virgo 0.1

data/app/controllers/virgo/admin/users/sessions_controller.rb

@@ -0,0 +1,21 @@
+module Virgo
+  class Admin::Users::SessionsController < Admin::BaseController
+    include Devise::Controllers::Helpers
+
+    before_filter :find_user, only: [:create]
+
+    def create
+      sign_out(current_user)
+
+      sign_in(@user)
+
+      redirect_to root_path, flash: {notice: "You have been logged in as #{@user.email}"}
+    end
+
+    private
+
+    def find_user
+      @user = User.friendly.find(params[:user_id])
+    end
+  end
+end

data/app/controllers/virgo/admin/users_controller.rb

@@ -0,0 +1,84 @@
+module Virgo
+  class Admin::UsersController < Admin::BaseController
+    before_action :set_user, only: member_actions
+
+    handles_sortable_columns
+
+    helper_method :filter_params
+
+    def index
+      authorize! :index, User
+      @users = User.search(filter_params).with_post_count.order(sort_order).page(page_param)
+    end
+
+    def new
+      @user = User.new
+    end
+
+    def create
+      @user = User.new(user_params)
+
+      if @user.save
+        flash[:notice] = "Account created successfully"
+        redirect_to admin_users_path
+      else
+        render :new
+      end
+    end
+
+    def edit
+    end
+
+    def update
+      _is_user = current_user == @user
+
+      if @user.update(user_params)
+        flash[:notice] = "Profile updated successfully"
+        redirect_to edit_admin_user_path(@user)
+
+        # required to keep user signed in (thanks to oddball default
+        # devise policy of signing out a user who updates pw)
+        sign_in @user, bypass: true if _is_user
+      else
+        render :edit
+      end
+    end
+
+    def destroy
+      @user.destroy
+
+      flash[:notice] = "User successfully deleted"
+
+      redirect_to admin_users_path
+    end
+
+    private
+
+    def set_user
+      @user = User.friendly.find(id_param)
+      authorize! :manage, @user
+    end
+
+    def user_params
+      params.permit(user: [:first_name, :last_name, :byline, :email, :role, :username, :about, :avatar])[:user]
+    end
+
+    def user_params
+      if params[:user].try(:[], :password).blank?
+        params[:user].delete(:password)
+        params[:user].delete(:password_confirmation)
+      end
+
+      params.permit(user: [:first_name, :last_name, :byline,
+                           :show_on_authors_page, :author_page_weight,
+                           :email, :role, :username, :about, :avatar,
+                           :password, :password_confirmation,
+                           :facebook_id, :twitter_id, :instagram_id,
+                           :snapchat_id, :linkedin_id, :public_email])[:user]
+    end
+
+    def filter_params
+      params.permit(filters: [:term])[:filters]
+    end
+  end
+end

data/app/controllers/virgo/application_controller.rb

@@ -0,0 +1,151 @@
+module Virgo
+  class ApplicationController < ActionController::Base
+    include Virgo::RenderHelper, Virgo::ApplicationHelper, ActionView::Helpers::SanitizeHelper, ActionView::Helpers::TextHelper
+
+    layout 'virgo/main'
+
+    protect_from_forgery with: :exception
+
+    before_action :init
+
+    before_action :configure_permitted_parameters, if: :devise_controller?
+
+    before_action :set_client_id
+
+    helper_method :render_to_string, :sort_param, :page_param, :just_confirmed?, :deploy_key, :id_param, :popular_posts_page_param, :filter_params
+
+
+    if Rails.env.production? || Rails.env.test?
+      rescue_from Exception, with: :render_500
+      rescue_from ActiveRecord::RecordNotFound, with: :render_404
+      rescue_from CanCan::AccessDenied, with: :render_404
+      rescue_from ActionController::RoutingError, with: :render_404
+    end
+
+    def sitemap
+    end
+
+    protected
+
+    def configure_permitted_parameters
+      devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation, :remember_me) }
+      devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :username, :email, :password, :remember_me) }
+      devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
+    end
+
+    def default_url_options
+      {:host => Rails.application.config.domain}
+    end
+
+    private
+
+    def self.member_actions(*extras)
+      [:show, :edit, :update, :destroy] + extras
+    end
+
+    def self.collection_actions(*extras)
+      [:index, :new, :create] + extras
+    end
+
+    def page_param
+      params.permit(:page)[:page]
+    end
+
+    def sort_param
+      params.permit(:sort)[:sort]
+    end
+
+    def id_param
+      params.permit(:id)[:id]
+    end
+
+    def self.default_sort_order(val)
+      @_default_sort_order = val
+    end
+
+    def sort_order
+      order = sortable_column_order do |column, direction|
+        # make the sort on these select string columns case-insensitive w/ LOWER function
+        if column && column.in?(['name', 'headline'])
+          "LOWER(#{column}) #{direction}"
+        elsif column
+          "#{column} #{direction}"
+        else
+          @_default_sort_order || "updated_at DESC"
+        end
+      end
+    end
+
+    def set_calendar
+      @calendar = Calendar.friendly.find(params[:id] || params[:calendar_id])
+    end
+
+    def just_confirmed_param
+      params.permit(:just_confirmed)[:just_confirmed]
+    end
+
+    def just_confirmed?
+      just_confirmed_param && (just_confirmed_param.in?([true, 'true']))
+    end
+
+    def render_500(exception)
+      logger.error exception.backtrace.join("\n")
+      notify_exception(request.env, exception)
+      render "virgo/errors/500", layout: "virgo/errors", status: 500
+    end
+
+    def render_404
+      if request.format.json? || request.format.js?
+        render(json: {status: "Not found"}, status: 404)
+      else
+        render "virgo/errors/404", layout: "virgo/errors", status: 404
+      end
+    end
+
+    def notify_exception(env, exception)
+      if ['production', 'staging'].include?(Rails.env)
+         env["airbrake.error_id"] = notify_airbrake(exception)
+      end
+    end
+
+    def self.deploy_key
+      Rails.application.config.deploy_key
+    end
+
+    def deploy_key
+      self.class.deploy_key
+    end
+
+    def after_sign_out_path_for(resource_or_scope)
+      virgo.new_user_session_path
+    end
+
+    def set_client_id
+      cookies[:client_id] ||= SecureRandom.hex(14)
+    end
+
+    def client_id
+      cookies[:client_id]
+    end
+
+    def filter_params
+      params.permit(filters: [:term])[:filters]
+    end
+
+    def popular_posts_page_param
+      params.permit(:popular_posts_page)[:popular_posts_page]
+    end
+
+    def init
+      @_large_nav = false
+    end
+
+    def enable_large_nav
+      @_large_nav = true
+    end
+
+    def current_ability
+       @current_ability ||= ::Virgo::Ability.new(current_user)
+    end
+  end
+end

