panda-cms 0.7.0

data/app/components/panda/cms/rich_text_component.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module Panda
+  module CMS
+    # Text component
+    # @param key [Symbol] The key to use for the text component
+    # @param text [String] The text to display
+    # @param editable [Boolean] If the text is editable or not (defaults to true)
+    # @param options [Hash] The options to pass to the content_tag
+    class RichTextComponent < ViewComponent::Base
+      class ComponentError < StandardError; end
+
+      KIND = "rich_text"
+
+      attr_accessor :editable
+      attr_accessor :content
+      attr_accessor :options
+
+      def initialize(key: :text_component, text: "Lorem ipsum...", editable: true, **options)
+        @key = key
+        @text = text
+        @options = options || {}
+        @editable = editable
+      end
+
+      # Check if the element is editable and set up the content
+      def before_render
+        @editable &&= params[:embed_id].present? && params[:embed_id] == Current.page.id && Current.user.admin?
+
+        block = Panda::CMS::Block.find_by(kind: "rich_text", key: @key, panda_cms_template_id: Current.page.panda_cms_template_id)
+        raise ComponentError, "Block not found for key: #{@key}" unless block
+
+        block_content = block.block_contents.find_by(panda_cms_page_id: Current.page.id)
+        if block_content.nil?
+          block_content = Panda::CMS::BlockContent.create!(
+            block: block,
+            panda_cms_page_id: Current.page.id,
+            content: ""
+          )
+        end
+
+        @content = block_content.cached_content || block_content.content
+        raise ComponentError, "No content found for block: #{block.id}" if @content.nil?
+
+        @options[:id] = block_content.id
+
+        if @editable
+          @options[:data] = {
+            page_id: Current.page.id,
+            mode: "rich_text"
+          }
+
+          # Convert HTML content to EditorJS format if needed
+          begin
+            editor_content = Panda::CMS::HtmlToEditorJsConverter.convert(@content)
+            @content = editor_content
+          rescue Panda::CMS::HtmlToEditorJsConverter::ConversionError => e
+            raise ComponentError, "Failed to convert content: #{e.message}"
+          end
+        elsif @content.is_a?(Hash)
+          begin
+            renderer = Panda::CMS::EditorJs::Renderer.new(@content)
+            @content = renderer.render
+          rescue => e
+            raise ComponentError, "Failed to render content: #{e.message}"
+          end
+        else
+          @content = @content.html_safe
+        end
+      rescue ActiveRecord::RecordNotFound => e
+        raise ComponentError, "Database record not found: #{e.message}"
+      rescue ActiveRecord::RecordInvalid => e
+        raise ComponentError, "Invalid record: #{e.message}"
+      rescue => e
+        raise ComponentError, "Component error: #{e.message}"
+      end
+
+      # Only render the component if there is some content set, or if the component is editable
+      def render?
+        @content.present? || @editable
+      end
+    end
+  end
+end

data/app/components/panda/cms/text_component.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module Panda
+  module CMS
+    # Text component
+    # @param key [Symbol] The key to use for the text component
+    # @param text [String] The text to display
+    # @param editable [Boolean] If the text is editable or not (defaults to true)
+    # @param options [Hash] The options to pass to the content_tag
+    class TextComponent < ViewComponent::Base
+      KIND = "plain_text"
+
+      # Allows accessing the plain text of the component directly
+      attr_accessor :plain_text
+
+      def initialize(key: :text_component, text: "Lorem ipsum...", editable: true, **options)
+        @key = key
+        @text = text
+        @options = options || {}
+        @options[:id] ||= "text-#{key.to_s.dasherize}"
+        @editable = editable
+      end
+
+      def call
+        content_tag(:span, @content, @options, false) # Don't escape the content
+      rescue
+        if !Rails.env.production? || is_defined?(Sentry)
+          raise Panda::CMS::MissingBlockError.new("Block with key #{@key} not found for page #{Current.page.title}")
+        else
+          false
+        end
+      end
+
+      #
+      # Prepares content for display
+      #
+      # @usage Do not use this when rendering editable content
+      def prepare_content_for_display(content)
+        # Replace \n characters with <br> tags
+        content.gsub("\n", "<br>")
+      end
+
+      # Check if the element is editable
+      # TODO: Check user permissions
+      def before_render
+        @editable &&= params[:embed_id].present? && params[:embed_id] == Current.page.id
+
+        block = Panda::CMS::Block.find_by(kind: KIND, key: @key, panda_cms_template_id: Current.page.panda_cms_template_id)
+
+        if block.nil?
+          return false
+        end
+
+        block_content = block.block_contents.find_by(panda_cms_page_id: Current.page.id)
+        plain_text = block_content&.content.to_s
+        if @editable
+          @options[:contenteditable] = "plaintext-only"
+          @options[:data] = {
+            "editable-kind": "plain_text",
+            "editable-page-id": Current.page.id,
+            "editable-block-content-id": block_content&.id
+          }
+
+          @options[:id] = "editor-#{block_content&.id}"
+          @content = plain_text
+        else
+          @content = prepare_content_for_display(plain_text)
+        end
+      end
+    end
+  end
+end

