radiant-reader-extension 0.9.2

data/.gitignore

@@ -0,0 +1,2 @@
+spec/spec_report.html
+.DS_Store

data/README.md

@@ -0,0 +1,89 @@
+# Reader
+
+This is a framework that takes care of all the dull bits of registering, activating, reminding, logging in and editing preferences for your site visitors. 
+
+It uses authlogic to handle sessions and provides complete interfaces both for the administrator and the visitor. The admin interface is basic and fits in with radiant. The visitor interface is more friendly (and incidentally includes a trick email field - so-called inverse captcha - that should prevent spam signups).
+
+The visitors are referred to as 'readers' here. Readers never see the admin interface, but your site authors and admins are automatically given reader status.
+
+The purpose of this extension is to provide a common core that supports other visitor-facing machinery. See for example our [forum extension](http://github.com/spanner/radiant-forum-extension) for discussions and page/blog comments, [reader groups](http://github.com/spanner/radiant-reader_group-extension) for proper page-access control and [downloads extension](http://github.com/spanner/radiant-downloads-extension) for secure access-controlled file downloads. More will follow and I hope other people will make use of this too.
+
+## Latest
+
+* New configuration interface
+
+* Provisionally updated for 0.9, but still being tweaked and tested: not definitely stable yet
+
+* I'm about to start cleaning out the messaging interface. Some of its extra clutter will be moved into a newsletter extension so that here we can concentrate on making administrative messages easy to edit.
+
+## Status
+
+Compatible with radiant 0.9 but currently undergoing some renovation.
+
+Tests are thorough. A lot of our work relies on this extension.
+
+## Requirements
+
+Radiant 0.8.1 (we need the new config machinery) or 0.9. [share_layouts](http://github.com/spanner/radiant-share-layouts-extension) (currently you need our version, which works with ActionMailer too). If you're on 0.8.1 you will probably want the  [submenu](https://github.com/spanner/radiant-submenu-extension/tree) extension too.
+
+You also need three gems (in addition to those that radiant requires): authlogic, gravtastic and sanitize. They're declared in the extension so you should be able just to run
+
+	sudo rake gems:install
+
+Sanitize uses nokogiri, which needs libxml2 and libxslt: you may need to go off and install those first. You will also need to put
+
+	gem 'authlogic'
+
+in your environment.rb before you can migrate anything. Authlogic has to load before anything else calls `require ApplicationController`.
+
+## Installation
+
+	git submodule add git://github.com/spanner/radiant-reader-extension.git vendor/extensions/reader
+	rake radiant:extensions:reader:migrate
+	rake radiant:extensions:reader:update
+
+The update task will install a /stylesheets/admin/reader.css that you can leave alone and a /stylesheets/reader.css that you should call from your reader layout (see below) and will want to improve upon. There is also a very thin /javascripts/reader.js: all it does is fade notifications. The forum extension has a lot more javascripts for you to deplore.
+
+## Configuration
+
+If you want to allow public registration, set `reader.allow_registration?` to true in your configuration. If it is false, then reader accounts can only be created by the administrator.
+
+Under multi_site Reader adds a `reader_layout` column to the site table and a layout-chooser to the site-edit view. In a single-site installation you will also need these configuration entries:
+
+* reader.layout (should be the name of a radiant layout)
+* site.name
+* site.url
+
+The latter two are used in email notifications.
+
+## Layouts
+
+We use the share_layouts extension to wrap the layout of your public site around the pages produced by the reader extension. You can designate any layout as the 'reader layout': in a single-site installation put the name of the layout in a `reader.layout` config entry. In a multi-site installation you'll find a 'reader layout' dropdown on the 'edit site' page. Choose the one you want to use for each site.
+
+The layout of the layout is up to you: from our point of view all it has to do is call `<r:content />` at some point. Ideally it will call `<r:content part="pagetitle" />` too. There is also a `breadcrumbs` part if that's required. In many cases you can just use your existing site layout and the various forms and pages will drop into its usual compartments.
+
+## Using readers in other extensions
+
+The reader admin pages are properly registered with the AdminUI as collections of parts, so you can override them in the same way as the other admin pages.
+
+Most of your reader-facing controllers will want to inherit from `ReaderActionController`.
+
+Marking a reader as untrusted does nothing here apart from making them go red, but we assume that in other extensions it will have some limiting effect.
+
+## See also
+
+* [reader_group](http://github.com/spanner/radiant-reader_group-extension)
+* [downloads](http://github.com/spanner/radiant-downloads-extension)
+* [forum](http://github.com/spanner/radiant-forum-extension)
+* [group_forum](http://github.com/spanner/radiant-group_forum-extension)
+
+## Bugs and comments
+
+[Github issues](http://github.com/spanner/radiant-reader-extension/issues), please, or for little things an email or github message is fine.
+
+## Author and copyright
+
+* Copyright spanner ltd 2007-9.
+* Released under the same terms as Rails and/or Radiant.
+* Contact will at spanner.org
+

