RubyGems - panda-cms - Versions diffs - 0.7.3 → 0.7.5 - Mend

panda-cms 0.7.3 → 0.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (182) hide show

data/app/components/panda/cms/rich_text_component.rb CHANGED Viewed

@@ -12,9 +12,7 @@ module Panda
       KIND = "rich_text"
-      attr_accessor :editable
-      attr_accessor :content
-      attr_accessor :options
+      attr_accessor :editable, :content, :options
       def initialize(key: :text_component, text: "Lorem ipsum...", editable: true, **options)
         @key = key
@@ -27,7 +25,8 @@ module Panda
       def before_render
         @editable &&= params[:embed_id].present? && params[:embed_id] == Current.page.id && Current.user.admin?
-        block = Panda::CMS::Block.find_by(kind: "rich_text", key: @key, panda_cms_template_id: Current.page.panda_cms_template_id)
+        block = Panda::CMS::Block.find_by(kind: "rich_text", key: @key,
+          panda_cms_template_id: Current.page.panda_cms_template_id)
         raise ComponentError, "Block not found for key: #{@key}" unless block
         block_content = block.block_contents.find_by(panda_cms_page_id: Current.page.id)
@@ -65,7 +64,7 @@ module Panda
                     # Ensure the content is properly structured
                     {
                       "time" => parsed["time"] || Time.current.to_i * 1000,
-                      "blocks" => parsed["blocks"].map { |block|
+                      "blocks" => parsed["blocks"].map do |block|
                         {
                           "type" => block["type"],
                           "data" => block["data"].merge(
@@ -73,7 +72,7 @@ module Panda
                           ),
                           "tunes" => block["tunes"]
                         }.compact
-                      },
+                      end,
                       "version" => parsed["version"] || "2.28.2"
                     }
                   else

data/app/components/panda/cms/text_component.rb CHANGED Viewed

@@ -25,10 +25,10 @@ module Panda
         content_tag(:span, @content, @options, false) # Don't escape the content
       rescue
         if !Rails.env.production? || is_defined?(Sentry)
-          raise Panda::CMS::MissingBlockError.new("Block with key #{@key} not found for page #{Current.page.title}")
-        else
-          false
+          raise Panda::CMS::MissingBlockError, "Block with key #{@key} not found for page #{Current.page.title}"
         end
+        false
       end
       #
@@ -45,11 +45,10 @@ module Panda
       def before_render
         @editable &&= params[:embed_id].present? && params[:embed_id] == Current.page.id
-        block = Panda::CMS::Block.find_by(kind: KIND, key: @key, panda_cms_template_id: Current.page.panda_cms_template_id)
+        block = Panda::CMS::Block.find_by(kind: KIND, key: @key,
+          panda_cms_template_id: Current.page.panda_cms_template_id)
-        if block.nil?
-          return false
-        end
+        return false if block.nil?
         block_content = block.block_contents.find_by(panda_cms_page_id: Current.page.id)
         plain_text = block_content&.content.to_s

data/app/constraints/panda/cms/admin_constraint.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Panda
   module CMS
     class AdminConstraint
@@ -11,7 +13,8 @@ module Panda
       end
       def current_user(request)
-        User.find_by(id: request.session[:user_id])
+        user_id = request.session[:user_id]
+        User.find_by(id: user_id)
       end
     end
   end

data/app/controllers/panda/cms/admin/block_contents_controller.rb CHANGED Viewed

@@ -6,7 +6,6 @@ module Panda
       class BlockContentsController < ApplicationController
         before_action :set_page, only: %i[update]
         before_action :set_block_content, only: %i[update]
-        before_action :set_paper_trail_whodunnit, only: %i[update]
         before_action :authenticate_admin_user!
         # @type PATCH/PUT

data/app/controllers/panda/cms/admin/dashboard_controller.rb CHANGED Viewed

@@ -1,19 +1,23 @@
+# frozen_string_literal: true
 require "groupdate"
 module Panda
   module CMS
-    class Admin::DashboardController < ApplicationController
-      before_action :set_initial_breadcrumb, only: %i[show]
-      before_action :authenticate_admin_user!
+    module Admin
+      class DashboardController < ApplicationController
+        before_action :set_initial_breadcrumb, only: %i[show]
+        before_action :authenticate_admin_user!
-      # GET /admin
-      def show
-      end
+        # GET /admin
+        def show
+        end
-      private
+        private
-      def set_initial_breadcrumb
-        add_breadcrumb "Dashboard", Panda::CMS.route_namespace
+        def set_initial_breadcrumb
+          add_breadcrumb "Dashboard", Panda::CMS.route_namespace
+        end
       end
     end
   end