data/app/constraints/panda/cms/admin_constraint.rb

@@ -0,0 +1,18 @@
+module Panda
+  module CMS
+    class AdminConstraint
+      def initialize(&block)
+        @block = block
+      end
+
+      def matches?(request)
+        user = current_user(request)
+        user.present? && user.admin? && @block&.call(user)
+      end
+
+      def current_user(request)
+        User.find_by(id: request.session[:user_id])
+      end
+    end
+  end
+end

data/app/controllers/panda/cms/admin/block_contents_controller.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Panda
+  module CMS
+    module Admin
+      class BlockContentsController < ApplicationController
+        before_action :set_page, only: %i[update]
+        before_action :set_block_content, only: %i[update]
+        before_action :set_paper_trail_whodunnit, only: %i[update]
+        before_action :authenticate_admin_user!
+
+        # @type PATCH/PUT
+        # @return
+        def update
+          Rails.logger.debug "Content params: #{params.inspect}"
+          Rails.logger.debug "Raw content: #{request.raw_post}"
+
+          if @block_content.update!(content: params.dig(:content))
+            @block_content.page.touch
+            render json: @block_content, status: :ok
+          else
+            render json: @block_content.errors, status: :unprocessable_entity
+          end
+        rescue => e
+          Rails.logger.error "Error updating block content: #{e.message}"
+          render json: {error: e.message}, status: :unprocessable_entity
+        end
+
+        private
+
+        # @type private
+        # @return Panda::CMS::Page
+        def set_page
+          @page = Panda::CMS::Page.find(params[:page_id])
+        end
+
+        # @type private
+        # @return Panda::CMS::BlockContent
+        def set_block_content
+          @block_content = Panda::CMS::BlockContent.find(params[:id])
+        end
+
+        # Only allow a list of trusted parameters through.
+        # @type private
+        # @return ActionController::StrongParameters
+        def block_content_params
+          params.require(:block_content).permit(:content)
+        end
+      end
+    end
+  end
+end

data/app/controllers/panda/cms/admin/dashboard_controller.rb

@@ -0,0 +1,20 @@
+require "groupdate"
+
+module Panda
+  module CMS
+    class Admin::DashboardController < ApplicationController
+      before_action :set_initial_breadcrumb, only: %i[show]
+      before_action :authenticate_admin_user!
+
+      # GET /admin
+      def show
+      end
+
+      private
+
+      def set_initial_breadcrumb
+        add_breadcrumb "Dashboard", Panda::CMS.route_namespace
+      end
+    end
+  end
+end

data/app/controllers/panda/cms/admin/files_controller.rb

@@ -0,0 +1,21 @@
+module Panda
+  module CMS
+    class Admin::FilesController < ApplicationController
+      before_action :set_initial_breadcrumb, only: %i[index show]
+      before_action :authenticate_admin_user!
+
+      def index
+        redirect_to admin_dashboard_path
+      end
+
+      def show
+      end
+
+      private
+
+      def set_initial_breadcrumb
+        add_breadcrumb "Media", admin_files_path
+      end
+    end
+  end
+end

