trusty-cms 7.0.2 → 7.0.4

data/config/locales/en.yml

@@ -140,7 +140,7 @@ en:
         secret: 'Secret'
       skip_filetype_validation: 'Skip Filetype Validation'
       storage: 'Storage'
-      url: 'Url'  
+      url: 'Url'
     defaults:
       locale: 'default language'
       page:
@@ -159,17 +159,18 @@ en:
       allow_password_reset?: "allow password reset"
   content: 'Content'
   content_type: 'Content‑Type'
+  content_editor: 'Content Editor'
   creating_status: 'Creating %{model}…'
   date:
-    abbr_day_names: [Sun, Mon, Tue, Wed, Thu, Fri, Sat]
-    abbr_month_names: [~, Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec]
-    day_names: [Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday]
+    abbr_day_names: [ Sun, Mon, Tue, Wed, Thu, Fri, Sat ]
+    abbr_month_names: [ ~, Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec ]
+    day_names: [ Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday ]
     formats:
       default: "%Y-%m-%d"
       long: "%B %e, %Y"
       only_day: "%e"
       short: "%e %b"
-    month_names: [~, January, February, March, April, May, June, July, August, September, October, November, December]
+    month_names: [ ~, January, February, March, April, May, June, July, August, September, October, November, December ]
     order:
       - :year
       - :month
@@ -183,9 +184,10 @@ en:
   designer: 'Designer'
   draft: 'Draft'
   edit: 'Edit'
+  editor: 'Editor'
   edit_configuration: 'Edit Configuration'
   edit_layout: 'Edit Layout'
-  edit_page:  'Edit Page'
+  edit_page: 'Edit Page'
   edit_preferences: 'Edit Preferences'
   edit_settings: 'Edit Settings'
   edit_user: 'Edit User'
@@ -241,8 +243,8 @@ en:
   preview: 'Preview'
   published: 'Published'
   published_at: 'Published at'
-  published_on: 'Published On'
-  reference:  'Reference'
+  publish_datetime: 'Publish Date & Time'
+  reference: 'Reference'
   remember_me: 'Remember me'
   remember_me_in_this_browser: 'Remember me in this browser'
   remove: 'Remove'
@@ -277,7 +279,7 @@ en:
   snippets: 'Snippets'
   snippet: 'Snippet'
   status: 'Status'
-    # Warnings and info text:
+  # Warnings and info text:
   testing: Testing
   text:
     layouts:

data/config/routes.rb

@@ -4,6 +4,7 @@ TrustyCms::Application.routes.draw do
   as :user do
     post 'authenticate', to: 'devise/sessions#create', as: :authenticate
   end
+  post '/page-status/refresh' => 'page_status#refresh'
   get '/rad_social/mail' => 'social_mailer#social_mail_form', as: :rad_social_mail_form
   post '/rad_social/mail' => 'social_mailer#create_social_mail', as: :rad_create_social_mail
   TrustyCms::Application.config.enabled_extensions.each do |ext|

data/db/migrate/20241108172942_create_site_users.rb

@@ -0,0 +1,8 @@
+class CreateSiteUsers < ActiveRecord::Migration[7.0]
+  def change
+    create_table :admins_sites do |t|
+      t.integer :admin_id, null: false, index: true
+      t.integer :site_id, null: false, index: true
+    end
+  end
+end

data/lib/login_system.rb

@@ -40,27 +40,27 @@ module LoginSystem
     true
   end
 
-  def authorize
-    # puts _process_action_callbacks.map(&:filter)
-    # action = action_name.to_s.intern
-    # if user_has_access_to_action?(action)
-    #   true
-    # else
-    #   permissions = self.class.controller_permissions[action]
-    #   flash[:error] = permissions[:denied_message] || 'Access denied.'
-    #   respond_to do |format|
-    #     format.html { redirect_to(permissions[:denied_url] || { :action => :index }) }
-    #     format.any(:xml, :json) { head :forbidden }
-    #   end
-    #   false
-    # end
-    true
+  def authorize_role
+    action = action_name.to_s.intern
+    return true if user_has_access_to_action?(action)
+
+    handle_unauthorized_access(action)
+    false
   end
 
   def user_has_access_to_action?(action)
     self.class.user_has_access_to_action?(current_user, action, self)
   end
 