data/app/controllers/panda/cms/admin/forms_controller.rb CHANGED Viewed

@@ -5,7 +5,6 @@ module Panda
     module Admin
       class FormsController < ApplicationController
         before_action :set_initial_breadcrumb, only: %i[index show]
-        # before_action :set_paper_trail_whodunnit, only: %i[create update]
         before_action :authenticate_admin_user!
         # Lists all forms
@@ -39,8 +38,6 @@ module Panda
           add_breadcrumb "Forms", admin_forms_path
         end
-        private
         # Only allow a list of trusted parameters through
         # @type private
         # @return ActionController::StrongParameters

data/app/controllers/panda/cms/admin/my_profile_controller.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+module Panda
+  module CMS
+    module Admin
+      class MyProfileController < ApplicationController
+        before_action :set_initial_breadcrumb, only: %i[edit update]
+        before_action :authenticate_admin_user!
+        # Shows the edit form for the current user's profile
+        # @type GET
+        # @return void
+        def edit
+          render :edit, locals: {user: current_user}
+        end
+        # Updates the current user's profile
+        # @type PATCH/PUT
+        # @return void
+        def update
+          if current_user.update(user_params)
+            flash[:success] = "Your profile has been updated successfully."
+            redirect_to edit_admin_my_profile_path
+          else
+            render :edit, locals: {user: current_user}, status: :unprocessable_entity
+          end
+        end
+        private
+        def set_initial_breadcrumb
+          add_breadcrumb "My Profile", edit_admin_my_profile_path
+        end
+        # Only allow a list of trusted parameters through
+        # @type private
+        # @return ActionController::StrongParameters
+        def user_params
+          params.require(:user).permit(:firstname, :lastname, :email, :current_theme)
+        end
+      end
+    end
+  end
+end

data/app/controllers/panda/cms/admin/pages_controller.rb CHANGED Viewed

@@ -5,7 +5,6 @@ module Panda
     module Admin
       class PagesController < ApplicationController
         before_action :set_initial_breadcrumb, only: %i[index edit new create update]
-        before_action :set_paper_trail_whodunnit, only: %i[create update]
         before_action :authenticate_admin_user!
         # Lists all pages which can be managed by the administrator
@@ -34,11 +33,20 @@ module Panda
         # POST /admin/pages
         def create
           page = Panda::CMS::Page.new(page_params)
+          # Normalize empty path to nil so presence validation triggers
+          page.path = nil if page.path.blank?
+          # Set the full path before validation if we have a parent
+          if page.parent && page.parent.path != "/" && page.path.present? && !page.path.start_with?(page.parent.path)
+            # Only prepend parent path if it's not already included
+            page.path = page.parent.path + page.path
+          end
           if page.save
-            page.update(path: page.parent.path + page.path) unless page.parent.path == "/"
             redirect_to edit_admin_page_path(page), notice: "The page was successfully created."
           else
-            flash[:error] = "There was an error creating the page."
+            flash.now[:error] = page.errors.full_messages.to_sentence
             locals = setup_new_page_form(page: page)
             render :new, locals: locals, status: :unprocessable_entity
           end
@@ -76,7 +84,10 @@ module Panda
         def setup_new_page_form(page:)
           add_breadcrumb "Add Page", new_admin_page_path
-          {page: page}
+          {
+            page: page,
+            available_templates: Panda::CMS::Template.available
+          }
         end
         # Only allow a list of trusted parameters through.

