ruby_cms 0.1.0

data/app/controllers/ruby_cms/admin/settings_controller.rb

@@ -0,0 +1,223 @@
+# frozen_string_literal: true
+
+module RubyCms
+  module Admin
+    class SettingsController < BaseController
+      before_action { require_permission!(:manage_admin) }
+
+      def index
+        RubyCms::Settings.ensure_defaults!
+
+        @registry_entries = sorted_registry_entries
+        @categories = @registry_entries.map {|e| e.category.to_s }.uniq
+        @active_tab = resolve_active_tab(params[:tab], @categories)
+        @entries_for_tab = @registry_entries.select {|entry| entry.category.to_s == @active_tab }
+
+        @values = @entries_for_tab.to_h do |entry|
+          [entry.key, RubyCms::Settings.get(entry.key, default: entry.default)]
+        end
+      end
+
+      def update
+        updated_keys = apply_updates(extract_updates)
+        updated_keys = apply_nav_order_update(updated_keys)
+
+        respond_with_update_success(updated_keys)
+      rescue StandardError => e
+        respond_with_update_failure(e)
+      end
+
+      def reset_defaults
+        RubyCms::SettingsRegistry.seed_defaults!
+
+        RubyCms::SettingsRegistry.each do |entry|
+          RubyCms::Settings.set(entry.key, entry.default)
+        end
+
+        redirect_to ruby_cms_admin_settings_path(redirect_settings_params),
+                    notice: t("ruby_cms.admin.settings.defaults_reset")
+      end
+
+      # Dedicated endpoint for saving nav order only. Reads raw JSON body; writes directly to preferences table.
+      def update_nav_order
+        order = nav_order_from_raw_body
+        unless order.kind_of?(Array) && order.any?
+          return render json: {
+                          success: false,
+                          error: "nav_order_main and nav_order_bottom required"
+                        },
+                        status: :unprocessable_content
+        end
+
+        rec = RubyCms::Preference.find_or_initialize_by(key: "nav_order")
+        rec.category = "navigation" if rec.new_record?
+        rec.value_type = "json"
+        rec.value = order.map(&:to_s).to_json
+        rec.save!
+        render json: { success: true, updated_keys: ["nav_order"], updated_count: 1 }
+      rescue StandardError => e
+        render json: { success: false, error: e.message }, status: :unprocessable_content
+      end
+
+      private
+
+      def nav_order_from_raw_body
+        request.body.rewind if request.body.respond_to?(:rewind)
+        body = request.body.read
+        return [] if body.blank?
+
+        data = JSON.parse(body)
+        nav_order_from_raw_hash(data)
+      rescue JSON::ParserError
+        []
+      end
+
+      def redirect_settings_params
+        { tab: params[:tab].presence || default_tab }.tap do |h|
+          h[:nav_sub] = params[:nav_sub].presence if params[:tab].to_s == "navigation"
+        end
+      end
+
+      # Persist nav order so it survives reload. Uses Preference directly so we hit the same row Settings.get reads.
+      def persist_nav_order(order)
+        return unless order.kind_of?(Array) && order.any?
+
+        RubyCms::Preference.set("nav_order", order)
+      end
+
+      # For JSON PATCH, Rails may wrap body under :settings (or leave at root). Body stream can be
+      # consumed by the parser so we try params first, then rewind and read raw body.
+      def nav_order_arrays_from_request
+        main = nav_order_param(:nav_order_main)
+        bottom = nav_order_param(:nav_order_bottom)
+        if main.nil? && bottom.nil? && request.content_mime_type&.symbol == :json
+          data = parsed_json_body
+          main, bottom = nav_order_arrays_from_json(data) if data
+        end
+        [
+          main.kind_of?(Array) ? main.map(&:to_s) : Array(main).map(&:to_s),
+          bottom.kind_of?(Array) ? bottom.map(&:to_s) : Array(bottom).map(&:to_s)
+        ]
+      end
+
+      def nav_order_param(key)
+        key_s = key.to_s
+        # Root (symbol or string)
+        params[key].presence || params[key_s].presence ||
+          # Common Rails JSON wrapper
+          params.dig(:settings, key).presence || params.dig(:settings, key_s).presence ||
+          params.dig("settings", key).presence || params.dig("settings", key_s).presence
+      end
+
+      def parsed_json_body
+        body = nil
+        if request.body.respond_to?(:rewind)
+          request.body.rewind
+          body = request.body.read
+        end
+        body = request.raw_post if body.blank? && body != false
+        return nil if body.blank?
+
+        JSON.parse(body)
+      rescue JSON::ParserError
+        nil
+      end
+
+      def sorted_registry_entries
+        RubyCms::SettingsRegistry
+          .entries
+          .values
+          .sort_by {|entry| [entry.category.to_s, entry.key.to_s] }
+      end
+
+      def resolve_active_tab(tab_param, categories)
+        requested = tab_param.to_s
+        return requested if categories.include?(requested)
+
+        categories.first || "general"
+      end
+
+      def default_tab
+        sorted_registry_entries.first&.category || "general"
+      end
+
+      def extract_updates
+        if params[:preferences].present?
+          params.require(:preferences).to_unsafe_h
+        elsif params[:key].present?
+          { params[:key].to_s => params[:value] }
+        else
+          {}
+        end
+      end
+
+      def apply_updates(updates)
+        updates.filter_map do |key, value|
+          entry = RubyCms::SettingsRegistry.fetch(key)
+          next unless entry
+
+          RubyCms::Settings.set(entry.key, value)
+          entry.key
+        end
+      end
+
+      def apply_nav_order_update(updated_keys)
+        nav_main, nav_bottom = nav_order_arrays_from_request
+        return updated_keys if nav_main.blank? && nav_bottom.blank?
+
+        order = (nav_main + nav_bottom).map(&:to_s)
+        persist_nav_order(order)
+        updated_keys + ["nav_order"]
+      end
+
+      def respond_with_update_success(updated_keys)
+        respond_to do |format|
+          format.html do
+            redirect_to ruby_cms_admin_settings_path(redirect_settings_params),
+                        notice: t("ruby_cms.admin.settings.updated_many",
+                                  default: "#{updated_keys.size} setting(s) updated.")
+          end
+
+          format.json do
+            render json: {
+              success: true,
+              updated_keys: updated_keys,
+              updated_count: updated_keys.size
+            }
+          end
+        end
+      end
+
+      def respond_with_update_failure(error)
+        respond_to do |format|
+          format.html do
+            redirect_to ruby_cms_admin_settings_path(redirect_settings_params),
+                        alert: error.message
+          end
+
+          format.json do
+            render json: { success: false, error: error.message }, status: :unprocessable_content
+          end
+        end
+      end
+
+      def nav_order_from_raw_hash(data)
+        main = data["nav_order_main"]
+        bottom = data["nav_order_bottom"]
+        main = Array(main).map(&:to_s) if main
+        bottom = Array(bottom).map(&:to_s) if bottom
+        (main || []) + (bottom || [])
+      end
+
+      def nav_order_arrays_from_json(data)
+        main = data.dig("settings", "nav_order_main") ||
+               data["nav_order_main"].presence ||
+               data[:nav_order_main].presence
+        bottom = data.dig("settings", "nav_order_bottom") ||
+                 data["nav_order_bottom"].presence ||
+                 data[:nav_order_bottom].presence
+        [main, bottom]
+      end
+    end
+  end
+end