+  def handle_unauthorized_access(action)
+    permissions = self.class.controller_permissions[action]
+    flash[:error] = permissions[:denied_message] || 'Access denied.'
+    respond_to do |format|
+      format.html { redirect_to(permissions[:denied_url] || { action: :index }) }
+      format.any(:xml, :json) { head :forbidden }
+    end
+  end
+
   def login_from_session
     User.unscoped.find(session['user_id'])
   rescue StandardError

data/lib/trusty_cms/version.rb

@@ -1,4 +1,4 @@
 module TrustyCms
-  VERSION = '7.0.2'.freeze
+  VERSION = '7.0.4'.freeze
 end
 

data/spec/dummy/config/application.rb

@@ -31,6 +31,8 @@ module TrustyCms
 
     # Initialize extension paths
     config.initialize_extension_paths
+    config.active_record.legacy_connection_handling = false
+
     extension_loader = ExtensionLoader.instance { |l| l.initializer = self }
     extension_loader.paths(:load).reverse_each do |path, value|
       config.autoload_paths.unshift path

data/spec/dummy/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2023_10_19_192097) do
+ActiveRecord::Schema[7.0].define(version: 2024_11_08_172942) do
   create_table "active_storage_attachments", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
     t.string "name", null: false
     t.string "record_type", null: false
@@ -69,6 +69,13 @@ ActiveRecord::Schema[7.0].define(version: 2023_10_19_192097) do
     t.datetime "updated_at", precision: nil, null: false
   end
 
+  create_table "admins_sites", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
+    t.integer "admin_id", null: false
+    t.integer "site_id", null: false
+    t.index ["admin_id"], name: "index_admins_sites_on_admin_id"
+    t.index ["site_id"], name: "index_admins_sites_on_site_id"
+  end
+
   create_table "assets", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
     t.string "caption"
     t.string "title"

data/spec/factories/snippet.rb

@@ -0,0 +1,10 @@
+FactoryBot.define do
+
+  factory :snippet do
+    name { 'test_snippet' }
+    content { <<-CONTENT }
+      <p>Snippet Stuff</p>
+    CONTENT
+  end
+
+end

data/spec/factories/user.rb

@@ -1,34 +1,34 @@
 FactoryBot.define do
   factory :user do
-    name { 'User' }
+    first_name { 'FirstName' }
+    last_name { 'LastName' }
     email { 'email@test.com' }
-    login { 'user' }
-    password { 'password' }
+    password { 'ComplexPass1!' }
     password_confirmation { password }
 
     factory :admin do
-      name { 'Admin' }
-      login { 'admin' }
+      first_name { 'FirstName' }
+      last_name { 'LastName' }
       email { 'admin@example.com' }
       admin { true }
     end
 
     factory :existing do
-      name { 'Existing' }
-      login { 'existing' }
+      first_name { 'FirstName' }
+      last_name { 'LastName' }
       email { 'existing@example.com' }
     end
 
     factory :designer do
-      name { 'Designer' }
-      login { 'designer' }
+      first_name { 'FirstName' }
+      last_name { 'LastName' }
       email { '' }
       designer { true }
     end
 
     factory :non_admin do
-      name { 'Non Admin' }
-      login { 'non_admin' }
+      first_name { 'FirstName' }
+      last_name { 'LastName' }
       admin { false }
     end
   end

