RubyGems - pages_core - Versions diffs - 3.5.1 → 3.6.0 - Mend

pages_core 3.5.1 → 3.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

data/app/controller_dummies/admin/admin_controller.rb CHANGED Viewed

@@ -1,5 +1,3 @@
-# encoding: utf-8
 module Admin
   class AdminController < PagesCore::AdminController #:nodoc:
   end

data/app/controller_dummies/application_controller.rb CHANGED Viewed

@@ -1,6 +1,4 @@
-# encoding: utf-8
-class ApplicationController < PagesCore::ApplicationController #:nodoc:
+class ApplicationController < PagesCore::BaseController #:nodoc:
   helper :all
-  protect_from_forgery
+  protect_from_forgery with: :exception
 end

data/app/controller_dummies/attachments_controller.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ class AttachmentsController < PagesCore::AttachmentsController #:nodoc:
2	+ end

data/app/controller_dummies/frontend_controller.rb CHANGED Viewed

@@ -1,4 +1,2 @@
-# encoding: utf-8
 class FrontendController < PagesCore::FrontendController #:nodoc:
 end

data/app/controller_dummies/images_controller.rb CHANGED Viewed

@@ -1,4 +1,2 @@
-# encoding: utf-8
 class ImagesController < PagesCore::ImagesController #:nodoc:
 end

data/app/controller_dummies/page_files_controller.rb CHANGED Viewed

@@ -1,4 +1,2 @@
-# encoding: utf-8
 class PageFilesController < PagesCore::Frontend::PageFilesController #:nodoc:
 end

data/app/controller_dummies/pages_controller.rb CHANGED Viewed

@@ -1,4 +1,2 @@
-# encoding: utf-8
 class PagesController < PagesCore::Frontend::PagesController #:nodoc:
 end

data/app/controller_dummies/sitemaps_controller.rb CHANGED Viewed

@@ -1,4 +1,2 @@
-# encoding: utf-8
 class SitemapsController < PagesCore::SitemapsController #:nodoc:
 end

data/app/controllers/admin/attachments_controller.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module Admin
+  class AttachmentsController < Admin::AdminController
+    before_action :find_attachment, only: %i[update]
+    def create
+      @attachment = Attachment.create(
+        attachment_params.merge(user: current_user)
+      )
+      return unless @attachment.valid?
+      respond_to do |format|
+        format.json do
+          render_attachment(@attachment)
+        end
+      end
+    end
+    def update
+      @attachment.update(attachment_params)
+      respond_to do |format|
+        format.json { render_attachment(@attachment) }
+      end
+    end
+    protected
+    def attachment_params
+      params.require(:attachment).permit(
+        :file,
+        localized_attributes.each_with_object({}) do |a, h|
+          h[a] = I18n.available_locales
+        end
+      )
+    end
+    def localized_attributes
+      %i[name description]
+    end
+    def find_attachment
+      @attachment = Attachment.find(params[:id])
+    end
+    def render_attachment(attachment)
+      render json: attachment, serializer: Admin::AttachmentSerializer
+    end
+  end
+end

data/app/controllers/admin/categories_controller.rb CHANGED Viewed

@@ -1,8 +1,6 @@
-# encoding: utf-8
 module Admin
   class CategoriesController < Admin::AdminController
-    before_action :find_category, only: [:show, :edit, :update, :destroy]
+    before_action :find_category, only: %i[show edit update destroy]
     def index
       @categories = Category.all
@@ -26,8 +24,7 @@ module Admin
       end
     end
-    def edit
-    end
+    def edit; end
     def update
       if @category.update(category_params)

data/app/controllers/admin/images_controller.rb CHANGED Viewed

@@ -1,43 +1,49 @@
-# encoding: utf-8
 module Admin
   class ImagesController < Admin::AdminController
-    before_action :find_image, only: [:show, :edit, :update, :destroy]
+    before_action :find_image, only: %i[show edit update destroy]
-    def index
-    end
+    def index; end
-    def show
-      respond_to do |format|
-        format.js { render text: @image.to_json, layout: false }
-      end
-    end
+    def show; end
-    def new
-    end
+    def new; end
-    def edit
-    end
+    def edit; end
     def create
+      @image = Image.create(image_params)
+      if @image.valid?
+        respond_to do |format|
+          format.json do
+            render json: @image, serializer: Admin::ImageSerializer
+          end
+        end
+      end
     end
     def update
       @image.update(image_params)
       respond_to do |format|
-        format.json { render text: @image.to_json, layout: false }
+        format.json { render action: :show }
       end
     end
-    def destroy
-    end
+    def destroy; end
     protected
+    def localized_attributes
+      %i[caption alternative]
+    end
     def image_params
       params.require(:image).permit(
-        :name, :alternative, :caption, :description, :file,
-        :crop_start_x, :crop_start_y, :crop_height, :crop_width, :locale
+        :name, :description, :file,
+        :crop_start_x, :crop_start_y, :crop_height, :crop_width, :locale,
+        :crop_gravity_x, :crop_gravity_y,
+        localized_attributes.each_with_object({}) do |a, h|
+          h[a] = I18n.available_locales
+        end
       )
     end