data/app/controllers/panda/cms/admin/forms_controller.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Panda
+  module CMS
+    module Admin
+      class FormsController < ApplicationController
+        before_action :set_initial_breadcrumb, only: %i[index show]
+        # before_action :set_paper_trail_whodunnit, only: %i[create update]
+        before_action :authenticate_admin_user!
+
+        # Lists all forms
+        # @type GET
+        # @return ActiveRecord::Collection A list of all forms
+        def index
+          forms = Panda::CMS::Form.order(:name)
+          render :index, locals: {forms: forms}
+        end
+
+        def show
+          form = Panda::CMS::Form.find(params[:id])
+
+          add_breadcrumb form.name, admin_form_path(form)
+          submissions = form.form_submissions.order(created_at: :desc)
+          # TODO: Set a whitelist of fields we allow to be submitted for the form, shown in this view
+          # and a formatting array of how to display them... eventually?
+
+          fields = if submissions.last
+            submissions.last.data.keys.reverse.map { |field| [field, field.titleize] }
+          else
+            []
+          end
+
+          render :show, locals: {form: form, submissions: submissions, fields: fields}
+        end
+
+        private
+
+        def set_initial_breadcrumb
+          add_breadcrumb "Forms", admin_forms_path
+        end
+
+        private
+
+        # Only allow a list of trusted parameters through
+        # @type private
+        # @return ActionController::StrongParameters
+        def form_params
+          params.require(:form).permit(:name, :completion_path)
+        end
+      end
+    end
+  end
+end

data/app/controllers/panda/cms/admin/menus_controller.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Panda
+  module CMS
+    module Admin
+      class MenusController < ApplicationController
+        before_action :set_initial_breadcrumb, only: %i[index]
+        before_action :authenticate_admin_user!
+
+        # Lists all menus which can be managed by the administrator
+        # @type GET
+        # @return ActiveRecord::Collection An array of all menus
+        def index
+          menus = Panda::CMS::Menu.order(:name)
+          render :index, locals: {menus: menus}
+        end
+
+        private
+
+        def menu
+          @menu ||= Panda::CMS::Menu.find(params[:id])
+        end
+
+        def set_initial_breadcrumb
+          add_breadcrumb "Menus", admin_menus_path
+        end
+      end
+    end
+  end
+end

data/app/controllers/panda/cms/admin/pages_controller.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module Panda
+  module CMS
+    module Admin
+      class PagesController < ApplicationController
+        before_action :set_initial_breadcrumb, only: %i[index edit new create update]
+        before_action :set_paper_trail_whodunnit, only: %i[create update]
+        before_action :authenticate_admin_user!
+
+        # Lists all pages which can be managed by the administrator
+        # @type GET
+        # @return ActiveRecord::Collection A list of all pages
+        def index
+          homepage = Panda::CMS::Page.find_by(path: "/")
+          render :index, locals: {root_page: homepage}
+        end
+
+        # Loads the add page form
+        # @type GET
+        def new
+          locals = setup_new_page_form(page: page)
+          render :new, locals: locals
+        end
+
+        # Loads the page editor
+        # @type GET
+        def edit
+          add_breadcrumb page.title, edit_admin_page_path(page)
+
+          render :edit, locals: {page: page, template: page.template}
+        end
+
+        # POST /admin/pages
+        def create
+          page = Panda::CMS::Page.new(page_params)
+          if page.save
+            page.update(path: page.parent.path + page.path) unless page.parent.path == "/"
+            redirect_to edit_admin_page_path(page), notice: "The page was successfully created."
+          else
+            flash[:error] = "There was an error creating the page."
+            locals = setup_new_page_form(page: page)
+            render :new, locals: locals, status: :unprocessable_entity
+          end
+        end
+
+        # @type PATCH/PUT
+        # @return
+        def update
+          if page.update(page_params)
+            redirect_to edit_admin_page_path(page),
+              status: :see_other,
+              flash: {success: "This page was successfully updated!"}
+          else
+            flash[:error] = "There was an error updating the page."
+            render :edit, status: :unprocessable_entity
+          end
+        end
+
+        private
+
+        # Get the page from the ID
+        # @type private
+        # @return Panda::CMS::Page
+        def page
+          @page ||= if params[:id]
+            Panda::CMS::Page.find(params[:id])
+          else
+            Panda::CMS::Page.new(template: Panda::CMS::Template.default)
+          end
+        end
+
+        def set_initial_breadcrumb
+          add_breadcrumb "Pages", admin_pages_path
+        end
+
+        def setup_new_page_form(page:)
+          add_breadcrumb "Add Page", new_admin_page_path
+          {page: page}
+        end
+
+        # Only allow a list of trusted parameters through.
+        # @type private
+        # @return ActionController::StrongParameters
+        def page_params
+          params.require(:page).permit(:title, :path, :panda_cms_template_id, :parent_id, :status)
+        end
+      end
+    end
+  end
+end

