proclaim 0.1.0

data/app/assets/javascripts/proclaim/images.js.coffee

@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/

data/app/assets/javascripts/proclaim/subscriptions.js.coffee

@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/

data/app/assets/stylesheets/proclaim.css.scss

@@ -0,0 +1,28 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require font-awesome
+ *= require medium-editor/medium-editor
+ *= require medium-editor/themes/mani
+ *= require medium-editor-insert-plugin.min
+ *= require_tree .
+ *= require_self
+ */
+
+div.loading
+{
+	width: 100%;
+	height: 32px;
+	background-image: image_url("ajax_loader.gif");
+	background-repeat: no-repeat;
+	background-position: center;
+}

data/app/assets/stylesheets/proclaim/comments.css.scss

@@ -0,0 +1,14 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/
+
+.replies
+{
+	margin-left: 50px;
+}
+
+p.comment_author
+{
+	font-style: italic;
+}

data/app/assets/stylesheets/proclaim/images.scss

@@ -0,0 +1,3 @@
+// Place all the styles related to the Images controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/

data/app/assets/stylesheets/proclaim/posts.css.scss

@@ -0,0 +1,77 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/
+
+h1.post_title
+{
+	text-align: center;
+	padding-bottom: 10px;
+	font-weight: bold;
+	border-bottom: solid 1px #ddd;
+}
+
+div.post_information
+{
+	border-top: solid 1px #ddd;
+	border-bottom: solid 1px #ddd;
+	padding: 10px;
+	clear: both;
+}
+
+div.post_excerpt_information
+{
+	font-size: 13px;
+	color: rgba(0, 0, 0, 0.3);
+	margin-top: 10px;
+}
+
+input.datetime_picker
+{
+	cursor: pointer;
+}
+
+.editable
+{
+	&:focus
+	{
+		outline: none;
+	}
+}
+
+.mediumInsert
+{
+	margin: -1em 0 0 0;
+}
+
+div.post_body.show .mediumInsert
+{
+	margin: 0px !important;
+
+	.mediumInsert-images img
+	{
+		margin: 0px;
+	}
+
+}
+
+figure.mediumInsert-images
+{
+	text-align: center;
+}
+
+.medium-editor-insert-plugin p
+{
+	margin: 0px 0px 10px;
+	box-sizing: border-box;
+}
+
+.medium-editor-placeholder:after
+{
+	position: relative;
+}
+
+h1.post_title.editable:after
+{
+	text-align: center;
+}

data/app/assets/stylesheets/proclaim/subscriptions.css.scss

@@ -0,0 +1,3 @@
+// Place all the styles related to the Subscriptions controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/

data/app/controllers/proclaim/application_controller.rb

@@ -0,0 +1,44 @@
+class Proclaim::ApplicationController < ApplicationController
+	include Pundit
+
+	rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+
+	private
+
+	def user_not_authorized
+		flash[:error] = "You are not authorized to perform this action."
+		redirect_to(request.referrer || root_path)
+	end
+
+	def authenticate_author
+		begin
+			send(Proclaim.authentication_method)
+		rescue NoMethodError
+			raise "Proclaim doesn't know how to authenticate users! Please" \
+			      " ensure that `Proclaim.authentication_path` is valid."
+		end
+	end
+
+	def current_author
+		begin
+			send(Proclaim.current_author_method)
+		rescue NoMethodError
+			raise "Proclaim doesn't know how to get the current author! Please" \
+			      " ensure that `Proclaim.current_author_method` is valid."
+		end
+	end
+
+	def pundit_user
+		current_author
+	end
+
+	def image_id_and_name_from_url(url)
+		match = url.match(/([^\/]*?)\/([^\/]*)\z/)
+
+		return match[1], match[2]
+	end
+
+	def cache_name_from_url(url)
+		url.match(/[^\/]*?\/[^\/]*\z/)
+	end
+end

