trusty-cms 7.0.2 → 7.0.3

data/app/helpers/admin/users_helper.rb

@@ -2,7 +2,8 @@ module Admin::UsersHelper
   def roles(user)
     roles = []
     roles << I18n.t('admin') if user.admin?
-    roles << I18n.t('designer') if user.designer?
+    roles << I18n.t('editor') if user.editor?
+    roles << I18n.t('content_editor') if user.content_editor?
     roles.join(', ')
   end
 end

data/app/models/admins_site.rb

@@ -0,0 +1,6 @@
+class AdminsSite < ActiveRecord::Base
+  self.table_name = 'admins_sites'
+
+  belongs_to :admin, class_name: 'User'
+  belongs_to :site
+end

data/app/models/site.rb

@@ -7,6 +7,8 @@ class Site < ActiveRecord::Base
   belongs_to :created_by, class_name: 'User'
   belongs_to :updated_by, class_name: 'User'
   belongs_to :production_homepage, class_name: 'ProductionPage'
+  has_many :admins_sites
+  has_many :admins, through: :admins_sites, class_name: 'User'
 
   default_scope { order('position ASC') }
 

data/app/models/trusty_cms/config.rb

@@ -81,7 +81,8 @@ module TrustyCms
               TrustyCms::Config.initialize_cache
             end
             TrustyCms::Config.initialize_cache if TrustyCms::Config.stale_cache?
-            Rails.cache.read('TrustyCms::Config')[key]
+            config_cache = Rails.cache.read('TrustyCms::Config')
+            config_cache ? config_cache[key] : nil
           end
         end
       end

data/app/models/user.rb

@@ -7,7 +7,6 @@ class User < ActiveRecord::Base
          :recoverable, :rememberable, :trackable, :validatable
 
   alias_attribute :created_by_id, :id
-
   attr_accessor :skip_password_validation
 
   validate :password_complexity
@@ -18,6 +17,13 @@ class User < ActiveRecord::Base
   # Associations
   belongs_to :created_by, class_name: 'User'
   belongs_to :updated_by, class_name: 'User'
+  has_many :admins_sites, foreign_key: 'admin_id', class_name: 'AdminsSite', dependent: :destroy
+  has_many :sites, through: :admins_sites
+
+  # Roles
+  # Admin - all permissions
+  # Editor - all permissions except for users, sites editing
+  # Content Editor - all permissions except for users, sites, publishing and deleting
 
   def role?(role)
     case role
@@ -40,12 +46,16 @@ class User < ActiveRecord::Base
     designer
   end
 
+  def editor?
+    designer
+  end
+
   def content_editor?
     content_editor
   end
 
-  def scoped?
-    site_id.present?
+  def scoped_site?
+    sites.present?
   end
 
   def locale
@@ -67,4 +77,5 @@ class User < ActiveRecord::Base
 
     errors.add :password, 'Complexity requirement not met. Length should be 12 characters and include: 1 uppercase, 1 lowercase, 1 digit and 1 special character.'
   end
-end
+
+end

data/app/views/admin/layouts/_choose_site.html.haml

@@ -1,7 +1,9 @@
 - unless current_user.site
   %label{:for=>'layout_site_id', :class => 'admin_only'}
     Site
-    - sites = Site.all.map { |s| [s.name, s.id] }
-    - selection = {:include_blank => Layout.is_shareable?}
-    - selection[:selected] = current_site.id if @layout.new_record? && ! Layout.is_shareable?
+    :ruby
+      user_sites = current_user.admins_sites.pluck(:site_id)
+      sites = Site.where(:id => user_sites).map { |s| [s.name, s.id] }
+      selection = {:include_blank => Layout.is_shareable?}
+      selection[:selected] = current_site.id if @layout.new_record? && ! Layout.is_shareable?
     = select :layout, :site_id, sites, selection

data/app/views/admin/layouts/_site_chooser.html.haml

@@ -1,9 +1,9 @@
-- if current_user.admin? && !current_user.scoped? && defined?(Site) && defined?(controller) && controller.sited_model? && controller.template_name == 'index' && Site.several?
+- if current_user.scoped_site? && defined?(Site) && defined?(controller) && controller.sited_model? && controller.template_name == 'index' && Site.several?
   .site_chooser
     %ul.nav
       %li
         = "Current Site: #{current_site.name}"
         %ul.expansion
-          - Site.all.each do |site|
+          - current_user.sites.each do |site|
             %li
               = link_to( site.name, "#{request.path}?site_id=#{site.id}", :class => site == current_site ? 'fg site-link' : 'site-link')