data/spec/models/snippets_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe Snippet do
+
+  let(:snippet) { FactoryBot.build(:snippet) }
+
+  describe 'name' do
+    it 'is invalid when blank' do
+      snippet = FactoryBot.build(:snippet, name: '')
+      snippet.valid?
+      expect(snippet.errors[:name]).to include("This field is required.")
+    end
+
+    it 'should validate uniqueness of' do
+      snippet = FactoryBot.build(:snippet, name: 'test_snippet', content: "Content!")
+      snippet.save!
+      other = FactoryBot.build(:snippet, name: 'test_snippet', content: "Content!")
+      expect { other.save! }.to raise_error(ActiveRecord::RecordInvalid)
+    end
+
+    it 'should validate length of' do
+      snippet = FactoryBot.build(:snippet, name: 'x' * 100)
+      expect(snippet.errors[:name]).to be_blank
+      snippet = FactoryBot.build(:snippet, name: 'x' * 101)
+      expect { snippet.save! }.to raise_error(ActiveRecord::RecordInvalid)
+      expect(snippet.errors[:name]).to include("This must not be longer than 100 characters")
+    end
+  end
+end

data/spec/models/user_spec.rb

@@ -0,0 +1,46 @@
+require 'spec_helper'
+
+describe User do
+  describe '#role?' do
+    let(:user) { create(:user) }
+
+    it 'returns true for admin role' do
+      user.admin = true
+      expect(user.role?(:admin)).to be true
+    end
+
+    it 'returns false for non-admin role' do
+      user.admin = false
+      expect(user.role?(:admin)).to be false
+    end
+  end
+
+  describe '#password_complexity' do
+    let(:user) { build(:user) }
+
+    it 'is valid with a complex password' do
+      user.password = 'ComplexPass1!'
+      expect(user).to be_valid
+    end
+
+    it 'is invalid with a simple password' do
+      user.password = 'simple'
+      user.valid?
+      expect(user.errors[:password]).to include('Complexity requirement not met. Length should be 12 characters and include: 1 uppercase, 1 lowercase, 1 digit and 1 special character.')
+    end
+  end
+
+  describe '#password_required?' do
+    let(:user) { build(:user) }
+
+    it 'returns false if skip_password_validation is true' do
+      user.skip_password_validation = true
+      expect(user.password_required?).to be false
+    end
+
+    it 'returns true if skip_password_validation is false' do
+      user.skip_password_validation = false
+      expect(user.password_required?).to be true
+    end
+  end
+end

data/trusty_cms.gemspec

@@ -43,7 +43,7 @@ a general purpose content management system--not merely a blogging engine.'
   s.add_dependency 'mini_racer'
   s.add_dependency 'mutex_m'
   s.add_dependency 'mysql2'
-  s.add_dependency 'rack', '>= 2.0.1', '< 3.1.0'
+  s.add_dependency 'rack', '>= 2.0.1', '< 3.2.0'
   s.add_dependency 'rack-cache', '~> 1.7'
   s.add_dependency 'radius', '~> 0.7'
   s.add_dependency 'rails', '~> 7.0.0'

data/vendor/extensions/multi-site-extension/lib/multi_site/scoped_model.rb

@@ -17,7 +17,7 @@ module MultiSite
       # that is, anything without a site is considered to be shared among all sites
       # the default is false
 
-      def is_site_scoped(options={})
+      def is_site_scoped(options = {})
         return if is_site_scoped?
 
         options = {
@@ -25,7 +25,7 @@ module MultiSite
         }.merge(options)
 
         class_eval <<-EO
-          default_scope {where(site_scope_condition)}
+          #{ self == User ? 'default_scope { joins(user_scope_condition) }' : 'default_scope { where(site_scope_condition) }' }
           extend MultiSite::ScopedModel::ScopedClassMethods
           include MultiSite::ScopedModel::ScopedInstanceMethods
         EO
@@ -52,8 +52,7 @@ module MultiSite
 
     module ScopedClassMethods
 
-
-      def paginate_with_site(options={})
+      def paginate_with_site(options = {})
         return paginate_without_site(options) unless sites?
         where(site_scope_condition) do
           paginate_without_site(options)
@@ -63,7 +62,7 @@ module MultiSite
       %w{count average minimum maximum sum}.each do |getter|
         define_method("#{getter}_with_site") do |*args|
           return send("#{getter}_without_site".intern, *args) unless sites?
-          with_scope(:find => {:conditions => site_scope_condition}) do
+          with_scope(:find => { :conditions => site_scope_condition }) do
             send "#{getter}_without_site".intern, *args
           end
         end
@@ -73,11 +72,11 @@ module MultiSite
       # and should only be used in odd cases like migration.
       def find_without_site(*args)
         options = args.extract_options!
-        #set_readonly_option!(options)
+        # set_readonly_option!(options)
 
