radiant-reader-extension 2.0.0.rc4 → 3.0.0.rc3

data/README.md

@@ -2,30 +2,34 @@
 
 This is a framework that takes care of all the dull bits of registering, activating, reminding, logging in and editing preferences for your site visitors. 
 
-It uses authlogic to handle sessions and provides complete interfaces both for the administrator and the visitor. The admin interface is basic and fits in with radiant. The visitor interface is more friendly (and incidentally includes a trick email field - so-called inverse captcha - that should prevent spam signups).
+It uses authlogic to handle sessions and provides complete interfaces both for the administrator and the visitor. The admin interface is very basic and fits in with radiant. The visitor interface is more friendly (and incidentally includes a trick email field - so-called inverse captcha - that should prevent spam signups).
 
 The visitors are referred to as 'readers' here. Readers never see the admin interface, but your site authors and admins are automatically given reader status.
 
-The purpose of this extension is to provide a common core that supports other visitor-facing machinery. See for example our [forum extension](http://github.com/spanner/radiant-forum-extension) for discussions and page/blog comments, [reader groups](http://github.com/spanner/radiant-reader_group-extension) for proper page-access control and [downloads extension](http://github.com/spanner/radiant-downloads-extension) for secure access-controlled file downloads. More will follow and I hope other people will make use of this too.
+The purpose of this extension is to provide a common core that supports other visitor-facing machinery. See for example our [forum extension](http://github.com/spanner/radiant-forum-extension) for discussions and page/blog comments and [downloads extension](http://github.com/spanner/radiant-downloads-extension) for secure access-controlled file downloads. More will follow and I hope other people will make use of this framework.
 
 ## Latest
 
 This version requires edge radiant, or radiant 1 when it becomes available. We are using a lot of the new configuration and sheets code.
 
+New ReaderPages provide flexible directory services with configurable access control. The old controller and page parts mechanism is going to be phased out gradually both here and in the forum in favour of more orthodox radiant page-types. We will always need to use the layout-wrapper approach for login and registration forms, though.
+
 Right now we are **not compatible with multi_site or the sites extension**: that's mostly because neither is radiant edge: it will all be sorted out in time for the release of v1, which isn't far away.
 
+Also:
+
 * public interface internationalized;
 * Uses the new configuration interface;
 * Messaging much simplified and now intended to be purely administrative.
-* ajaxable status panel returned by `reader_session_url`
+* ajaxable status panel returned by `reader_session_url` (ie. you just have to call /reader_session.js over xmlhttp to get a sensible welcome and control block)
 
 ## Status
 
-Compatible with radiant 0.9.2, which isn't out yet. You can use radiant edge to try this out. Expect small changes in support of the new forum and group releases. Multi-site compatibility fixes are likely too.
+Compatible with radiant 1, which isn't out yet. You can use radiant edge to try this out. Expect small changes in support of the new forum and group releases. Multi-site compatibility will follow soon.
 
 ## Note on internationalisation and customisation
 
-The locale strings here are generally defined in a functional rather than grammatical way. That is, they have labels like `activation_required_explanation` rather than being assembled out of smaller units. This is partly because for flexibility of translation, but also because it gives you an easy way to change the text on functional pages like reader-preferences and registration forms.
+The locale strings here are generally defined in a functional rather than grammatical way. That is, they have labels like `activation_required_explanation` rather than being assembled out of lexical units. This is partly because for flexibility of translation, but also because it gives you an easy way to change the text on functional pages like reader-preferences and registration forms.
 
 ## Requirements
 

data/app/controllers/{readers_controller.rb → accounts_controller.rb}

@@ -1,23 +1,40 @@
-class ReadersController < ReaderActionController
+class AccountsController < ReaderActionController
   helper :reader
   