data/app/controllers/panda/cms/admin/posts_controller.rb CHANGED Viewed

@@ -6,8 +6,7 @@ module Panda
   module CMS
     module Admin
       class PostsController < ApplicationController
-        before_action :set_initial_breadcrumb, only: %i[index new edit create update]
-        before_action :set_paper_trail_whodunnit, only: %i[create update]
+        before_action :set_initial_breadcrumb, only: %i[index edit new create update]
         before_action :authenticate_admin_user!
         # Get all posts
@@ -29,20 +28,7 @@ module Panda
         # @type GET
         def edit
           add_breadcrumb post.title, edit_admin_post_path(post.admin_param)
-          # Get the latest version's content or fall back to post's content
-          preserved_content = if post.versions.exists?
-            reified_post = post.versions.last.reify
-            reified_post&.content || post.content
-          else
-            post.content
-          end
-          render :edit, locals: {
-            post: post,
-            url: admin_post_path(post.admin_param),
-            preserved_content: preserved_content
-          }
+          render :edit, locals: {post: post}
         end
         # POST /admin/posts
@@ -53,7 +39,7 @@ module Panda
           if @post.save
             Rails.logger.debug "Post saved successfully"
-            redirect_to edit_admin_post_path(@post.admin_param), success: "The post was successfully created!"
+            redirect_to edit_admin_post_path(@post.admin_param), notice: "The post was successfully created!"
           else
             Rails.logger.debug "Post save failed: #{@post.errors.full_messages.inspect}"
             flash.now[:error] = @post.errors.full_messages.join(", ")
@@ -75,17 +61,15 @@ module Panda
           if post.update(update_params)
             Rails.logger.debug "Post updated successfully"
             add_breadcrumb post.title, edit_admin_post_path(post.admin_param)
-            redirect_to edit_admin_post_path(post.admin_param),
-              status: :see_other,
-              flash: {success: "The post was successfully updated!"}
+            flash[:success] = "The post was successfully updated"
+            redirect_to edit_admin_post_path(post.admin_param), status: :see_other
           else
             Rails.logger.debug "Post update failed: #{post.errors.full_messages.inspect}"
             Rails.logger.debug "Preserving content: #{post_params[:content].inspect}"
-            flash[:error] = post.errors.full_messages.join(", ")
             add_breadcrumb post.title.presence || "Edit Post", edit_admin_post_path(post.admin_param)
+            flash.now[:error] = post.errors.full_messages.join(", ")
             render :edit, locals: {
               post: post,
-              url: admin_post_path(post.admin_param),
               preserved_content: post_params[:content]
             }, status: :unprocessable_entity
           end

data/app/controllers/panda/cms/admin/sessions_controller.rb CHANGED Viewed

@@ -27,9 +27,7 @@ module Panda
             # Always create the first user as admin, regardless of what our settings look like
             # else we can't ever really login. :)
-            if !create_as_admin
-              create_as_admin = true if !create_as_admin && Panda::CMS::User.count.zero?
-            end
+            create_as_admin = true if !create_as_admin && Panda::CMS::User.count.zero?
             if user_info["first_name"] && user_info["last_name"]
               firstname = user_info["first_name"]
@@ -55,9 +53,9 @@ module Panda
             return
           end
-          if !user.admin?
+          unless user.admin?
             # User can't be found with this email address or can't login
-            Rails.logger.error "User ID #{user.id} attempted admin login, is not admin." if user && !user.admin
+            Rails.logger.error "User ID #{user.id} attempted admin login, is not admin."
             redirect_to admin_login_path, flash: {error: t("panda.cms.admin.sessions.create.error")}
             return
           end

data/app/controllers/panda/cms/admin/settings/bulk_editor_controller.rb CHANGED Viewed

@@ -1,36 +1,43 @@
+# frozen_string_literal: true
 module Panda
   module CMS
-    class Admin::Settings::BulkEditorController < ApplicationController
-      before_action :set_initial_breadcrumb, only: %i[new]
+    module Admin
+      module Settings
+        class BulkEditorController < ApplicationController
+          before_action :set_initial_breadcrumb, only: %i[new]
-      def new
-        @json_data = BulkEditor.export
-      end
+          def new
+            @json_data = BulkEditor.export
+          end
-      def create
-        begin
-          debug_output = BulkEditor.import(params[:site_content])
-        rescue JSON::ParserError
-          redirect_to admin_settings_bulk_editor_path, flash: {error: "Error parsing content; are you sure this update is valid? Reverting..."}
-          return
-        end
+          def create
+            begin
+              debug_output = BulkEditor.import(params[:site_content])
+            rescue JSON::ParserError
+              redirect_to admin_settings_bulk_editor_path,
+                flash: {error: "Error parsing content; are you sure this update is valid? Reverting..."}
+              return
+            end
-        # Grab the latest content back so it's all formatted properly
-        @json_data = BulkEditor.export
+            # Grab the latest content back so it's all formatted properly
+            @json_data = BulkEditor.export
-        if debug_output[:error].empty? && debug_output[:warning].empty? && debug_output[:success].empty?
-          redirect_to admin_settings_bulk_editor_path, flash: {success: "No changes were found!"}
-        else
-          @debug = debug_output
-          render :new, flash: {warning: "Please review the output below for more information."}
-        end
-      end
+            if debug_output[:error].empty? && debug_output[:warning].empty? && debug_output[:success].empty?
+              redirect_to admin_settings_bulk_editor_path, flash: {success: "No changes were found!"}
+            else
+              @debug = debug_output
+              render :new, flash: {warning: "Please review the output below for more information."}
+            end
+          end
-      private
+          private
-      def set_initial_breadcrumb
-        add_breadcrumb "Settings", admin_settings_path
-        add_breadcrumb "Bulk Editor", "#"
+          def set_initial_breadcrumb
+            add_breadcrumb "Settings", admin_settings_path
+            add_breadcrumb "Bulk Editor", "#"
+          end
+        end
       end
     end
   end