data/app/controllers/proclaim/comments_controller.rb

@@ -0,0 +1,128 @@
+require_dependency "proclaim/application_controller"
+
+module Proclaim
+	class CommentsController < ApplicationController
+		before_action :authenticate_author, only: [:destroy]
+		after_action :verify_authorized
+		before_action :set_comment, only: [:update, :destroy]
+
+		def create
+			@comment = Comment.new(comment_params)
+
+			begin
+				authorize @comment
+
+				if antispam_params[:answer] == antispam_params[:solution]
+					subscription = nil
+					params = subscription_params
+					if params and params[:subscribe]
+						subscription = Subscription.new(email: params[:email], post: @comment.post)
+					end
+
+					respond_to do |format|
+						begin
+							Comment.transaction do
+								@comment.save!
+
+								if subscription
+									subscription.save!
+								end
+
+								format.json { render_comment_json(@comment) }
+							end
+						rescue ActiveRecord::RecordInvalid
+							errorMessages = Array.new
+							errorMessages += @comment.errors.full_messages
+
+							if subscription
+								errorMessages += subscription.errors.full_messages
+							end
+
+							format.json { render json: errorMessages, status: :unprocessable_entity }
+						end
+					end
+				else
+					respond_to do |format|
+						format.json { render json: ["Antispam question wasn't answered correctly"], status: :unprocessable_entity }
+					end
+				end
+			rescue Pundit::NotAuthorizedError
+				respond_to do |format|
+					# Don't leak that the post actually exists. Turn the
+					# "unauthorized" into a "not found"
+					format.json { render json: true, status: :not_found }
+				end
+			end
+		end
+
+		def update
+			begin
+				authorize @comment
+
+				respond_to do |format|
+					if @comment.update(comment_params)
+						format.json { render_comment_json(@comment) }
+					else
+						format.json { render json: @comment.errors.full_messages, status: :unprocessable_entity }
+					end
+				end
+			rescue Pundit::NotAuthorizedError
+				respond_to do |format|
+					format.json { render json: true, status: :unauthorized }
+				end
+			end
+		end
+
+		def destroy
+			begin
+				authorize @comment
+
+				respond_to do |format|
+					@comment.destroy
+					format.json { render json: true, status: :ok }
+				end
+			rescue Pundit::NotAuthorizedError
+				respond_to do |format|
+					format.json { render json: true, status: :unauthorized }
+				end
+			end
+		end
+
+		private
+
+		def set_comment
+			@comment = Comment.find(params[:id])
+		end
+
+		def render_comment_json(comment)
+			render json: {
+				id: comment.id,
+				html: comment_to_html(comment)
+			}
+		end
+
+		def comment_to_html(comment)
+			view_context.comments_tree_for(comment.hash_tree)
+		end
+
+		# Only allow a trusted parameter "white list" through.
+		def comment_params
+			params.require(:comment).permit(:body,
+			                                :author,
+			                                :post_id,
+			                                :parent_id)
+		end
+
+		def subscription_params
+			if params[:subscription]
+				params.require(:subscription).permit(:subscribe,
+			                                        :email)
+			end
+		end
+
+		def antispam_params
+			params.require(:antispam).permit(:solution,
+			                                 :answer)
+		end
+	end
+end

data/app/controllers/proclaim/images_controller.rb

@@ -0,0 +1,108 @@
+require_dependency "proclaim/application_controller"
+
+module Proclaim
+	class ImagesController < ApplicationController
+		after_action :verify_authorized
+
+		def create
+			@image = Image.new(post_id: image_params[:post_id])
+
+			begin
+				authorize @image
+
+				@image.image = image_params[:image]
+
+				respond_to do |format|
+					if @image.save
+						format.json { render json: @image.image.url }
+					else
+						format.json { render json: @image.errors.full_messages, status: :unprocessable_entity }
+					end
+				end
+			rescue Pundit::NotAuthorizedError
+				respond_to do |format|
+					format.json { render json: true, status: :unauthorized }
+				end
+			end
+		end
+
+		def cache
+			@image = Image.new
+
+			begin
+				authorize @image
+
+				@image.image = file_params[:file]
+
+				respond_to do |format|
+					format.json { render json: @image.image.url }
+				end
+			rescue Pundit::NotAuthorizedError
+				respond_to do |format|
+					format.json { render json: true, status: :unauthorized }
+				end
+			end
+		end
+
+		def discard
+			url = file_params[:file]
+			image_id = nil
+
+			# Is this a cached image?
+			if (url.include? Proclaim::ImageUploader.cache_dir)
+				# If so, retrieve it from the cache
+				@image = Image.new
+				@image.image.retrieve_from_cache!(cache_name_from_url(url))
+			else
+				# If not, retrieve it from the database
+				image_id, image_name = image_id_and_name_from_url(url)
+				@image = Image.find(image_id)
+			end
+
+			begin
+				authorize @image
+
+				if @image.new_record?
+					@image.image.remove!
+				end
+
+				respond_to do |format|
+					format.json { render json: {id: image_id}, status: :ok }
+				end
+			rescue Pundit::NotAuthorizedError
+				respond_to do |format|
+					format.json { render json: true, status: :unauthorized }
+				end
+			end
+		end
+
+		def destroy
+			@image = Image.find(params[:id])
+
+			begin
+				authorize @image
+
+				respond_to do |format|
+					@image.destroy
+					format.json { render json: true, status: :ok }
+				end
+			rescue Pundit::NotAuthorizedError
+				respond_to do |format|
+					format.json { render json: true, status: :unauthorized }
+				end
+			end
+		end
+
+		private
+
+		# Only allow a trusted parameter "white list" through.
+		def image_params
+			params.require(:image).permit(:post_id,
+			                              :image)
+		end
+
+		def file_params
+			params.permit(:file)
+		end
+	end
+end