-  cattr_accessor :edit_partials, :show_partials, :index_partials
-  
-  before_filter :check_registration_allowed, :only => [:new, :create]
-  before_filter :initialize_partials
-  before_filter :i_am_me, :only => [:show, :edit]
+  before_filter :check_registration_allowed, :only => [:new, :create, :activate]
+  before_filter :i_am_me, :only => [:show, :edit, :edit_profile]
   before_filter :require_reader, :except => [:new, :create, :activate]
   before_filter :default_to_self, :only => [:show]
-  before_filter :restrict_to_self, :only => [:edit, :update, :resend_activation]
+  before_filter :restrict_to_self, :only => [:edit, :edit_profile, :update, :resend_activation]
   before_filter :no_removing, :only => [:remove, :destroy]
   before_filter :ensure_groups_subscribable, :only => [:update, :create]
 
   def index
-    @readers = Reader.active.paginate(pagination_parameters.merge(:per_page => 60))
+    @readers = Reader.visible_to(current_reader)
+    respond_to do |format|
+      format.html {}
+      format.csv {
+        send_data generate_csv(@readers), :type => 'text/csv; charset=utf-8; header=present', :filename => "everyone.csv"
+      }
+      format.vcard {
+        send_data @readers.map(&:vcard).join("\n"), :filename => "everyone.vcf"
+      }
+    end
   end
 
   def show
     @reader = Reader.find(params[:id])
+    respond_to do |format|
+      format.html
+      format.vcard {
+        send_data @reader.vcard.to_s, :filename => "#{@reader.filename}.vcf"	
+      }
+    end
+  end
+  
+  def dashboard
+    # @reader = current_reader
+    expires_now
   end
 
   def new
@@ -33,7 +50,11 @@ class ReadersController < ReaderActionController
   def edit
     expires_now
   end
-  
+
+  def edit_profile
+    expires_now
+  end
+
   def create
     @reader = Reader.new(params[:reader])
     @reader.clear_password = params[:reader][:password]
@@ -67,7 +88,7 @@ class ReadersController < ReaderActionController
     @reader.clear_password = params[:reader][:password] if params[:reader][:password]
     if @reader.save
       flash[:notice] = t('reader_extension.account_updated')
-      redirect_to url_for(@reader)
+      redirect_to dashboard_url
     else
       render :action => 'edit'
     end
@@ -113,27 +134,7 @@ protected
     end
   end
   
-  def self.add_edit_partial(path)
-    @@edit_partials ||= []
-    edit_partials.push(path)
-  end
-
-  def self.add_show_partial(path)
-    @@show_partials ||= []
-    show_partials.push(path)
-  end
-
-  def self.add_index_partial(path)
-    @@index_partials ||= []
-    index_partials.push(path)
-  end
-
 private
-  def initialize_partials
-    @show_partials = show_partials
-    @edit_partials = edit_partials
-    @index_partials = index_partials
-  end
 
   def ensure_groups_subscribable
     if params[:reader] && params[:reader][:group_ids]

data/app/controllers/groups_controller.rb

@@ -0,0 +1,35 @@
+class GroupsController < ReaderActionController
+  helper :reader
+  
+  before_filter :require_reader
+  before_filter :get_group_or_groups
+  before_filter :require_group_visibility, :only => [:show]
+
+  def index
+  end
+
+  def show
+    @readers = @group.readers.uniq
+    respond_to do |format|
+      format.html
+      format.csv {
+        send_data generate_csv(@readers), :type => 'text/csv; charset=utf-8; header=present', :filename => "#{@group.filename}.csv"
+      }
+      format.vcard {
+        send_data @readers.map(&:vcard).join("\n"), :filename => "#{@group.filename}.vcf"	
+      }
+    end
+  end
+    
+private
+  
+  def get_group_or_groups
+    @groups = Group.visible_to(current_reader)
+    @group = @groups.find(params[:id]).first if params[:id]
+  end
+
+  def require_group_visibility
+    raise ReaderError::AccessDenied if @group && !@group.visible_to?(current_reader)
+  end
+  
+end

data/app/controllers/messages_controller.rb

@@ -30,6 +30,7 @@ protected
   
   def get_message
     @message = current_reader.messages.find(params[:id])
+    @delivery = @message.delivery_to(current_reader)
   end
 
 end

data/app/controllers/password_resets_controller.rb

@@ -13,13 +13,13 @@ class PasswordResetsController < ReaderActionController
   end
   