         case args.first
-          when :first then find_initial_without_site(options)     # defined here
-          when :all   then all_without_site(options)       # already defined by the alias chain
+        when :first then find_initial_without_site(options) # defined here
+        when :all then all_without_site(options) # already defined by the alias chain
         end
       end
 
@@ -110,6 +109,12 @@ module MultiSite
         condition
       end
 
+      def user_scope_condition
+        return "" unless self.current_site
+
+        "INNER JOIN `admins_sites` ON `admins_sites`.`admin_id` = `admins`.`id` AND `admins_sites`.`site_id` = #{self.current_site.id}"
+      end
+
       def plural_symbol_for_class
         self.to_s.pluralize.underscore.intern
       end
@@ -125,9 +130,10 @@ module MultiSite
 
     module ScopedInstanceMethods
       protected
-        def set_site
-          self.site ||= self.class.current_site! unless self.class.is_shareable?
-        end
+
+      def set_site
+        self.site ||= self.class.current_site! unless self.class.is_shareable?
+      end
     end
   end
 end

data/vendor/extensions/multi-site-extension/lib/multi_site/site_chooser_helper.rb

@@ -1,14 +1,14 @@
 module MultiSite::SiteChooserHelper
 
-def sites_chooser_thing
-  return "" unless current_user.admin? && defined?(Site) && defined?(controller) && controller.sited_model? && controller.template_name == 'index' && Site.several?
-  options = Site.all.map{ |site| "<li>" + link_to( site.name, "#{request.path}?site_id=#{site.id}", :class => site == current_site ? 'fg' : '') + "</li>" }.join("")
-  chooser = %{<div id="site_chooser">}
-  #chooser << link_to("sites", admin_sites_url, {:id => 'show_site_list', :class => 'expandable'})
-  chooser << %{<ul id="nav"><li>Current Site: #{current_site.name}}
-  chooser << %{<ul class="expansion">#{options}</ul></li></ul>}
-  chooser << %{</div>}
-  chooser
-end
+  def sites_chooser_thing
+    return "" unless current_user.admin? && defined?(Site) && defined?(controller) && controller.sited_model? && controller.template_name == 'index' && Site.several?
+    options = Site.all.map { |site| "<li>" + link_to(site.name, "#{request.path}?site_id=#{site.id}", :class => site == current_site ? 'fg' : '') + "</li>" }.join("")
+    chooser = %{<div id="site_chooser">}
+    # chooser << link_to("sites", admin_sites_url, {:id => 'show_site_list', :class => 'expandable'})
+    chooser << %{<ul id="nav"><li>Current Site: #{current_site.name}}
+    chooser << %{<ul class="expansion">#{options}</ul></li></ul>}
+    chooser << %{</div>}
+    chooser
+  end
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: trusty-cms
 version: !ruby/object:Gem::Version
-  version: 7.0.2
+  version: 7.0.4
 platform: ruby
 authors:
 - TrustyCms CMS dev team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-10-29 00:00:00.000000000 Z
+date: 2025-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activestorage-validator
@@ -301,7 +301,7 @@ dependencies:
         version: 2.0.1
     - - "<"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -311,7 +311,7 @@ dependencies:
         version: 2.0.1
     - - "<"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.2.0
 - !ruby/object:Gem::Dependency
   name: rack-cache
   requirement: !ruby/object:Gem::Requirement
@@ -653,6 +653,7 @@ files:
 - app/assets/javascripts/admin/treetable.js