data/app/controllers/virgo/categories_controller.rb

@@ -0,0 +1,20 @@
+module Virgo
+  class CategoriesController < ApplicationController
+    caches_action :show, if: ->{ current_user.nil? && flash.empty? },
+                  cache_path: ->(o){ "#{deploy_key}/#{site_key}/categories/show/#{params[:id]}/#{category_timestamp(params[:id])}/#{params[:page]}" }
+
+    def show
+      set_category
+
+      @posts = @category.posts.order(publish_at: :desc).page(page_param)
+
+      render layout: 'virgo/posts'
+    end
+
+    private
+
+    def set_category
+      @category = Category.friendly.find(id_param)
+    end
+  end
+end

data/app/controllers/virgo/columns_controller.rb

@@ -0,0 +1,24 @@
+module Virgo
+  class ColumnsController < ApplicationController
+    caches_action :show, if: ->{ current_user.nil? && flash.empty? },
+                  cache_path: ->(o){ "#{deploy_key}/#{site_key}/columns/show/#{params[:id]}/#{column_timestamp(params[:id])}/#{params[:page]}" }
+
+    before_action :set_column, only: [:show]
+
+    def index
+      @columns = Column.by_weight
+
+      render layout: 'virgo/posts'
+    end
+
+    def show
+      @posts = @column.posts.latest.page(page_param)
+    end
+
+    private
+
+    def set_column
+      @column = Column.friendly.find(id_param)
+    end
+  end
+end

data/app/controllers/virgo/images_controller.rb

@@ -0,0 +1,9 @@
+module Virgo
+  class ImagesController < ApplicationController
+    def index
+      @images = Image.order(created_at: :desc).limit(20)
+
+      render json: @images.map(&:redactor_json)
+    end
+  end
+end

data/app/controllers/virgo/install_controller.rb

@@ -0,0 +1,46 @@
+module Virgo
+  class InstallController < ApplicationController
+    before_action :deny_if_accounts_exist, except: :success
+
+    helper_method :site_params, :user_params
+
+    def index
+    end
+
+    def create
+      @user = User.new(user_params.merge(role: :admin))
+      @site = Site.instance
+
+      @site.attributes = site_params
+
+      if @site.valid? && @user.valid?
+        @site.save!
+        @user.save!
+        @site.generate_dummy_data!
+        redirect_to success_install_index_path
+      else
+        render :index
+      end
+    end
+
+    def success
+    end
+
+    private
+
+    def deny_if_accounts_exist
+      if User.where(role: :admin).any?
+        flash[:notice] = "An admin account already exists for this site"
+        redirect_to(root_path) and return
+      end
+    end
+
+    def user_params
+      params.permit(user: [:username, :byline, :email, :password, :password_confirmation])[:user]
+    end
+
+    def site_params
+      params.permit(site: [:name, :tagline, :disqus_app_id])[:site]
+    end
+  end
+end

