railswiki 0.1.0

data/app/controllers/railswiki/histories_controller.rb

@@ -0,0 +1,48 @@
+require_dependency "railswiki/application_controller"
+
+module Railswiki
+  class HistoriesController < ApplicationController
+    before_action :set_history, only: [:show, :destroy]
+
+    before_action :require_histories_list_permission, only: [:index]
+    before_action :require_history_delete_permission, only: [:destroy]
+
+    # GET /histories
+    def index
+      @histories = History.all
+    end
+
+    # GET /histories/1
+    def show
+      respond_to do |format|
+        format.html
+        format.json { render json: @history.expose_json }
+      end
+    end
+
+    # DELETE /histories/1
+    def destroy
+      @history.transaction do
+        @history.destroy!
+        @history.page.reload
+
+        latest_version = @history.page.histories.order(created_at: :desc).first
+        if latest_version.present?
+          @history.page.update_attributes!(latest_version_id: latest_version.id)
+        else
+          # We can't have a page with no history
+          @history.page.destroy!
+        end
+
+        redirect_to @history.page, notice: 'History was successfully destroyed.'
+      end
+    end
+
+    private
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_history
+      @history = History.find(params[:id])
+    end
+  end
+end

data/app/controllers/railswiki/invites_controller.rb

@@ -0,0 +1,61 @@
+require_dependency "railswiki/application_controller"
+
+module Railswiki
+  class InvitesController < ApplicationController
+    include ApplicationHelper
+
+    before_action :set_invite, only: [:show, :destroy]
+    before_action :require_invites_list_permission, only: [:index]
+    before_action :require_invite_create_permission, only: [:new, :create]
+    before_action :require_invite_delete_permission, only: [:destroy]
+
+    # GET /invites
+    def index
+      @invites = Invite.all
+    end
+
+    # GET /invites/1
+    def show
+      respond_to do |format|
+        format.html
+      end
+    end
+
+    # GET /invites/new
+    def new
+      @invite = Invite.new
+      @invite.inviting_user = current_user
+      @invite.role = User::ROLE_EDITOR
+    end
+
+    # POST /invites
+    def create
+      @invite = Invite.new(invite_params)
+      @invite.inviting_user = current_user
+
+      if @invite.save
+        redirect_to @invite, notice: 'Invite was successfully created.'
+      else
+        render :new
+      end
+    end
+
+    # DELETE /invites/1
+    def destroy
+      @invite.destroy
+      redirect_to invites_url, notice: 'Invite was successfully destroyed.'
+    end
+
+    private
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_invite
+      @invite = Invite.find(params[:id])
+    end
+
+    # Only allow a trusted parameter "white list" through.
+    def invite_params
+      params.require(:invite).permit(:email, :role)
+    end
+  end
+end