 - app/assets/javascripts/admin/utilities.js
 - app/assets/javascripts/admin/validation.js
+- app/assets/javascripts/admin/validations/scheduled_status_validation.js
 - app/assets/javascripts/admin/validations/user_validations.js
 - app/assets/javascripts/ckeditor/config.js
 - app/assets/javascripts/ckeditor/contents.css
@@ -673,7 +674,8 @@ files:
 - app/assets/stylesheets/admin/modules/_links.scss
 - app/assets/stylesheets/admin/partials/_actions.scss
 - app/assets/stylesheets/admin/partials/_content.scss
-- app/assets/stylesheets/admin/partials/_dateinput.scss
+- app/assets/stylesheets/admin/partials/_date_input.scss
+- app/assets/stylesheets/admin/partials/_datetime_input.scss
 - app/assets/stylesheets/admin/partials/_drawer.scss
 - app/assets/stylesheets/admin/partials/_dropdown.scss
 - app/assets/stylesheets/admin/partials/_footer.scss
@@ -707,6 +709,7 @@ files:
 - app/controllers/admin/snippets_controller.rb
 - app/controllers/admin/users_controller.rb
 - app/controllers/application_controller.rb
+- app/controllers/page_status_controller.rb
 - app/controllers/site_controller.rb
 - app/controllers/social_mailer_controller.rb
 - app/helpers/admin/configuration_helper.rb
@@ -730,6 +733,7 @@ files:
 - app/mailers/application_mailer.rb
 - app/mailers/devise_mailer.rb
 - app/mailers/rad_social_mailer.rb
+- app/models/admins_site.rb
 - app/models/asset.rb
 - app/models/asset_type.rb
 - app/models/file_not_found_page.rb
@@ -753,7 +757,6 @@ files:
 - app/models/trusty_cms/page_response_cache_director.rb
 - app/models/user.rb
 - app/models/user_action_observer.rb
-- app/users/_choose_site.html.haml
 - app/views/admin/assets/_asset.html.haml
 - app/views/admin/assets/_asset_table.html.haml
 - app/views/admin/assets/_errors.html.haml
@@ -908,6 +911,7 @@ files:
 - db/migrate/20161027141250_add_position_to_pages.rb
 - db/migrate/20200117141251_create_admin_users.rb
 - db/migrate/20210331134718_create_active_storage_tables.active_storage.rb
+- db/migrate/20241108172942_create_site_users.rb
 - db/schema.rb
 - lib/active_record_extensions/active_record_extensions.rb
 - lib/annotatable.rb
@@ -1097,12 +1101,15 @@ files:
 - spec/factories/layout.rb
 - spec/factories/page.rb
 - spec/factories/page_part.rb
+- spec/factories/snippet.rb
 - spec/factories/user.rb
 - spec/features/config_spec.rb
 - spec/features/layouts_spec.rb
 - spec/features/pages_spec.rb
 - spec/fixtures/users.yml
 - spec/models/layout_spec.rb
+- spec/models/snippets_spec.rb
+- spec/models/user_spec.rb
 - spec/rails_helper.rb
 - spec/spec_helper.rb
 - spec/support/custom_actions.rb
@@ -1248,12 +1255,15 @@ test_files:
 - spec/factories/layout.rb
 - spec/factories/page.rb
 - spec/factories/page_part.rb
+- spec/factories/snippet.rb
 - spec/factories/user.rb
 - spec/features/config_spec.rb
 - spec/features/layouts_spec.rb
 - spec/features/pages_spec.rb
 - spec/fixtures/users.yml
 - spec/models/layout_spec.rb
+- spec/models/snippets_spec.rb
+- spec/models/user_spec.rb
 - spec/rails_helper.rb
 - spec/spec_helper.rb
 - spec/support/custom_actions.rb

data/app/users/_choose_site.html.haml

@@ -1,4 +0,0 @@
-- unless current_user.site
-    %label{:for=>"user_admin"} Can edit site
-    = select :user, :site_id, [['<any>', '']] + Site.all.map { |s| [s.name, s.id] }
-    .caption A user with no site is able to act (to whatever extent their status allows) on any site.