data/app/controllers/ruby_cms/admin/user_permissions_controller.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module RubyCms
+  module Admin
+    class UserPermissionsController < BaseController
+      before_action { require_permission!(:manage_permissions) }
+      before_action :set_user
+
+      def index
+        @permissions = RubyCms::Permission.order(:key)
+        @user_permissions = if @user
+                              RubyCms::UserPermission.where(user: @user)
+                                                     .includes(:permission)
+                            else
+                              []
+                            end
+      end
+
+      def create
+        permission = RubyCms::Permission.find(params[:permission_id])
+        if RubyCms::UserPermission.find_or_create_by!(user: @user, permission: permission)
+          redirect_to ruby_cms_admin_user_permissions_path(@user),
+                      notice: t("ruby_cms.admin.user_permissions.granted")
+        end
+      rescue ActiveRecord::RecordInvalid
+        redirect_to ruby_cms_admin_user_permissions_path(@user),
+                    alert: t("ruby_cms.admin.user_permissions.could_not_grant")
+      end
+
+      def destroy
+        up = RubyCms::UserPermission.find_by!(user: @user, id: params[:id])
+        up.destroy
+        redirect_to ruby_cms_admin_user_permissions_path(@user),
+                    notice: t("ruby_cms.admin.user_permissions.revoked")
+      end
+
+      def bulk_delete
+        ids = Array(params[:item_ids]).filter_map(&:to_i)
+        user_permissions = RubyCms::UserPermission.where(user: @user, id: ids)
+        count = user_permissions.count
+        user_permissions.destroy_all
+        redirect_to ruby_cms_admin_user_permissions_path(@user),
+                    notice: "#{count} permission(s) #{
+                      t('ruby_cms.admin.user_permissions.revoked')
+                    }."
+      end
+
+      private
+
+      def set_user
+        @user = user_class.find(params[:user_id])
+      end
+
+      def user_class
+        Object.const_get(Rails.application.config.ruby_cms.user_class_name.presence || "User")
+      end
+    end
+  end
+end