   def create
-    @reader = Reader.find_by_email(params[:email])
-    if @reader
-      if @reader.activated?
-        @reader.send_password_reset_message
+    @forgetter = Reader.find_by_email(params[:email])
+    if @forgetter
+      if @forgetter.activated?
+        @forgetter.send_password_reset_message
         render
       else
-        @reader.send_activation_message
+        @forgetter.send_activation_message
         redirect_to new_reader_activation_url
       end
     else  
@@ -42,7 +42,7 @@ class PasswordResetsController < ReaderActionController
       if @reader.save 
         self.current_reader = @reader
         flash[:notice] = t('reader_extension.password_updated_notice')
-        redirect_to url_for(@reader)
+        redirect_to dashboard_url
       else
         flash[:error] = t('reader_extension.password_mismatch')
         render :action => :edit 

data/app/controllers/reader_action_controller.rb

@@ -99,4 +99,12 @@ protected
     end
   end
   
+  def generate_csv(readers=[])
+    columns = %w{forename surname email phone mobile postal_address}
+    table = FasterCSV.generate do |csv|
+      csv << columns.map { |f| t("activerecord.attributes.reader.#{f}") }
+      readers.each { |r| csv << columns.map{ |f| r.send(f.to_sym) } }
+    end
+  end
+  
 end

data/app/controllers/reader_activations_controller.rb

@@ -31,11 +31,12 @@ class ReaderActivationsController < ReaderActionController
     if @reader
       @reader.activate!
       self.current_reader = @reader
+      redirect_to dashboard_url
     else
       @error = t("reader_extension.please_check_message")
+      expires_now
+      render :action => 'show'
     end
-    expires_now
-    render :action => 'show'
   end
 
 protected

data/app/controllers/reader_sessions_controller.rb

@@ -17,7 +17,7 @@ class ReaderSessionsController < ReaderActionController
         end
       }
       format.js {
-        render :partial => 'readers/controls', :layout => false
+        render :partial => 'accounts/controls', :layout => false
       }
     end
   end
@@ -26,7 +26,7 @@ class ReaderSessionsController < ReaderActionController
     if current_reader
       if current_reader.activated?
         cookies[:error] = t('reader_extension.already_logged_in')
-        redirect_to reader_url(current_reader)
+        redirect_to default_welcome_url(current_reader)
       else
         cookies[:error] = t('reader_extension.account_requires_activation')
         redirect_to reader_activation_url
@@ -72,4 +72,8 @@ class ReaderSessionsController < ReaderActionController
     redirect_to reader_login_url
   end
 
+  def default_welcome_url(reader=nil)
+    reader.home_url || dashboard_url
+  end
+
 end

data/app/helpers/reader_helper.rb

@@ -1,7 +1,11 @@
 require 'sanitize'
 require "sanitize/config/generous"
+require "fastercsv"
 
 module ReaderHelper
+  include SnailHelpers
+  include Admin::RegionsHelper
+  
   def standard_gravatar_for(reader=nil, url=nil)
     size = Radiant::Config['forum.gravatar_size'] || 40
     url ||= reader_url(reader)
@@ -20,6 +24,26 @@ module ReaderHelper
       image_tag gravatar_url(reader.email, gravatar_options), img_options
     end
   end
+  
+  def link_to_reader(reader)
+    if page = ReaderPage.first
+      page.url_for(reader)
+    else
+      reader_url(reader)
+    end
+  end
+  
+  def link_to_group(group)
+    if page = group.homepage
+      link_to group.name, page.url
+    else
+      link_to group.name, group_url(group)
+    end
+  end
+  
+  def link_to_message(message)
+    link_to message.subject, message_url(message)
+  end
 
   def home_page_link(options={})
     home_page = Page.find_by_parent_id(nil)
@@ -34,11 +58,14 @@ module ReaderHelper
     Sanitize.clean(textilize(text), Sanitize::Config::GENEROUS)
   end
 