data/app/controllers/proclaim/posts_controller.rb

@@ -0,0 +1,131 @@
+require_dependency "proclaim/application_controller"
+
+module Proclaim
+	class PostsController < ApplicationController
+		before_action :authenticate_author, except: [:index, :show]
+		after_action :verify_authorized, except: :index
+		after_action :verify_policy_scoped, only: :index
+		before_action :set_post, only: [:show, :edit, :update, :destroy]
+
+		# GET /posts
+		def index
+			@posts = policy_scope(Post)
+			authorize Post
+		end
+
+		# GET /posts/1
+		def show
+			begin
+				authorize @post
+			rescue Pundit::NotAuthorizedError
+				# Don't leak that this resource actually exists. Turn the
+				# "permission denied" into a "not found"
+				raise ActiveRecord::RecordNotFound
+			end
+		end
+
+		# GET /posts/new
+		def new
+			@post = Post.new(author: current_author)
+			authorize @post
+		end
+
+		# GET /posts/1/edit
+		def edit
+			authorize @post
+		end
+
+		# POST /posts
+		def create
+			@post = Post.new(post_params)
+			@post.author = current_author
+
+			if params[:publish] == "true"
+				@post.publish
+			end
+
+			authorize @post
+
+			if @post.valid?
+				# Save and rewrite each image in Carrierwave's cache
+				@post.body = saved_and_rewrite_cached_images(@post.body)
+
+				@post.save
+
+				redirect_to @post, notice: 'Post was successfully created.'
+			else
+				render :new
+			end
+		end
+
+		# PATCH/PUT /posts/1
+		def update
+			@post.assign_attributes(post_params)
+
+			if (params[:publish] == "true") and not @post.published?
+				@post.publish
+				@post.author = current_author # Reassign author when it's published
+			end
+
+			authorize @post
+
+			if @post.valid?
+				# Save and rewrite each image in Carrierwave's cache
+				@post.body = saved_and_rewrite_cached_images(@post.body)
+
+				@post.save
+
+				redirect_to @post, notice: 'Post was successfully updated.'
+			else
+				render :edit
+			end
+		end
+
+		# DELETE /posts/1
+		def destroy
+			authorize @post
+
+			@post.destroy
+			redirect_to posts_url, notice: 'Post was successfully destroyed.'
+		end
+
+		private
+
+		# Use callbacks to share common setup or constraints between actions.
+		def set_post
+			@post = Post.find(params[:id])
+		end
+
+		# Only allow a trusted parameter "white list" through.
+		def post_params
+			# Ensure post title is sanitized of all HTML
+			if params[:post].include? :title
+				params[:post][:title] = Rails::Html::FullSanitizer.new.sanitize(params[:post][:title])
+			end
+
+			params.require(:post).permit(:title,
+			                             :body,
+			                             images_attributes: [:id, :image, :_destroy])
+		end
+
+		def saved_and_rewrite_cached_images(body)
+			document = Nokogiri::HTML.fragment(body)
+			cache_path = ImageUploader.cache_dir
+			document.css("img").each do |image_tag|
+				url = image_tag.attributes["src"].value
+				if url.include? cache_path
+					cache_name = cache_name_from_url(url)
+					if cache_name
+						image = @post.images.build
+						image.image.retrieve_from_cache!(cache_name)
+						image.save
+
+						image_tag.attributes["src"].value = image.image.url
+					end
+				end
+			end
+
+			document.inner_html
+		end
+	end
+end