data/app/controllers/railswiki/pages_controller.rb

@@ -0,0 +1,141 @@
+require_dependency "railswiki/application_controller"
+
+module Railswiki
+  class PagesController < ApplicationController
+    include PagesHelper
+    include ApplicationHelper
+
+    before_action :set_page, only: [:show, :edit, :update, :destroy, :history]
+    before_action :require_pages_list_permission, only: [:index]
+    before_action :require_page_edit_permission, only: [:edit, :update]
+    before_action :require_page_create_permission, only: [:new, :create]
+    before_action :require_page_delete_permission, only: [:destroy]
+    before_action :require_page_history_permission, only: [:history]
+
+    # GET /pages
+    def index
+      @special_pages = []
+      @pages = Page.search(params[:search])
+      if params[:search]
+        # if we're searching, and there's only one link, redirect to the first result
+        if @pages.count == 1
+          redirect_to wiki_path(@pages.first)
+        end
+      else
+        # if we're not searching, display all the Special pages too
+        @special_pages = special_pages.reject { |page| @pages.map(&:title).include?(page.title) }
+      end
+    end
+
+    # GET /pages/1
+    def show
+      respond_to do |format|
+        format.html
+        format.json { render json: @page.expose_json }
+      end
+    end
+
+    # GET /pages/1/history
+    def history
+      require_special_pages_permission if is_special_page?(@page)
+
+      @histories = @page.histories
+      respond_to do |format|
+        format.html
+        format.json { render json: @histories.map { |history| history.expose_json } }
+      end
+    end
+
+    # GET /pages/new
+    def new
+      @page = Page.new
+      @page.title = params[:title].gsub(/_/, " ") if params[:title]
+
+      require_special_pages_permission if is_special_page?(@page)
+
+      # Preload Special: pages with their default content
+      special_page = special_pages.select { |page| page.title == @page.title }.first
+      if special_page
+        @page.default_content = special_page.content
+      end
+    end
+
+    # GET /pages/1/edit
+    def edit
+    end
+
+    # POST /pages
+    def create
+      @page = Page.new(page_params)
+
+      require_special_pages_permission if is_special_page?(@page)
+
+      @page.transaction do
+        if @page.save
+          update_content
+          redirect_to wiki_path(@page), notice: 'Page was successfully created.'
+        else
+          render :new
+        end
+      end
+    end
+
+    # PATCH/PUT /pages/1
+    def update
+      require_special_pages_permission if is_special_page?(@page)
+
+      @page.transaction do
+        if @page.update(page_params)
+          update_content
+          redirect_to wiki_path(@page), notice: 'Page was successfully updated.'
+        else
+          render :edit
+        end
+      end
+    end
+
+    # DELETE /pages/1
+    def destroy
+      require_special_pages_permission if is_special_page?(@page)
+
+      @page.destroy
+      redirect_to pages_url, notice: 'Page was successfully destroyed.'
+    end
+
+    private
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_page
+      title = params[:id] || params[:page_id] || params[:path]
+      raise ActiveRecord::RecordNotFound, "Unknown page request" unless title
+
+      @page = select_page(title)
+
+      unless @page
+        if user_can?(:create_page)
+          return redirect_to new_page_path(title: title)
+        else
+          if title == "Home"
+            @page = special_page("Welcome")
+          else
+            raise ActiveRecord::RecordNotFound, "Could not find page '#{title}'"
+          end
+        end
+      end
+    end
+
+    def update_content
+      # Create a new history
+      history = @page.histories.create!({
+        author: current_user,
+        body: params.require(:page)[:content]
+      })
+      @page.update_attributes! latest_version_id: history.id
+    end
+
+    # Only allow a trusted parameter "white list" through.
+    def page_params
+      params.require(:page).permit(:title, :latest_version_id)
+    end
+  end
+end

data/app/controllers/railswiki/sessions_controller.rb

@@ -0,0 +1,75 @@
+require_dependency "railswiki/application_controller"
+
+module Railswiki
+  class SessionsController < ApplicationController
+    def create
+      User.transaction do
+        notice = []
+
+        auth = request.env["omniauth.auth"]
+        user = User.where(:provider => auth["provider"], :uid => auth["uid"]).first_or_initialize(
+          :refresh_token => auth["credentials"]["refresh_token"],
+          :access_token => auth["credentials"]["token"],
+          :expires => auth["credentials"]["expires_at"],
+          :name => auth["info"]["name"],
+          :email => auth["info"]["email"],
+          :image_url => auth["info"]["image"],
+        )
+        url = session[:return_to] || root_path
+        session[:return_to] = nil
+        url = root_path if url.eql?('/logout')
+
+        if user.new_record?
+          if User.count == 0
+            user.role = User::ROLE_ADMIN
+            notice << "As the first user, you have been automatically assigned admin privileges."
+          else
+            # this user must have been invited
+            invite = find_invite(user)
+            if invite
+              user.role = invite.role
+              user.save!
+              invite.update_attributes!({
+                invited_user: user,
+                accepted_at: Time.now,
+              })
+
+              notice << "Invite accepted as a #{invite.role || "user"}."
+            else
+              return redirect_to sessions_no_invite_path
+            end
+          end
+        end
+
+        if user.save
+          session[:user_id] = user.id
+          user.update_attributes! last_login: Time.now
+          notice << "Signed in!"
+
+          redirect_to url, :notice => notice.join("\n")
+        else
+          raise "Failed to login: #{user.errors.full_messages.join(", ")}"
+        end
+      end
+    end
+
+    def not_authorized
+      render status: :unauthorized
+    end
+
+    def no_invite
+      render status: :forbidden
+    end
+
+    def destroy
+      session[:user_id] = nil
+      redirect_to root_url, :notice => "Signed out!"
+    end
+
+    private
+
+    def find_invite(user)
+      Invite.where(email: user.email, accepted_at: nil).first
+    end
+  end
+end