data/app/controllers/panda/cms/admin/posts_controller.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+require "json"
+
+module Panda
+  module CMS
+    module Admin
+      class PostsController < ApplicationController
+        before_action :set_initial_breadcrumb, only: %i[index new edit create update]
+        before_action :set_paper_trail_whodunnit, only: %i[create update]
+        before_action :authenticate_admin_user!
+
+        # Get all posts
+        # @type GET
+        # @return ActiveRecord::Collection A list of all posts
+        def index
+          posts = Panda::CMS::Post.with_user.ordered
+          render :index, locals: {posts: posts}
+        end
+
+        # Loads the add post form
+        # @type GET
+        def new
+          locals = setup_new_post_form
+          render :new, locals: locals
+        end
+
+        # Loads the post editor
+        # @type GET
+        def edit
+          add_breadcrumb post.title, edit_admin_post_path(post.admin_param)
+
+          # Get the latest version's content or fall back to post's content
+          preserved_content = if post.versions.exists?
+            reified_post = post.versions.last.reify
+            reified_post&.content || post.content
+          else
+            post.content
+          end
+
+          render :edit, locals: {
+            post: post,
+            url: admin_post_path(post.admin_param),
+            preserved_content: preserved_content
+          }
+        end
+
+        # POST /admin/posts
+        def create
+          @post = Panda::CMS::Post.new(post_params)
+
+          begin
+            @post.content = JSON.parse(post_params[:content])
+          rescue
+            @post.content = post_params[:content]
+          end
+
+          if @post.save
+            Rails.logger.debug "Post saved successfully"
+            redirect_to edit_admin_post_path(@post.admin_param), notice: "Post was successfully created."
+          else
+            Rails.logger.debug "Post save failed: #{@post.errors.full_messages.inspect}"
+            flash.now[:error] = @post.errors.full_messages.join(", ")
+            locals = setup_new_post_form(post: @post, preserved_content: post_params[:content])
+            render :new, locals: locals, status: :unprocessable_entity
+          end
+        end
+
+        # @type PATCH/PUT
+        # @return
+        def update
+          Rails.logger.debug "Updating post with params: #{post_params.inspect}"
+          Rails.logger.debug "Current content: #{post.content.inspect}"
+          Rails.logger.debug "New content from params: #{post_params[:content].inspect}"
+
+          if post.update(post_params)
+            Rails.logger.debug "Post updated successfully"
+            add_breadcrumb post.title, edit_admin_post_path(post.admin_param)
+            redirect_to edit_admin_post_path(post.admin_param),
+              status: :see_other,
+              flash: {success: "The post was successfully updated!"}
+          else
+            Rails.logger.debug "Post update failed: #{post.errors.full_messages.inspect}"
+            Rails.logger.debug "Preserving content: #{post_params[:content].inspect}"
+            flash[:error] = post.errors.full_messages.join(", ")
+            add_breadcrumb post.title.presence || "Edit Post", edit_admin_post_path(post.admin_param)
+            render :edit, locals: {
+              post: post,
+              url: admin_post_path(post.admin_param),
+              preserved_content: post_params[:content]
+            }, status: :unprocessable_entity
+          end
+        end
+
+        private
+
+        # Get the post from the ID
+        # @type private
+        # @return Panda::CMS::Post
+        def post
+          @post ||= if params[:id]
+            Panda::CMS::Post.find(params[:id])
+          else
+            Panda::CMS::Post.new(
+              status: "active",
+              published_at: Time.zone.now
+            )
+          end
+        end
+
+        def set_initial_breadcrumb
+          add_breadcrumb "Posts", admin_posts_path
+        end
+
+        def setup_new_post_form(post: nil, preserved_content: nil)
+          add_breadcrumb "Add Post", new_admin_post_path
+
+          post ||= Panda::CMS::Post.new(
+            status: "active",
+            published_at: Time.zone.now
+          )
+
+          {
+            post: post,
+            url: admin_posts_path,
+            preserved_content: preserved_content
+          }
+        end
+
+        # Only allow a list of trusted parameters through.
+        # @type private
+        # @return ActionController::StrongParameters
+        def post_params
+          params.require(:post).permit(
+            :title,
+            :slug,
+            :status,
+            :published_at,
+            :user_id,
+            :content
+          )
+        end
+      end
+    end
+  end
+end