data/app/views/admin/pages/_fields.html.haml

@@ -41,9 +41,10 @@
         = fields.label :class_name, t('page_type')
         = fields.select :class_name, [[t('select.normal'), '']] + Page.descendants.map { |p| [p.display_name, p.name] }.sort_by { |p| p.first }
     - layout.edit_status do
-      .status
-        = fields.label :status_id, t('status')
-        = fields.select :status_id, status_to_display
+      - if current_user.admin? || current_user.editor?
+        .status
+          = fields.label :status_id, t('status')
+          = fields.select :status_id, status_to_display
     - layout.edit_published_at do
       .published-date
         #published_at{:class => (@page.published? ? nil : 'hidden')}

data/app/views/admin/pages/_node.html.haml

@@ -18,5 +18,5 @@
       - unless simple
         %td.actions
           = page.add_child_option
-          - if current_user.admin?
+          - if current_user.editor? || current_user.admin?
             = page.remove_option

data/app/views/admin/snippets/_choose_site.html.haml

@@ -1,5 +1,6 @@
 - unless current_user.site
   %label{:for=>'snippet_site_id', :Class => 'admin_only'}
     Site
-    - sites = Site.all.map { |s| [s.name, s.id] }
+    - user_sites = current_user.admins_sites.pluck(:site_id)
+    - sites = Site.where(:id => user_sites).map { |s| [s.name, s.id] }
     = select :snippet, :site_id, sites, :include_blank => Snippet.is_shareable?, :selected => @snippet.site_id || current_site.id

data/app/views/admin/users/_choose_site.html.haml

@@ -1,4 +1,5 @@
 - if current_user.admin?
   %label{:for=>'user_admin'} Can edit site
-  = select :user, :site_id, [['<any>', '']] + Site.all.map { |s| [s.name, s.id] }
+  .caption (hold ctrl or cmd to select multiple)
   .caption A user with no site is able to act (to whatever extent their status allows) on any site.
+  = select :user, :site_ids, options_for_select(Site.all.map { |s| [s.name, s.id] }, selected: @user.site_ids), {}, { multiple: true }

data/app/views/admin/users/_form.html.haml

@@ -25,7 +25,9 @@
           = f.check_box 'admin', :class => 'checkbox'
           = f.label :admin, t('admin'), :class => 'checkbox'
           = f.check_box 'designer', :class => 'checkbox'
-          = f.label :designer, t('designer'), :class => 'checkbox'
+          = f.label :designer, t('editor'), :class => 'checkbox'
+          = f.check_box 'content_editor', :class => 'checkbox'
+          = f.label :content_editor, t('content_editor'), :class => 'checkbox'
 
     - form.edit_notes do
       %fieldset

data/bin/rails

@@ -3,8 +3,8 @@
 # installed from the root of your application.
 
 ENGINE_ROOT = File.expand_path('..', __dir__)
-ENGINE_PATH = File.expand_path('../lib/trusty/cms/engine', __dir__)
-APP_PATH = File.expand_path('../test/dummy/config/application', __dir__)
+ENGINE_PATH = File.expand_path('../lib/trusty_cms/engine', __dir__)
+APP_PATH = File.expand_path('../spec/dummy/config/application', __dir__)
 
 # Set up gems listed in the Gemfile.
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)

data/config/application.rb

@@ -20,6 +20,7 @@ module TrustyCms
     Rails.autoloaders.log!
     # Enable the asset pipeline
     config.assets.enabled = true
+    config.active_record.legacy_connection_handling = false
 