-  def truncate_words(text='', length=24, omission="...")
+  def truncate_words(text='', options={})
     return '' if text.blank?
+    options = {:length => options} unless options.is_a? Hash
+    options.reverse_merge!(:length => 30, :omission => '…')
     words = text.split
-    omission = '' unless words.size > length
-    words[0..(length-1)].join(" ") + omission
+    length = options[:length].to_i
+    options[:omission] = '' unless words.size > length
+    words[0..(length-1)].join(" ") + options[:omission]
   end 
   
   def pagination_and_summary_for(list, name='')
@@ -53,20 +80,9 @@ module ReaderHelper
     
   def pagination_summary(list, name='')
     total = list.total_entries
-    if list.empty?
-      %{#{t('reader_extension.no')} #{name.pluralize}}
-    else      
-      name ||= t(list.first.class.to_s.underscore.gsub('_', ' '))
-      if total == 1
-        %{#{t('reader_extension.showing')} #{t('reader_extension.one')} #{name}}
-      elsif list.current_page == 1 && total < list.per_page
-        %{#{t('reader_extension.all')} #{total} #{name.pluralize}}
-      else
-        start = list.offset + 1
-        finish = ((list.offset + list.per_page) < list.total_entries) ? list.offset + list.per_page : list.total_entries
-        %{#{start} #{t('reader_extension.to')} #{finish} #{t('reader_extension.of')} #{total} #{name.pluralize}}
-      end
-    end
+    start = list.offset + 1
+    finish = ((list.offset + list.per_page) < list.total_entries) ? list.offset + list.per_page : list.total_entries
+    t("reader_extension.showing_of_total", :count => total, :start => start, :finish => finish, :name => name, :names => name.pluralize)
   end
   
   def message_preview(subject, body, reader)
@@ -101,5 +117,33 @@ EOM
     end
     options
   end
+  
+  def friendly_date(datetime)
+    I18n.l(datetime, :format => friendly_date_format(datetime)) if datetime
+  end
+  
+  def friendly_date_format(datetime)
+    if datetime && date = datetime.to_date
+      if (date.to_datetime == Date.today)
+        :today
+      elsif (date.to_datetime == Date.yesterday)
+        :yesterday
+      elsif (date.to_datetime > 6.days.ago)
+        :recently
+      elsif (date.year == Date.today.year)
+        :this_year
+      else
+        :standard
+      end
+    end
+  end
+  
+  def country_options_for_select(selected = nil, default_selected = Snail.home_country)
+    usps_country_options_for_select(selected, default_selected)
+  end
+  
+  def email_link(address)
+    mail_to address, nil, :encode => :hex, :replace_at => ' at ', :class => 'mailto'
+  end
 
 end

data/app/models/group.rb

@@ -11,10 +11,11 @@ class Group < ActiveRecord::Base
   has_many :permissions
   has_many :pages, :through => :permissions
   has_many :memberships
-  has_many :readers, :through => :memberships
+  has_many :readers, :through => :memberships, :uniq => true
   
-  validates_presence_of :name
-  validates_uniqueness_of :name
+  before_validation :set_slug
+  validates_presence_of :name, :slug, :allow_blank => false
+  validates_uniqueness_of :name, :slug
   
   named_scope :with_home_page, { :conditions => "homepage_id IS NOT NULL", :include => :homepage }
   named_scope :subscribable, { :conditions => "public = 1" }
@@ -24,6 +25,14 @@ class Group < ActiveRecord::Base
     { :conditions => ["groups.id IN (#{ids.map{"?"}.join(',')})", *ids] }
   }
 
+  named_scope :containing, lambda { |reader|
+    {
+      :joins => "INNER JOIN memberships as mb on mb.group_id = groups.id", 
+      :conditions => ["mb.reader_id = ?", reader.id],
+      :group => column_names.map { |n| 'groups.' + n }.join(',')
+    }
+  }
+
   named_scope :attached_to, lambda { |objects|
     conditions = objects.map{|o| "(pp.permitted_type = ? AND pp.permitted_id = ?)" }.join(" OR ")
     binds = objects.map{|o| [o.class.to_s, o.id]}.flatten
@@ -32,15 +41,30 @@ class Group < ActiveRecord::Base
       :joins => "INNER JOIN permissions as pp on pp.group_id = groups.id", 
       :conditions => [conditions, *binds],
       :having => "pcount > 0",    # otherwise attached_to([]) returns all groups
-      :group => column_names.map { |n| self.table_name + '.' + n }.join(','),
+      :group => column_names.map { |n| 'groups.' + n }.join(','),
       :readonly => false
     }
   }
 