data/app/controllers/railswiki/uploaded_files_controller.rb

@@ -0,0 +1,100 @@
+require_dependency "railswiki/application_controller"
+
+module Railswiki
+  class UploadedFilesController < ApplicationController
+    before_action :set_uploaded_file, only: [:show, :edit, :update, :destroy]
+
+    before_action :require_files_list_permission, only: [:index]
+    before_action :require_file_edit_permission, only: [:edit, :update]
+    before_action :require_file_create_permission, only: [:new, :create]
+    before_action :require_file_delete_permission, only: [:destroy]
+
+    # GET /uploaded_files
+    def index
+      @uploaded_files = UploadedFile.all
+    end
+
+    # GET /uploaded_files/image_dialog
+    def image_dialog
+      @uploaded_files = UploadedFile.all.select { |file| file.is_image? }
+      render layout: false
+    end
+
+    # GET /uploaded_files/file_dialog
+    def file_dialog
+      @uploaded_files = UploadedFile.all.reject { |file| file.is_image? }
+      render layout: false
+    end
+
+    # GET /uploaded_files/1
+    def show
+    end
+
+    # GET /uploaded_files/1/download
+    def download
+      @uploaded_file = UploadedFile.where(title: params[:title]).first
+      unless @uploaded_file
+        raise ActiveRecord::RecordNotFound, "Could not find file '#{params[:title]}'"
+      end
+      redirect_to @uploaded_file.file_url
+    end
+
+    # GET /uploaded_files/new
+    def new
+      @uploaded_file = UploadedFile.new
+      @uploaded_file.user = current_user
+      @uploaded_file.title = "#{Time.now}"
+    end
+
+    # GET /uploaded_files/1/edit
+    def edit
+      @uploaded_file.user = current_user
+    end
+
+    # POST /uploaded_files
+    def create
+      @uploaded_file = UploadedFile.new(uploaded_file_params)
+      @uploaded_file.user = current_user
+      @uploaded_file.title = "#{Time.now}"
+
+      if @uploaded_file.save
+        @uploaded_file.update_attributes! title: @uploaded_file.file_identifier
+
+        redirect_to @uploaded_file, notice: 'Uploaded file was successfully created.'
+      else
+        render :new
+      end
+    end
+
+    # PATCH/PUT /uploaded_files/1
+    def update
+      @uploaded_file.user = current_user
+      @uploaded_file.title = "#{Time.now}"
+
+      if @uploaded_file.update(uploaded_file_params)
+        @uploaded_file.update_attributes! title: @uploaded_file.file_identifier
+
+        redirect_to @uploaded_file, notice: 'Uploaded file was successfully updated.'
+      else
+        render :edit
+      end
+    end
+
+    # DELETE /uploaded_files/1
+    def destroy
+      @uploaded_file.destroy
+      redirect_to uploaded_files_url, notice: 'Uploaded file was successfully destroyed.'
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_uploaded_file
+        @uploaded_file = UploadedFile.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def uploaded_file_params
+        params.require(:uploaded_file).permit(:file, :title)
+      end
+  end
+end

data/app/controllers/railswiki/users_controller.rb

@@ -0,0 +1,55 @@
+require_dependency "railswiki/application_controller"
+
+module Railswiki
+  class UsersController < ApplicationController
+    before_action :set_user, only: [:show, :edit, :update, :destroy]
+
+    before_action :require_users_list_permission, only: [:index]
+    before_action :require_user_edit_permission, only: [:edit, :update]
+    before_action :require_user_delete_permission, only: [:destroy]
+
+    # GET /users
+    def index
+      @users = User.all
+    end
+
+    # GET /users/1
+    def show
+      respond_to do |format|
+        format.html
+        format.json { render json: @user.expose_json }
+      end
+    end
+
+    # GET /users/1/edit
+    def edit
+    end
+
+    # PATCH/PUT /users/1
+    def update
+      if @user.update(user_params)
+        redirect_to @user, notice: 'User was successfully updated.'
+      else
+        render :edit
+      end
+    end
+
+    # DELETE /pages/1
+    def destroy
+      @user.destroy
+      redirect_to users_url, notice: 'User was successfully destroyed.'
+    end
+
+    private
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_user
+      @user = User.find(params[:id])
+    end
+
+    # Only allow a trusted parameter "white list" through.
+    def user_params
+      params.require(:user).permit(:name, :email, :role)
+    end
+  end
+end