data/app/controllers/admin/invites_controller.rb CHANGED Viewed

@@ -1,22 +1,17 @@
 module Admin
   class InvitesController < Admin::AdminController
-    before_action :require_authentication, except: [:accept, :show]
-    before_action :find_invite, only: [:show, :edit, :update, :destroy, :accept]
-    before_action :require_valid_token, only: [:show, :accept]
+    before_action :require_authentication, except: %i[accept show]
+    before_action :find_invite, only: %i[destroy]
+    before_action :find_and_validate_invite, only: %i[show accept]
-    require_authorization(
-      Invite,
-      proc { @invite },
-      member:     [:show, :edit, :update, :destroy],
-      collection: [:index, :new, :create]
-    )
+    require_authorization
     def index
       redirect_to admin_users_url
     end
     def accept
-      @user = @invite.create_user(user_params)
+      @user = PagesCore::CreateUserService.call(user_params, invite: @invite)
       if @user.valid?
         authenticate!(@user)
         redirect_to admin_default_url
@@ -37,10 +32,11 @@ module Admin
     end
     def create
-      @invite = current_user.invites.create(invite_params)
+      @invite = PagesCore::InviteService.call(invite_params,
+                                              user: current_user,
+                                              host: request.host,
+                                              protocol: request.protocol)
       if @invite.valid?
-        deliver_invite(@invite)
-        @invite.update(sent_at: Time.now.utc)
         redirect_to admin_invites_url
       else
         render action: :new
@@ -55,17 +51,17 @@ module Admin
     private
-    def deliver_invite(invite)
-      AdminMailer.invite(
-        invite,
-        admin_invite_with_token_url(invite, invite.token)
-      ).deliver_now
-    end
     def find_invite
       @invite = Invite.find(params[:id])
     end
+    def find_and_validate_invite
+      @invite = Invite.find_by(id: params[:id])
+      return if @invite && secure_compare(@invite.token, params[:token])
+      flash[:notice] = "This invite is no longer valid."
+      redirect_to(login_admin_users_url) && return
+    end
     def user_params
       params.require(:user).permit(:name, :email, :password, :confirm_password)
     end
@@ -73,11 +69,5 @@ module Admin
     def invite_params
       params.require(:invite).permit(:email, role_names: [])
     end
-    def require_valid_token
-      return if @invite && secure_compare(@invite.token, params[:token])
-      flash[:notice] = "Invalid invite token"
-      redirect_to(login_admin_users_url) && return
-    end
   end
 end