data/Rakefile

@@ -0,0 +1,140 @@
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "radiant-reader-extension"
+    gem.summary = %Q{User-services extension for Radiant CMS}
+    gem.description = %Q{Centralises reader/member/user registration and management tasks for the benefit of other extensions}
+    gem.email = "will@spanner.org"
+    gem.homepage = "http://github.com/spanner/radiant-reader-extension"
+    gem.authors = ["spanner"]
+    gem.add_dependency "radiant", ">= 0.9.0"
+    gem.add_dependency 'radiant-layouts-extension'
+    gem.add_dependency 'radiant-mailer_layouts-extension'
+    gem.add_dependency 'authlogic'
+    gem.add_dependency 'sanitize'
+  end
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. This is only required if you plan to package reader as a gem."
+end
+
+# In rails 1.2, plugins aren't available in the path until they're loaded.
+# Check to see if the rspec plugin is installed first and require
+# it if it is.  If not, use the gem version.
+
+# Determine where the RSpec plugin is by loading the boot
+unless defined? RADIANT_ROOT
+  ENV["RAILS_ENV"] = "test"
+  case
+  when ENV["RADIANT_ENV_FILE"]
+    require File.dirname(ENV["RADIANT_ENV_FILE"]) + "/boot"
+  when File.dirname(__FILE__) =~ %r{vendor/radiant/vendor/extensions}
+    require "#{File.expand_path(File.dirname(__FILE__) + "/../../../../../")}/config/boot"
+  else
+    require "#{File.expand_path(File.dirname(__FILE__) + "/../../../")}/config/boot"
+  end
+end
+
+require 'rake'
+require 'rake/rdoctask'
+require 'rake/testtask'
+
+rspec_base = File.expand_path(RADIANT_ROOT + '/vendor/plugins/rspec/lib')
+$LOAD_PATH.unshift(rspec_base) if File.exist?(rspec_base)
+require 'spec/rake/spectask'
+require 'cucumber'
+require 'cucumber/rake/task'
+
+# Cleanup the RADIANT_ROOT constant so specs will load the environment
+Object.send(:remove_const, :RADIANT_ROOT)
+
+extension_root = File.expand_path(File.dirname(__FILE__))
+
+task :default => :spec
+task :stats => "spec:statsetup"
+
+desc "Run all specs in spec directory"
+Spec::Rake::SpecTask.new(:spec) do |t|
+  t.spec_opts = ['--options', "\"#{extension_root}/spec/spec.opts\""]
+  t.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+task :features => 'spec:integration'
+
+namespace :spec do
+  desc "Run all specs in spec directory with RCov"
+  Spec::Rake::SpecTask.new(:rcov) do |t|
+    t.spec_opts = ['--options', "\"#{extension_root}/spec/spec.opts\""]
+    t.spec_files = FileList['spec/**/*_spec.rb']
+    t.rcov = true
+    t.rcov_opts = ['--exclude', 'spec', '--rails']
+  end
+  
+  desc "Print Specdoc for all specs"
+  Spec::Rake::SpecTask.new(:doc) do |t|
+    t.spec_opts = ["--format", "specdoc", "--dry-run"]
+    t.spec_files = FileList['spec/**/*_spec.rb']
+  end
+
+  [:models, :controllers, :views, :helpers].each do |sub|
+    desc "Run the specs under spec/#{sub}"
+    Spec::Rake::SpecTask.new(sub) do |t|
+      t.spec_opts = ['--options', "\"#{extension_root}/spec/spec.opts\""]
+      t.spec_files = FileList["spec/#{sub}/**/*_spec.rb"]
+    end
+  end
+  
+  desc "Run the Cucumber features"
+  Cucumber::Rake::Task.new(:integration) do |t|
+    t.fork = true
+    t.cucumber_opts = ['--format', (ENV['CUCUMBER_FORMAT'] || 'pretty')]
+    # t.feature_pattern = "#{extension_root}/features/**/*.feature"
+    t.profile = "default"
+  end
+
+  # Setup specs for stats
+  task :statsetup do
+    require 'code_statistics'
+    ::STATS_DIRECTORIES << %w(Model\ specs spec/models)
+    ::STATS_DIRECTORIES << %w(View\ specs spec/views)
+    ::STATS_DIRECTORIES << %w(Controller\ specs spec/controllers)
+    ::STATS_DIRECTORIES << %w(Helper\ specs spec/views)
+    ::CodeStatistics::TEST_TYPES << "Model specs"
+    ::CodeStatistics::TEST_TYPES << "View specs"
+    ::CodeStatistics::TEST_TYPES << "Controller specs"
+    ::CodeStatistics::TEST_TYPES << "Helper specs"
+    ::STATS_DIRECTORIES.delete_if {|a| a[0] =~ /test/}
+  end
+
+  namespace :db do
+    namespace :fixtures do
+      desc "Load fixtures (from spec/fixtures) into the current environment's database.  Load specific fixtures using FIXTURES=x,y"
+      task :load => :environment do
+        require 'active_record/fixtures'
+        ActiveRecord::Base.establish_connection(RAILS_ENV.to_sym)
+        (ENV['FIXTURES'] ? ENV['FIXTURES'].split(/,/) : Dir.glob(File.join(RAILS_ROOT, 'spec', 'fixtures', '*.{yml,csv}'))).each do |fixture_file|
+          Fixtures.create_fixtures('spec/fixtures', File.basename(fixture_file, '.*'))
+        end
+      end
+    end
+  end
+end
+
+desc 'Generate documentation for the reader extension.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ReaderExtension'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+# For extensions that are in transition
+desc 'Test the reader extension.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+# Load any custom rakefiles for extension
+Dir[File.dirname(__FILE__) + '/tasks/*.rake'].sort.each { |f| require f }

