @@ module Admin
     def find_user_by_email(email)
       return unless email
-      User.find_by_username_or_email(params[:username])
-    end
-    def login_url
-      # TODO: Validate URL
-      params[:login_url] || login_admin_users_url
+      User.login_name(params[:username])
     end
     def user_params
       params.require(:user).permit(:password, :confirm_password)
     end
-    def valid_token?(pr)
-      pr && secure_compare(pr.token, params[:token])
+    def valid_token?(reset)
+      reset && secure_compare(reset.token, params[:token])
     end
     def find_password_reset_token
@@ -75,14 +68,14 @@ module Admin
       return if valid_token?(@password_reset_token)
       flash[:notice] = "Invalid password reset request"
-      redirect_to(login_url) && return
+      redirect_to(login_admin_users_url) && return
     end
     def check_for_expired_token
       return unless @password_reset_token.expired?
       @password_reset_token.destroy
       flash[:notice] = "Your password reset link has expired"
-      redirect_to(login_url)
+      redirect_to(login_admin_users_url)
     end
   end
 end