     # Version of your assets, change this if you want to expire all your assets
     config.assets.version = '1.0'

data/config/locales/en.yml

@@ -140,7 +140,7 @@ en:
         secret: 'Secret'
       skip_filetype_validation: 'Skip Filetype Validation'
       storage: 'Storage'
-      url: 'Url'  
+      url: 'Url'
     defaults:
       locale: 'default language'
       page:
@@ -159,17 +159,18 @@ en:
       allow_password_reset?: "allow password reset"
   content: 'Content'
   content_type: 'Content‑Type'
+  content_editor: 'Content Editor'
   creating_status: 'Creating %{model}…'
   date:
-    abbr_day_names: [Sun, Mon, Tue, Wed, Thu, Fri, Sat]
-    abbr_month_names: [~, Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec]
-    day_names: [Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday]
+    abbr_day_names: [ Sun, Mon, Tue, Wed, Thu, Fri, Sat ]
+    abbr_month_names: [ ~, Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec ]
+    day_names: [ Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday ]
     formats:
       default: "%Y-%m-%d"
       long: "%B %e, %Y"
       only_day: "%e"
       short: "%e %b"
-    month_names: [~, January, February, March, April, May, June, July, August, September, October, November, December]
+    month_names: [ ~, January, February, March, April, May, June, July, August, September, October, November, December ]
     order:
       - :year
       - :month
@@ -183,9 +184,10 @@ en:
   designer: 'Designer'
   draft: 'Draft'
   edit: 'Edit'
+  editor: 'Editor'
   edit_configuration: 'Edit Configuration'
   edit_layout: 'Edit Layout'
-  edit_page:  'Edit Page'
+  edit_page: 'Edit Page'
   edit_preferences: 'Edit Preferences'
   edit_settings: 'Edit Settings'
   edit_user: 'Edit User'
@@ -242,7 +244,7 @@ en:
   published: 'Published'
   published_at: 'Published at'
   published_on: 'Published On'
-  reference:  'Reference'
+  reference: 'Reference'
   remember_me: 'Remember me'
   remember_me_in_this_browser: 'Remember me in this browser'
   remove: 'Remove'
@@ -277,7 +279,7 @@ en:
   snippets: 'Snippets'
   snippet: 'Snippet'
   status: 'Status'
-    # Warnings and info text:
+  # Warnings and info text:
   testing: Testing
   text:
     layouts:

data/db/migrate/20241108172942_create_site_users.rb

@@ -0,0 +1,8 @@
+class CreateSiteUsers < ActiveRecord::Migration[7.0]
+  def change
+    create_table :admins_sites do |t|
+      t.integer :admin_id, null: false, index: true
+      t.integer :site_id, null: false, index: true
+    end
+  end
+end

data/lib/login_system.rb

@@ -40,27 +40,27 @@ module LoginSystem
     true
   end
 
-  def authorize
-    # puts _process_action_callbacks.map(&:filter)
-    # action = action_name.to_s.intern
-    # if user_has_access_to_action?(action)
-    #   true
-    # else
-    #   permissions = self.class.controller_permissions[action]
-    #   flash[:error] = permissions[:denied_message] || 'Access denied.'
-    #   respond_to do |format|
-    #     format.html { redirect_to(permissions[:denied_url] || { :action => :index }) }
-    #     format.any(:xml, :json) { head :forbidden }
-    #   end
-    #   false
-    # end
-    true
+  def authorize_role
+    action = action_name.to_s.intern
+    return true if user_has_access_to_action?(action)
+
+    handle_unauthorized_access(action)
+    false
   end
 
   def user_has_access_to_action?(action)
     self.class.user_has_access_to_action?(current_user, action, self)
   end
 
+  def handle_unauthorized_access(action)
+    permissions = self.class.controller_permissions[action]
+    flash[:error] = permissions[:denied_message] || 'Access denied.'
+    respond_to do |format|
+      format.html { redirect_to(permissions[:denied_url] || { action: :index }) }
+      format.any(:xml, :json) { head :forbidden }
+    end
+  end
+
   def login_from_session
     User.unscoped.find(session['user_id'])
   rescue StandardError

data/lib/trusty_cms/version.rb

@@ -1,4 +1,4 @@
 module TrustyCms
-  VERSION = '7.0.2'.freeze
+  VERSION = '7.0.3'.freeze
 end
 

data/spec/dummy/config/application.rb

@@ -31,6 +31,8 @@ module TrustyCms
 
     # Initialize extension paths
     config.initialize_extension_paths
+    config.active_record.legacy_connection_handling = false
+
     extension_loader = ExtensionLoader.instance { |l| l.initializer = self }
     extension_loader.paths(:load).reverse_each do |path, value|
       config.autoload_paths.unshift path

data/spec/dummy/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2023_10_19_192097) do
+ActiveRecord::Schema[7.0].define(version: 2024_11_08_172942) do
   create_table "active_storage_attachments", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
     t.string "name", null: false
     t.string "record_type", null: false
@@ -69,6 +69,13 @@ ActiveRecord::Schema[7.0].define(version: 2023_10_19_192097) do
     t.datetime "updated_at", precision: nil, null: false
   end
 