data/VERSION

@@ -0,0 +1 @@
+0.9.2

data/app/controllers/admin/messages_controller.rb

@@ -0,0 +1,20 @@
+class Admin::MessagesController < Admin::ResourceController
+  before_filter :set_function, :only => :new
+  
+  def index
+    redirect_to admin_reader_settings_url
+  end
+  
+protected
+
+  def continue_url(options)
+    admin_reader_settings_url
+  end
+
+  def set_function
+    if params[:function]
+      @message.function_id = params[:function]
+    end
+  end
+
+end

data/app/controllers/admin/reader_settings_controller.rb

@@ -0,0 +1,92 @@
+class Admin::ReaderSettingsController < ApplicationController
+  only_allow_access_to :show, :edit, :update,
+    :when => [:admin],
+    :denied_url => { :controller => 'admin/reader_settings', :action => 'index' },
+    :denied_message => 'You must have admin privileges to edit reader settings.'
+  
+  before_filter :default_settings
+  before_filter :get_setting, :only => [:show, :edit, :update]
+  
+  cattr_accessor :settable
+  # this will need to be extensible
+  @@settable = {
+    'reader.allow_registration?' => true,
+    'reader.require_confirmation?' => true,
+    'reader.layout' => 'unset',
+    'site.title' => 'Site Title',
+    'site.url' => 'Site URL', 
+    'reader.mail_from_name' => 'Sender', 
+    'reader.mail_from_address' => 'sender@example.com'
+  }
+
+  def self.make_settable(settings)
+    @@settable.merge! settings
+  end
+
+  def index
+    
+  end
+  
+  def show
+    respond_to do |format|
+      format.html { }
+      format.js { render :layout => false }
+    end
+  end
+  
+  def edit
+    respond_to do |format|
+      format.html { }
+      format.js { render :layout => false }
+    end
+  end
+  
+  def update
+    Rails.logger.warn "<<  #{@setting.key} is #{@setting.value.inspect}"
+    
+    value = params[:value] || params[:radiant_config][:value]
+    
+    if @setting.boolean?
+      @setting.value = (value == 'false' ? false : true)
+    else
+      @setting.value = value
+    end
+    
+    Rails.logger.warn ">>  and now #{@setting.key} is #{@setting.value.inspect}"
+    
+    @setting.save!
+    respond_to do |format|
+      format.html { render :action => 'show' }
+      format.js { render :layout => false, :action => 'show' }
+    end
+  end
+
+private
+
+  def settable?(key)
+    self.class.settable.keys.include?(key)
+  end
+
+  # temporarily while I do this properly in radiant
+  
+  def default_settings
+    self.class.settable.each do |k, v|
+      Radiant::Config[k] = v if Radiant::Config[k].nil?
+    end
+  end
+
+  def get_setting
+    @setting = Radiant::Config.find(params[:id])
+    unless settable?(@setting.key)
+      respond_to do |format|
+        format.html { 
+          flash['error'] = "Not settable"
+          redirect_to :action => 'index'
+        }
+        format.js { render :status => 403, :text => 'Not settable' }
+      end
+      return false
+    end
+  end