data/app/controllers/panda/cms/admin/sessions_controller.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+module Panda
+  module CMS
+    module Admin
+      class SessionsController < ApplicationController
+        layout "panda/cms/public"
+
+        def new
+          @providers = Panda::CMS.config.authentication.select { |_, v| v[:enabled] && !v[:hidden] }.keys
+        end
+
+        def create
+          user_info = request.env.dig("omniauth.auth", "info")
+          provider = params[:provider].to_sym
+
+          unless Panda::CMS.config.authentication.dig(provider, :enabled)
+            Rails.logger.error "Authentication provider '#{provider}' is not enabled"
+            redirect_to admin_login_path, flash: {error: t("panda.cms.admin.sessions.create.error")}
+            return
+          end
+
+          user = Panda::CMS::User.find_by(email: user_info["email"])
+
+          if !user && Panda::CMS.config.authentication.dig(provider, :create_account_on_first_login)
+            create_as_admin = Panda::CMS.config.authentication.dig(provider, :create_as_admin)
+
+            # Always create the first user as admin, regardless of what our settings look like
+            # else we can't ever really login. :)
+            if !create_as_admin
+              create_as_admin = true if !create_as_admin && Panda::CMS::User.count.zero?
+            end
+
+            if user_info["first_name"] && user_info["last_name"]
+              firstname = user_info["first_name"]
+              lastname = user_info["last_name"]
+            elsif user_info["name"]
+              firstname, lastname = user_info["name"].split(" ", 2)
+            end
+
+            user = User.find_or_create_by(
+              email: user_info["email"]
+            ) do |u|
+              u.firstname = firstname
+              u.lastname = lastname
+              u.admin = create_as_admin
+              u.image_url = user_info["image"]
+            end
+          end
+
+          if user.nil?
+            # User can't be found with this email address
+            Rails.logger.error "User does not exist: #{user_info["email"]}"
+            redirect_to admin_login_path, flash: {error: t("panda.cms.admin.sessions.create.error")}
+            return
+          end
+
+          if !user.admin?
+            # User can't be found with this email address or can't login
+            Rails.logger.error "User ID #{user.id} attempted admin login, is not admin." if user && !user.admin
+            redirect_to admin_login_path, flash: {error: t("panda.cms.admin.sessions.create.error")}
+            return
+          end
+
+          session[:user_id] = user.id
+          Panda::CMS::Current.user = user
+
+          redirect_path = request.env["omniauth.origin"] || admin_dashboard_path
+          redirect_to redirect_path, flash: {success: t("panda.cms.admin.sessions.create.success")}
+        rescue ::OmniAuth::Strategies::OAuth2::CallbackError => e
+          Rails.logger.error "OAuth2 login callback error: #{e.message}"
+          redirect_to admin_login_path, flash: {error: t("panda.cms.admin.sessions.create.error")}
+        rescue ::OAuth2::Error => e
+          Rails.logger.error "OAuth2 login error: #{e.message}"
+          redirect_to admin_login_path, flash: {error: t("panda.cms.admin.sessions.create.error")}
+        rescue => e
+          Rails.logger.error "Unknown login error: #{e.message}"
+          redirect_to admin_login_path, flash: {error: t("panda.cms.admin.sessions.create.error")}
+        end
+
+        def failure
+          Rails.logger.error "Login failure: #{params[:message]} from #{params[:origin]} using #{params[:strategy]}"
+          redirect_to admin_login_path, flash: {error: t("panda.cms.admin.sessions.create.error")}
+        end
+
+        def destroy
+          Panda::CMS::Current.user = nil
+          session[:user_id] = nil
+          redirect_to admin_login_path, flash: {success: t("panda.cms.admin.sessions.destroy.success")}
+        end
+      end
+    end
+  end
+end