+  def self.visible_to(reader=nil)
+    return all if Radiant.config['readers.public?']
+    return scoped({:conditions => "1 = 0"}) unless reader   # nasty but chainable
+    return containing(reader) if Radiant.config['readers.confine_to_groups?']
+    return all
+  end
+  
+  def visible_to?(reader=nil)
+    self.class.visible_to(reader).include? self
+  end
+
   def url
     homepage.url if homepage
   end
   
+  def filename
+    name.downcase.gsub(/\W/, '_')
+  end
+  
   def send_welcome_to(reader)
     if reader.activated?                                                             # welcomes are also triggered on activation
       if message = Message.belonging_to(self).for_function('group_welcome').first    # only if a group_welcome message exists *belonging to this group*
@@ -74,7 +98,11 @@ class Group < ActiveRecord::Base
     define_method("#{classname.downcase.pluralize}") { self.send("#{classname.to_s.downcase}_permissions".intern).map(&:permitted) }
   end
   
-  
+private
+
+  def set_slug
+    self.slug ||= self.name.slugify.to_s
+  end
 
 end
 

data/app/models/message.rb

@@ -50,10 +50,6 @@ class Message < ActiveRecord::Base
     deliveries.any?
   end
 
-  def delivered_to?(reader)
-    recipients.include?(reader)
-  end
-
   def preview(reader=nil)
     reader ||= possible_readers.first || Reader.for_user(created_by)
     ReaderNotifier.create_message(reader, self)
@@ -112,4 +108,11 @@ class Message < ActiveRecord::Base
     MessageReader.find_or_create_by_message_id_and_reader_id(self.id, reader.id).update_attribute(:sent_at, Time.now)
   end
 
+  def delivered_to?(reader)
+    recipients.include?(reader)
+  end
+  
+  def delivery_to(reader)
+    deliveries.to_reader(reader).first if delivered_to?(reader)
+  end
 end

data/app/models/message_reader.rb

@@ -9,5 +9,9 @@ class MessageReader < ActiveRecord::Base
   named_scope :delivered, {
     :conditions => "sent_at IS NOT NULL and sent_at <= NOW()"
   }
+  
+  named_scope :to_reader, lambda { |reader| {
+    :conditions => ["reader_id = ?", reader.id]
+  }}
 
 end

data/app/models/reader.rb

@@ -1,11 +1,13 @@
 require 'authlogic'
 require 'digest/sha1'
+require 'snail'
+require 'vcard'
 
 class Reader < ActiveRecord::Base
   @@user_columns = [:name, :email, :login, :created_at, :password, :notes]
   cattr_accessor :user_columns
   cattr_accessor :current
-  attr_accessor :email_field        # used in blocking spam registrations
+  attr_accessor :email_field, :newly_activated
 
   acts_as_authentic do |config|
     config.validations_scope = :site_id if defined? Site
@@ -21,7 +23,7 @@ class Reader < ActiveRecord::Base
   has_many :message_readers
   has_many :messages, :through => :message_readers
   has_many :memberships
-  has_many :groups, :through => :memberships
+  has_many :groups, :through => :memberships, :uniq => true
   accepts_nested_attributes_for :memberships
 
   before_update :update_user
@@ -79,13 +81,67 @@ class Reader < ActiveRecord::Base
     end
     reader
   end
+  
+  def self.visible_to(reader=nil)
+    return self.all if Radiant.config['readers.public?']
+    return self.scoped({:conditions => "1 = 0"}) unless reader   # nasty but chainable
+    return self.in_groups(reader.groups) if Radiant.config['readers.confine_to_groups?']
+    return self.all
+  end
+  
+  def visible_to?(reader=nil)
+    self.class.visible_to(reader).include? self
+  end
 
+  # not very i18nal, this
   def forename
-    read_attribute(:forename) || name.split(/\s/).first
+    read_attribute(:forename) || name.split(/\s+/).first
   end
 