data/app/controllers/ruby_cms/admin/users_controller.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+module RubyCms
+  module Admin
+    class UsersController < BaseController
+      include RubyCms::AdminPagination
+      include RubyCms::AdminTurboTable
+
+      paginates per_page: -> { RubyCms::Preference.get(:users_per_page, default: 50) },
+                turbo_frame: "admin_table_content"
+
+      before_action { require_permission!(:manage_permissions) }
+
+      def index
+        @users = paginated_users
+        @index ||= user_class.none
+      end
+
+      def create
+        user = user_class.new(user_params)
+        if user.save
+          redirect_to ruby_cms_admin_users_path, notice: t("ruby_cms.admin.users.created")
+        else
+          handle_create_failure(user)
+        end
+      end
+
+      def destroy
+        user = user_class.find(params[:id])
+        user.destroy
+        redirect_to ruby_cms_admin_users_path, notice: t("ruby_cms.admin.users.deleted")
+      end
+
+      def bulk_delete
+        ids = Array(params[:item_ids]).filter_map(&:to_i)
+        users = user_class.where(id: ids)
+        count = users.count
+        users.destroy_all
+        turbo_redirect_to ruby_cms_admin_users_path, notice: "#{count} user(s) #{
+          t('ruby_cms.admin.users.deleted')
+        }."
+      end
+
+      private
+
+      def paginated_users
+        collection = user_class.order(:id)
+        collection = apply_search_filter(collection)
+        paginate_collection(collection)
+      end
+
+      def apply_search_filter(collection)
+        return collection if params[:q].blank?
+
+        collection.where(build_search_conditions)
+      end
+
+      def build_search_conditions
+        search_term = "%#{params[:q].downcase}%"
+        email_attr = user_email_column
+        conditions = ["LOWER(#{email_attr}) LIKE ?"]
+        values = [search_term]
+
+        if numeric_query?
+          conditions << "id = ?"
+          values << params[:q].to_i
+        end
+
+        [conditions.join(" OR "), *values]
+      end
+
+      def user_email_column
+        user_class.column_names.include?("email_address") ? :email_address : :email
+      end
+
+      def numeric_query?
+        params[:q] =~ /^\d+$/
+      end
+
+      def handle_create_failure(user)
+        @users = user_class.order(:id).limit(100)
+        flash.now[:alert] = t(
+          "ruby_cms.admin.users.could_not_create",
+          errors: user.errors.full_messages.to_sentence
+        )
+        render :index, status: :unprocessable_content
+      end
+
+      def user_class
+        Object.const_get(Rails.application.config.ruby_cms.user_class_name.presence || "User")
+      end
+
+      def user_params
+        email_attr = user_class.column_names.include?("email_address") ? :email_address : :email
+        password_attrs = if user_class.column_names.include?("password")
+                           %i[
+                             password
+                             password_confirmation
+                           ]
+                         else
+                           []
+                         end
+        params.expect(user: [email_attr, *password_attrs])
+      end
+    end
+  end
+end

data/app/controllers/ruby_cms/admin/visitor_errors_controller.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+module RubyCms
+  module Admin
+    class VisitorErrorsController < BaseController
+      include RubyCms::AdminPagination
+      include RubyCms::AdminTurboTable
+
+      paginates per_page: -> { RubyCms::Preference.get(:visitor_errors_per_page, default: 25) },
+                turbo_frame: "admin_table_content"
+
+      before_action { require_permission!(:manage_visitor_errors) }
+      before_action :set_visitor_error, only: %i[show resolve]
+
+      def index
+        scope = RubyCms::VisitorError.recent
+        scope = scope.where(resolved: params[:resolved] == "true") if params[:resolved].present?
+        scope = apply_search_filter(scope)
+        scope = apply_error_type_filter(scope)
+        @visitor_errors = set_pagination_vars(scope)
+        render_index
+      end
+
+      def show; end
+
+      def resolve
+        @visitor_error.update!(resolved: true)
+        redirect_to ruby_cms_admin_visitor_errors_path,
+                    notice: t("ruby_cms.admin.visitor_errors.resolved")
+      end
+
+      def bulk_delete
+        ids = Array(params[:item_ids]).filter_map(&:to_i)
+        count = RubyCms::VisitorError.where(id: ids).destroy_all.size
+        redirect_to ruby_cms_admin_visitor_errors_path,
+                    notice: t("ruby_cms.admin.visitor_errors.bulk_deleted", count:)
+      end
+
+      def bulk_mark_as_resolved
+        ids = Array(params[:item_ids]).filter_map(&:to_i)
+        count = mark_visitor_errors_resolved(ids)
+        redirect_to ruby_cms_admin_visitor_errors_path,
+                    notice: t("ruby_cms.admin.visitor_errors.bulk_resolved", count:)
+      end
+
+      private
+
+      def set_visitor_error
+        @visitor_error = RubyCms::VisitorError.find(params[:id])
+      end
+
+      def apply_search_filter(scope)
+        return scope if params[:search].blank?
+
+        term = sanitize_search_term(params[:search])
+        scope.where("request_path ILIKE ?", "%#{term}%")
+      end
+
+      def apply_error_type_filter(scope)
+        return scope if params[:error_type].blank?
+
+        term = sanitize_search_term(params[:error_type])
+        scope.where("error_class ILIKE ?", "%#{term}%")
+      end
+
+      def sanitize_search_term(term)
+        term.to_s.strip.gsub(/[%_\\]/, "").truncate(100)
+      end
+
+      def mark_visitor_errors_resolved(ids)
+        scope = RubyCms::VisitorError.where(id: ids)
+        count = 0
+        scope.find_each do |record|
+          record.update!(resolved: true)
+          count += 1
+        end
+        count
+      end
+
+      def render_index
+        if turbo_frame_request?
+          render :index, layout: false
+        else
+          render :index
+        end
+      end
+    end
+  end
+end