data/app/controllers/admin/pages_controller.rb CHANGED Viewed

@@ -1,20 +1,21 @@
-# encoding: utf-8
 module Admin
   class PagesController < Admin::AdminController
     include PagesCore::Admin::NewsPageController
-    before_action :find_page, only: [:show, :edit, :preview, :update, :destroy,
-                                     :delete_meta_image, :move]
     before_action :find_categories
+    before_action :find_page, only: %i[show edit update destroy
+                                       delete_meta_image move]
+    require_authorization
-    require_authorization(Page, proc { @page },
-                          collection: [:index, :news, :new, :new_news, :create],
-                          member: [:show, :edit, :preview, :update, :destroy,
-                                   :delete_meta_image, :move])
+    helper_method :page_json
     def index
-      @root_pages = Page.roots.in_locale(@locale).visible
+      @pages = Page.admin_list(@locale)
+    end
+    def deleted
+      @pages = Page.deleted.by_updated_at.in_locale(@locale)
     end
     def show
@@ -22,12 +23,13 @@ module Admin
     end
     def new
-      @page = build_page(@locale)
-      if params[:parent]
-        @page.parent = Page.find(params[:parent])
-      elsif @news_pages
-        @page.parent = @news_pages.first
-      end
+      build_params = params[:page] ? page_params : nil
+      @page = build_page(@locale, build_params)
+      @page.parent = if params[:parent]
+                       Page.find(params[:parent])
+                     elsif @news_pages
+                       @news_pages.first
+                     end
     end
     def create
@@ -42,9 +44,7 @@ module Admin
       end
     end
-    def edit
-      render action: :edit
-    end
+    def edit; end
     def update
       if @page.update(page_params)
@@ -54,7 +54,7 @@ module Admin
           redirect_to edit_admin_page_url(@locale, @page)
         end
       else
-        edit
+        render action: :edit
       end
     end
@@ -80,32 +80,50 @@ module Admin
     def build_page(locale, attributes = nil, categories = nil)
       Page.new.localize(locale).tap do |page|
         page.author = default_author || current_user
-        if attributes
-          page.attributes = attributes
-          page.comments_allowed = page.template_config.value(:comments_allowed)
-        end
+        page.attributes = attributes if attributes
         page.categories = categories if categories
       end
     end
     def default_author
-      return unless PagesCore.config.default_author
-      User.where(email: PagesCore.config.default_author).first
+      User.find_by_email(PagesCore.config.default_author)
     end
     def page_attributes
-      [:template, :user_id, :status, :feed_enabled, :published_at,
-       :redirect_to, :comments_allowed, :image_link, :news_page,
-       :unique_name, :pinned, :parent_page_id, :serialized_tags, :meta_image]
+      %i[template user_id status feed_enabled published_at redirect_to
+         image_link news_page unique_name pinned parent_page_id serialized_tags
+         meta_image starts_at ends_at all_day image_id]
     end
     def page_params
-      params.require(:page).permit(Page.localized_attributes + page_attributes)
+      params.require(:page).permit(
+        PagesCore::Templates::TemplateConfiguration.all_blocks +
+        page_attributes,
+        page_images_attributes: %i[id position image_id primary _destroy],
+        page_files_attributes: %i[id position attachment_id _destroy]
+      )
+    end
+    def page_json(page)
+      { id: page.id,
+        param: page.to_param,
+        parent_page_id: page.parent_page_id,
+        locale: page.locale,
+        status: page.status,
+        news_page: page.news_page,
+        name: page.name,
+        published_at: page.published_at,
+        pinned: page.pinned?,
+        starts_at: page.starts_at,
+        permissions: [(:edit if policy(page).edit?),
+                      (:create if policy(page).edit?)].compact }
     end
     def param_categories
-      return [] unless params[:category] && params[:category].any?
-      params[:category].map { |k, _| Category.find(k.to_i) }
+      return [] unless params[:category]
+      params.permit(category: {})[:category]
+            .to_hash
+            .map { |id, _| Category.find(id) }
     end
     def find_page
@@ -119,7 +137,7 @@ module Admin
     def respond_with_page(page)
       respond_to do |format|
         format.html { yield }
-        format.json { render json: page, serializer: PageTreeSerializer }
+        format.json { render json: page_json(page) }
       end
     end
   end

data/app/controllers/admin/password_resets_controller.rb CHANGED Viewed

@@ -1,10 +1,8 @@
-# encoding: utf-8
 module Admin
   class PasswordResetsController < Admin::AdminController
-    before_action :find_password_reset_token, only: [:show, :update]
-    before_action :check_for_expired_token, only: [:show, :update]
-    before_action :require_authentication, except: [:create, :show, :update]
+    before_action :find_password_reset_token, only: %i[show update]
+    before_action :check_for_expired_token, only: %i[show update]
+    before_action :require_authentication, except: %i[create show update]
     layout "admin"
@@ -17,7 +15,7 @@ module Admin
       else
         flash[:notice] = "Couldn't find a user with that email address"
       end
-      redirect_to login_url
+      redirect_to login_admin_users_url
     end
     def show
@@ -26,11 +24,11 @@ module Admin
     def update
       @user = @password_reset_token.user
-      if !user_params[:password].blank? && @user.update(user_params)
+      if user_params[:password].present? && @user.update(user_params)
         @password_reset_token.destroy
         authenticate!(@user)
         flash[:notice] = "Your password has been changed"
-        redirect_to login_url
+        redirect_to login_admin_users_url
       else
         render action: :show
       end
@@ -49,20 +47,15 @@ module Admin
     def find_user_by_email(email)
       return unless email
-      User.find_by_username_or_email(params[:username])
-    end
-    def login_url
-      # TODO: Validate URL
-      params[:login_url] || login_admin_users_url
+      User.login_name(params[:username])
     end
     def user_params
       params.require(:user).permit(:password, :confirm_password)
     end
-    def valid_token?(pr)
-      pr && secure_compare(pr.token, params[:token])
+    def valid_token?(reset)
+      reset && secure_compare(reset.token, params[:token])
     end
     def find_password_reset_token
@@ -75,14 +68,14 @@ module Admin
       return if valid_token?(@password_reset_token)
       flash[:notice] = "Invalid password reset request"
-      redirect_to(login_url) && return
+      redirect_to(login_admin_users_url) && return
     end
     def check_for_expired_token
       return unless @password_reset_token.expired?
       @password_reset_token.destroy
       flash[:notice] = "Your password reset link has expired"
-      redirect_to(login_url)
+      redirect_to(login_admin_users_url)
     end
   end
 end