+  def surname
+    read_attribute(:surname) || name.split(/\s+/).last
+  end
+
+  def postal_address
+    Snail.new(
+      :name => name,
+      :line_1 => post_line1,
+      :line_2 => post_line2,
+      :city => post_city,
+      :region => post_province,
+      :postal_code => postcode,
+      :country => post_country
+    )
+  end
+  
+  def vcard
+  	@vcard ||= Vpim::Vcard::Maker.make2 do |maker|
+  		maker.add_name do |n|
+  		  n.prefix = honorific || ""
+  		  n.given = forename || ""
+  		  n.family = surname || ""
+		  end
+  		maker.add_addr {|a| 
+  		  a.location = 'home' # until we do this properly with multiple contact sets
+        a.country = post_country || ""
+        a.region = post_province || ""
+        a.locality = post_city || ""
+        a.street = [post_line1, post_line2].compact.join("\n")
+        a.postalcode = postcode || ""
+  		}
+  		maker.add_tel phone { |t| t.location = 'home' } unless phone.blank?
+  		maker.add_tel mobile { |t| t.location = 'cell' } unless mobile.blank?
+  		maker.add_email email { |e| t.location = 'home' }
+  	end
+  end
+  
+  def filename
+    name.downcase.gsub(/\W/, '_')
+  end
+  
   def activate!
     self.activated_at = Time.now.utc
+    self.newly_activated = true
     self.save!
     send_welcome_message
     send_group_welcomes
@@ -94,6 +150,10 @@ class Reader < ActiveRecord::Base
   def activated?
     !inactive?
   end
+  
+  def newly_activated?
+    !!newly_activated
+  end
 
   def inactive?
     self.activated_at.nil?
@@ -139,6 +199,14 @@ class Reader < ActiveRecord::Base
       homegroup.homepage
     end
   end
+  
+  def home_url
+    if homepage = self.find_homepage
+      homepage.url
+    else
+      nil
+    end
+  end
 
   def can_see? (this)
     permitted_groups = this.permitted_groups

data/app/models/reader_page.rb

@@ -0,0 +1,56 @@
+class ReaderPage < Page
+  include WillPaginate::ViewHelpers
+  attr_accessor :reader, :group
+  
+  description %{ Presents readers and groups with configurable access control. }
+  
+  def current_reader
+    Reader.current
+  end
+  
+  def readers
+    if group
+      group.readers.visible_to(current_reader)
+    else
+      Reader.visible_to(current_reader)
+    end
+  end
+  
+  def groups
+    Group.visible_to(current_reader)
+  end
+    
+  def cache?
+    !!Radiant.config['readers.public?']
+  end
+  
+  def visible?
+    Radiant.config['readers.public?'] || current_reader
+  end
+  
+  def url_for(thing)
+    if thing.is_a?(Reader)
+      File.join(self.url, thing.id)
+    elsif thing.is_a?(Group)
+      File.join(self.url, thing.slug)
+    end
+  end
+  
+  def find_by_url(url, live = true, clean = false)
+    url = clean_url(url) if clean
+    my_url = self.url
+    return false unless url =~ /^#{Regexp.quote(my_url)}(.*)/
+    raise ReaderError::AccessDenied unless visible?
+    
+    params = $1.split('/').compact
+    self.group = Group.find_by_slug(params.first) if params.first =~ /\w/
+    self.reader = Reader.find_by_id(params.last) if params.last !~ /\D/
+
+    raise ReaderError::AccessDenied if group && !group.visible_to?(current_reader)
+    raise ReaderError::AccessDenied if reader && !reader.visible_to?(current_reader)
+    raise ActiveRecord::RecordNotFound if reader && group && !reader.is_in?(group)
+
+    self
+  end
+  
+end

data/app/views/{readers → accounts}/_controls.html.haml

@@ -1,6 +1,5 @@
 - if !current_reader
-  = link_to t('reader_extension.navigation.log_in'), reader_login_url
-  = link_to t('reader_extension.navigation.register'), new_reader_url
+  = t('reader_extension.navigation.welcome_please_log_in', :login_url => reader_login_url, :register_url => new_reader_url)
 - else
   %strong
     = link_to t('reader_extension.navigation.greeting', :name => current_reader.name), reader_profile_url

data/app/views/accounts/_description.html.haml

@@ -0,0 +1,2 @@
+- reader ||= @reader
+= clean_html(reader.description)