+  
+end

data/app/controllers/admin/readers_controller.rb

@@ -0,0 +1,28 @@
+class Admin::ReadersController < Admin::ResourceController
+  paginate_models
+  before_filter :redirect_to_user, :only => :edit
+
+  only_allow_access_to :new, :create, :edit, :update, :remove, :destroy, :settings,
+    :when => :admin,
+    :denied_url => { :controller => 'pages', :action => 'index' },
+    :denied_message => 'You must be an administrator to add or modify readers'
+    
+  def create
+    model.update_attributes!(params[:reader])
+    model.clear_password = params[:reader][:password] if params[:reader] && params[:reader][:password]      # condition is so that radiant tests pass
+    model.send_invitation_message
+    announce_saved
+    response_for :create
+  end
+
+private
+
+  def redirect_to_user
+    if model.is_user?
+      redirect_to edit_admin_user_url(model.user)
+      return false
+    end
+    true
+  end
+  
+end

data/app/controllers/password_resets_controller.rb

@@ -0,0 +1,64 @@
+class PasswordResetsController < ApplicationController
+
+  # rest gone mad! but it works, and keeps the processes well-defined.
+
+  no_login_required 
+  before_filter :get_reader, :only => [:edit, :update]
+  radiant_layout { |controller| Radiant::Config['reader.layout'] }
+  
+  def new
+    render
+  end
+  
+  def create
+    @reader = Reader.find_by_email(params[:email])
+    if @reader
+      if @reader.activated?
+        @reader.send_password_reset_message
+        flash[:notice] = "Password reset instructions have been emailed to you."
+        render
+      else
+        @reader.send_activation_message
+        flash[:notice] = "Account activation instructions have been emailed to you."
+        redirect_to new_reader_activation_url
+      end
+    else  
+      @error = flash[:error] = "Sorry. That email address is not known here."  
+      render :action => :new  
+    end  
+  end
+
+  def edit  
+    if @reader
+      flash[:notice] = "Thank you. Please enter and confirm a new password."
+    else
+      flash[:error] = "Sorry: can't find you."
+    end
+    render
+  end  
+
+  def update
+    if @reader 
+      @reader.password = params[:reader][:password]
+      @reader.password_confirmation = params[:reader][:password_confirmation]
+      if @reader.save 
+        self.current_reader = @reader
+        flash[:notice] = "Thank you. Your password has been updated and you are now logged in."
+        redirect_to url_for(@reader)
+      else
+        flash[:error] = "Passwords don't match! Please try again."
+        render :action => :edit 
+      end  
+    else
+      flash[:error] = "Sorry: can't find you."
+      render :action => :edit     # without @reader, this will take us back to the enter-your-code form
+    end
+  end  
+
+private  
+
+  def get_reader
+    @reader = Reader.find_by_id_and_perishable_token(params[:id], params[:confirmation_code])
+  end  
+
+end