data/app/controllers/panda/cms/admin/settings_controller.rb CHANGED Viewed

@@ -1,19 +1,23 @@
+# frozen_string_literal: true
 module Panda
   module CMS
-    class Admin::SettingsController < ApplicationController
-      before_action :set_initial_breadcrumb, only: %i[index show]
-      before_action :authenticate_admin_user!
+    module Admin
+      class SettingsController < ApplicationController
+        before_action :set_initial_breadcrumb, only: %i[index show]
+        before_action :authenticate_admin_user!
-      def index
-      end
+        def index
+        end
-      def show
-      end
+        def show
+        end
-      private
+        private
-      def set_initial_breadcrumb
-        add_breadcrumb "Settings", admin_settings_path
+        def set_initial_breadcrumb
+          add_breadcrumb "Settings", admin_settings_path
+        end
       end
     end
   end

data/app/controllers/panda/cms/application_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Panda
   module CMS
     class ApplicationController < ::ActionController::Base
@@ -37,11 +39,14 @@ module Panda
       end
       def authenticate_user!
-        redirect_to root_path, flash: {error: "Please login to view this!"} unless user_signed_in?
+        redirect_to main_app.root_path, flash: {error: "Please login to view this!"} unless user_signed_in?
       end
       def authenticate_admin_user!
-        redirect_to root_path, flash: {error: "Please login to view this!"} unless user_signed_in? && current_user.admin?
+        return if user_signed_in? && current_user.admin?
+        redirect_to admin_login_path,
+          flash: {error: "Please login to view this!"}
       end
       # Required for paper_trail and seems as good as convention these days

data/app/controllers/panda/cms/errors_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Panda
   module CMS
     class ErrorsController < ApplicationController
@@ -5,7 +7,8 @@ module Panda
       def show
         exception = request.env["action_dispatch.exception"]
-        status_code = exception.try(:status_code) || ActionDispatch::ExceptionWrapper.new(request.env, exception).status_code
+        status_code = exception.try(:status_code) || ActionDispatch::ExceptionWrapper.new(request.env,
+          exception).status_code
         render view_for_code(status_code), status: status_code
       end
@@ -17,7 +20,7 @@ module Panda
       private
       def view_for_code(code)
-        supported_error_codes.fetch(code) { "404" }
+        supported_error_codes.fetch(code, "404")
       end
       def supported_error_codes

data/app/controllers/panda/cms/form_submissions_controller.rb CHANGED Viewed

@@ -1,6 +1,10 @@
+# frozen_string_literal: true
 module Panda
   module CMS
     class FormSubmissionsController < ApplicationController
+      invisible_captcha only: [:create]
       def create
         vars = params.except(:authenticity_token, :controller, :action, :id)