data/app/controllers/virgo/page_modules_controller.rb

@@ -0,0 +1,23 @@
+module Virgo
+  class PageModulesController < ApplicationController
+    caches_action :popular_posts,
+                  expires_in: 3.minutes,
+                  cache_path: ->(o){ "#{deploy_key}/#{site_key}/page_modules/popular_posts/#{params[:category_id]}/#{params[:page]}" }
+
+    def popular_posts
+      @category = Category.friendly.find(category_id_param) if category_id_param.present?
+      @tabbed = @category.present? ? true : false
+      @tab = @category.present? ? :category : :all
+
+      render json: {
+        html: render_content(partial: '/virgo/page_modules/popular_posts', locals: {category: @category, tab: @tab, tabbed: @tabbed})
+      }
+    end
+
+    private
+
+    def category_id_param
+      params.permit(:category_id)[:category_id]
+    end
+  end
+end

data/app/controllers/virgo/pages_controller.rb

@@ -0,0 +1,29 @@
+module Virgo
+  class PagesController < ApplicationController
+    before_action :set_page, only: :show
+
+    def show
+      render layout: 'virgo/application'
+    end
+
+    def home
+    end
+
+    def authors
+      @authors = User.where(show_on_authors_page: true).order(author_page_weight: :asc)
+    end
+
+    def help
+    end
+
+    private
+
+    def set_page
+      @page = Post.pages.friendly.find(slug_param)
+    end
+
+    def slug_param
+      params.permit(:slug)[:slug]
+    end
+  end
+end

data/app/controllers/virgo/posts_controller.rb

@@ -0,0 +1,101 @@
+module Virgo
+  class PostsController < ApplicationController
+    before_action :enable_large_nav, only: [:index]
+
+    if Rails.application.config.caching == :aggressive
+      caches_action :show, if: ->{ current_user.nil? && flash.empty? },
+                    cache_path: ->(o){ "#{deploy_key}/#{site_key}/posts/#{category_id_param}/#{params[:id]}/#{post_timestamp(params[:id])}" }
+
+      caches_action :index, if: ->{ current_user.nil? && flash.empty? },
+                    cache_path: ->(o){ "#{deploy_key}/#{site_key}/posts/index/#{params[:page]}" }
+
+      caches_action :latest, if: ->{ current_user.nil? && flash.empty? },
+                    cache_path: ->(o){ "#{deploy_key}/#{site_key}/posts/latest/#{params[:page]}" }
+    end
+
+    def index
+      @posts = Post.posts.publicly_viewable.order(publish_at: :desc).page(page_param)
+    end
+
+    def more
+      @posts = Post.order(publish_at: :desc).page(page_param).per(6).padding(6)
+      render json: {
+        html: render_content('/virgo/posts/more', layout: false)
+      }
+    end
+
+    def latest
+      @posts = Post.posts.publicly_viewable.order(publish_at: :desc).page(page_param)
+    end
+
+    def show
+      # call this in the action so it doesn't run before the action cache wrapper
+      set_post
+
+      if old_path?
+        redirect_to(post_detail_path(@post), status: :moved_permanently) and return
+      end
+
+      if @post.page?
+        @page = @post
+        render "/virgo/pages/show", layout: "virgo/application"
+      else
+        render layout: '/virgo/posts'
+      end
+    end
+
+    def popular
+      render json: {html: render_content(partial: "/virgo/page_modules/popular_posts")}
+    end
+
+    def rss
+      @limit = Rails.env.production? ? 50 : 5
+
+      render 'rss.xml', layout: false, content_type: Mime::XML
+    end
+
+    def track
+      # note: we keep a transient/compact hash record of recent tracks in a hash
+      # in memcached to prevent abuse of this endpoint (i.e. the same user
+      # can't slam this endpoint w/ js ajax requests to artificially pump up a story)
+      tracked = JSON::load(Rails.cache.fetch("tracks[#{client_id}]") || '{}')
+
+      unless tracked[id_param]
+        set_post
+        @post.track_view!
+        tracked[@post.id.to_s] = 1
+        Rails.cache.write("tracks[#{client_id}]", JSON::dump(tracked))
+      end
+
+      head :ok
+    end
+
+    private
+
+    def set_post
+      # there have been instances where url shorteners append querystring
+      # params w/ a leading "&" instead of w/ a leading "?"
+      # (assuming there are alread querystring params on the
+      # article url I guess) - adding a catch for this here.
+      post_id = id_param
+
+      post_id = (post_id.present? && post_id.include?("&")) ? post_id.slice(0..(post_id.index('&') - 1)) : post_id
+
+      @post = Post.find_by_id_or_historic_slug!(post_id)
+
+      if category_id_param.present?
+        @category = Category.friendly.find(category_id_param)
+      else
+        @category = @post.primary_category
+      end
+
+      authorize! :read, @post
+    end
+
+    def old_path?
+      if @post && id_param != @post.slug && id_param.to_i != @post.id
+        true
+      end
+    end
+  end
+end