+  create_table "admins_sites", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
+    t.integer "admin_id", null: false
+    t.integer "site_id", null: false
+    t.index ["admin_id"], name: "index_admins_sites_on_admin_id"
+    t.index ["site_id"], name: "index_admins_sites_on_site_id"
+  end
+
   create_table "assets", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
     t.string "caption"
     t.string "title"

data/spec/factories/snippet.rb

@@ -0,0 +1,10 @@
+FactoryBot.define do
+
+  factory :snippet do
+    name { 'test_snippet' }
+    content { <<-CONTENT }
+      <p>Snippet Stuff</p>
+    CONTENT
+  end
+
+end

data/spec/factories/user.rb

@@ -1,34 +1,34 @@
 FactoryBot.define do
   factory :user do
-    name { 'User' }
+    first_name { 'FirstName' }
+    last_name { 'LastName' }
     email { 'email@test.com' }
-    login { 'user' }
-    password { 'password' }
+    password { 'ComplexPass1!' }
     password_confirmation { password }
 
     factory :admin do
-      name { 'Admin' }
-      login { 'admin' }
+      first_name { 'FirstName' }
+      last_name { 'LastName' }
       email { 'admin@example.com' }
       admin { true }
     end
 
     factory :existing do
-      name { 'Existing' }
-      login { 'existing' }
+      first_name { 'FirstName' }
+      last_name { 'LastName' }
       email { 'existing@example.com' }
     end
 
     factory :designer do
-      name { 'Designer' }
-      login { 'designer' }
+      first_name { 'FirstName' }
+      last_name { 'LastName' }
       email { '' }
       designer { true }
     end
 
     factory :non_admin do
-      name { 'Non Admin' }
-      login { 'non_admin' }
+      first_name { 'FirstName' }
+      last_name { 'LastName' }
       admin { false }
     end
   end

data/spec/models/snippets_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe Snippet do
+
+  let(:snippet) { FactoryBot.build(:snippet) }
+
+  describe 'name' do
+    it 'is invalid when blank' do
+      snippet = FactoryBot.build(:snippet, name: '')
+      snippet.valid?
+      expect(snippet.errors[:name]).to include("This field is required.")
+    end
+
+    it 'should validate uniqueness of' do
+      snippet = FactoryBot.build(:snippet, name: 'test_snippet', content: "Content!")
+      snippet.save!
+      other = FactoryBot.build(:snippet, name: 'test_snippet', content: "Content!")
+      expect { other.save! }.to raise_error(ActiveRecord::RecordInvalid)
+    end
+
+    it 'should validate length of' do
+      snippet = FactoryBot.build(:snippet, name: 'x' * 100)
+      expect(snippet.errors[:name]).to be_blank
+      snippet = FactoryBot.build(:snippet, name: 'x' * 101)
+      expect { snippet.save! }.to raise_error(ActiveRecord::RecordInvalid)
+      expect(snippet.errors[:name]).to include("This must not be longer than 100 characters")
+    end
+  end
+end

data/spec/models/user_spec.rb

@@ -0,0 +1,46 @@
+require 'spec_helper'
+
+describe User do
+  describe '#role?' do
+    let(:user) { create(:user) }
+
+    it 'returns true for admin role' do
+      user.admin = true
+      expect(user.role?(:admin)).to be true
+    end
+
+    it 'returns false for non-admin role' do
+      user.admin = false
+      expect(user.role?(:admin)).to be false
+    end
+  end
+
+  describe '#password_complexity' do
+    let(:user) { build(:user) }
+
+    it 'is valid with a complex password' do
+      user.password = 'ComplexPass1!'
+      expect(user).to be_valid
+    end
+
+    it 'is invalid with a simple password' do
+      user.password = 'simple'
+      user.valid?
+      expect(user.errors[:password]).to include('Complexity requirement not met. Length should be 12 characters and include: 1 uppercase, 1 lowercase, 1 digit and 1 special character.')
+    end
+  end
+
+  describe '#password_required?' do
+    let(:user) { build(:user) }
+
+    it 'returns false if skip_password_validation is true' do
+      user.skip_password_validation = true
+      expect(user.password_required?).to be false
+    end
+
+    it 'returns true if skip_password_validation is false' do
+      user.skip_password_validation = false
+      expect(user.password_required?).to be true
+    end
+  end
+end

data/trusty_cms.gemspec

@@ -43,7 +43,7 @@ a general purpose content management system--not merely a blogging engine.'
   s.add_dependency 'mini_racer'
   s.add_dependency 'mutex_m'
   s.add_dependency 'mysql2'
-  s.add_dependency 'rack', '>= 2.0.1', '< 3.1.0'
+  s.add_dependency 'rack', '>= 2.0.1', '< 3.2.0'
   s.add_dependency 'rack-cache', '~> 1.7'
   s.add_dependency 'radius', '~> 0.7'
   s.add_dependency 'rails', '~> 7.0.0'

data/vendor/extensions/multi-site-extension/lib/multi_site/scoped_model.rb

@@ -17,7 +17,7 @@ module MultiSite
       # that is, anything without a site is considered to be shared among all sites
       # the default is false
 