data/app/controllers/panda/cms/pages_controller.rb CHANGED Viewed

@@ -1,11 +1,13 @@
+# frozen_string_literal: true
 module Panda
   module CMS
     class PagesController < ApplicationController
       include ActionView::Helpers::TagHelper
-      before_action :check_login_required, only: [:root, :show]
-      before_action :handle_redirects, only: [:root, :show]
-      after_action :record_visit, only: [:root, :show], unless: :ignore_visit?
+      before_action :check_login_required, only: %i[root show]
+      before_action :handle_redirects, only: %i[root show]
+      after_action :record_visit, only: %i[root show], unless: :ignore_visit?
       def root
         params[:path] = ""
@@ -14,15 +16,13 @@ module Panda
       def show
         page = if @overrides&.dig(:page_path_match)
-          Panda::CMS::Page.find_by(path: @overrides.dig(:page_path_match))
+          Panda::CMS::Page.find_by(path: @overrides[:page_path_match])
         else
-          Panda::CMS::Page.find_by(path: "/" + params[:path].to_s)
+          Panda::CMS::Page.find_by(path: "/#{params[:path]}")
         end
         Panda::CMS::Current.page = page || Panda::CMS::Page.find_by(path: "/404")
-        if @overrides
-          Panda::CMS::Current.page.title = @overrides&.dig(:title) || page.title
-        end
+        Panda::CMS::Current.page.title = @overrides&.dig(:title) || page.title if @overrides
         layout = page&.template&.file_path
@@ -42,59 +42,64 @@ module Panda
       private
       def handle_redirects
-        current_path = "/" + params[:path].to_s
+        current_path = "/#{params[:path]}"
         redirect = Panda::CMS::Redirect.find_by(origin_path: current_path)
-        if redirect
-          redirect.increment!(:visits)
+        return unless redirect
-          # Check if the destination is also a redirect
-          next_redirect = Panda::CMS::Redirect.find_by(origin_path: redirect.destination_path)
-          if next_redirect
-            next_redirect.increment!(:visits)
-            redirect_to next_redirect.destination_path, status: redirect.status_code and return
-          end
+        redirect.increment!(:visits)
-          redirect_to redirect.destination_path, status: redirect.status_code and return
+        # Check if the destination is also a redirect
+        next_redirect = Panda::CMS::Redirect.find_by(origin_path: redirect.destination_path)
+        if next_redirect
+          next_redirect.increment!(:visits)
+          redirect_to next_redirect.destination_path, status: redirect.status_code and return
         end
+        redirect_to redirect.destination_path, status: redirect.status_code and return
       end
       def check_login_required
-        if Panda::CMS.config.require_login_to_view && !user_signed_in?
-          redirect_to panda_cms_maintenance_path and return
-        end
+        return unless Panda::CMS.config.require_login_to_view && !user_signed_in?
+        redirect_to panda_cms_maintenance_path and return
       end
       def ignore_visit?
         # Ignore visits from bots (TODO: make this configurable)
         return true if /bot/i.match?(request.user_agent)
         # Ignore visits from Honeybadger
-        return true if request.headers.to_h.key? "Honeybadger-Token"
+        if request.headers.to_h.key?("Honeybadger-Token") || request.user_agent == "Honeybadger Uptime Check"
+          return true
+        end
+        # Ignore visits where we're asking for PHP files
+        return true if request.path.ends_with?(".php")
+        # Otherwise, record the visit
         false
       end
       def record_visit
         RecordVisitJob.perform_later(
-          url: request.url,
+          path: request.path,
+          user_id: Current.user&.id,
+          redirect_id: @redirect&.id,
+          page_id: Current.page&.id,
           user_agent: request.user_agent,
-          referrer: request.referrer,
           ip_address: request.remote_ip,
-          page_id: Panda::CMS::Current.page&.id,
-          current_user_id: current_user&.id,
-          params: params.to_unsafe_h.except(:controller, :action, :path),
-          visited_at: Time.zone.now
+          referer: request.referer, # TODO: Fix the naming of this column
+          params: request.parameters
         )
       end
       def create_redirect_if_path_changed
-        if path_changed? && path_was.present?
-          Panda::CMS::Redirect.create!(
-            origin_path: path_was,
-            destination_path: path,
-            status_code: 301
-          )
-        end
+        return unless path_changed? && path_was.present?
+        Panda::CMS::Redirect.create!(
+          origin_path: path_was,
+          destination_path: path,
+          status_code: 301
+        )
       end
     end
   end

data/app/controllers/panda/cms/posts_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Panda
   module CMS
     class PostsController < ApplicationController

data/app/helpers/panda/cms/admin/files_helper.rb CHANGED Viewed

@@ -1,6 +1,10 @@
+# frozen_string_literal: true
 module Panda
   module CMS
-    module Admin::FilesHelper
+    module Admin
+      module FilesHelper
+      end
     end
   end
 end

data/app/helpers/panda/cms/admin/pages_helper.rb CHANGED Viewed

@@ -1,6 +1,10 @@
+# frozen_string_literal: true
 module Panda
   module CMS
-    module Admin::PagesHelper
+    module Admin
+      module PagesHelper
+      end
     end
   end
 end