-      def is_site_scoped(options={})
+      def is_site_scoped(options = {})
         return if is_site_scoped?
 
         options = {
@@ -25,7 +25,7 @@ module MultiSite
         }.merge(options)
 
         class_eval <<-EO
-          default_scope {where(site_scope_condition)}
+          #{ self == User ? 'default_scope { joins(user_scope_condition) }' : 'default_scope { where(site_scope_condition) }' }
           extend MultiSite::ScopedModel::ScopedClassMethods
           include MultiSite::ScopedModel::ScopedInstanceMethods
         EO
@@ -52,8 +52,7 @@ module MultiSite
 
     module ScopedClassMethods
 
-
-      def paginate_with_site(options={})
+      def paginate_with_site(options = {})
         return paginate_without_site(options) unless sites?
         where(site_scope_condition) do
           paginate_without_site(options)
@@ -63,7 +62,7 @@ module MultiSite
       %w{count average minimum maximum sum}.each do |getter|
         define_method("#{getter}_with_site") do |*args|
           return send("#{getter}_without_site".intern, *args) unless sites?
-          with_scope(:find => {:conditions => site_scope_condition}) do
+          with_scope(:find => { :conditions => site_scope_condition }) do
             send "#{getter}_without_site".intern, *args
           end
         end
@@ -73,11 +72,11 @@ module MultiSite
       # and should only be used in odd cases like migration.
       def find_without_site(*args)
         options = args.extract_options!
-        #set_readonly_option!(options)
+        # set_readonly_option!(options)
 
         case args.first
-          when :first then find_initial_without_site(options)     # defined here
-          when :all   then all_without_site(options)       # already defined by the alias chain
+        when :first then find_initial_without_site(options) # defined here
+        when :all then all_without_site(options) # already defined by the alias chain
         end
       end
 
@@ -110,6 +109,12 @@ module MultiSite
         condition
       end
 
+      def user_scope_condition
+        return "" unless self.current_site
+
+        "INNER JOIN `admins_sites` ON `admins_sites`.`admin_id` = `admins`.`id` AND `admins_sites`.`site_id` = #{self.current_site.id}"
+      end
+
       def plural_symbol_for_class
         self.to_s.pluralize.underscore.intern
       end
@@ -125,9 +130,10 @@ module MultiSite
 
     module ScopedInstanceMethods
       protected
-        def set_site
-          self.site ||= self.class.current_site! unless self.class.is_shareable?
-        end
+
+      def set_site
+        self.site ||= self.class.current_site! unless self.class.is_shareable?
+      end
     end
   end
 end

data/vendor/extensions/multi-site-extension/lib/multi_site/site_chooser_helper.rb

@@ -1,14 +1,14 @@
 module MultiSite::SiteChooserHelper
 
-def sites_chooser_thing
-  return "" unless current_user.admin? && defined?(Site) && defined?(controller) && controller.sited_model? && controller.template_name == 'index' && Site.several?
-  options = Site.all.map{ |site| "<li>" + link_to( site.name, "#{request.path}?site_id=#{site.id}", :class => site == current_site ? 'fg' : '') + "</li>" }.join("")
-  chooser = %{<div id="site_chooser">}
-  #chooser << link_to("sites", admin_sites_url, {:id => 'show_site_list', :class => 'expandable'})
-  chooser << %{<ul id="nav"><li>Current Site: #{current_site.name}}
-  chooser << %{<ul class="expansion">#{options}</ul></li></ul>}
-  chooser << %{</div>}
-  chooser
-end
+  def sites_chooser_thing
+    return "" unless current_user.admin? && defined?(Site) && defined?(controller) && controller.sited_model? && controller.template_name == 'index' && Site.several?
+    options = Site.all.map { |site| "<li>" + link_to(site.name, "#{request.path}?site_id=#{site.id}", :class => site == current_site ? 'fg' : '') + "</li>" }.join("")
+    chooser = %{<div id="site_chooser">}
+    # chooser << link_to("sites", admin_sites_url, {:id => 'show_site_list', :class => 'expandable'})
+    chooser << %{<ul id="nav"><li>Current Site: #{current_site.name}}
+    chooser << %{<ul class="expansion">#{options}</ul></li></ul>}
+    chooser << %{</div>}
+    chooser
+  end
 
 end