we5-browsercms 3.0.2 → 3.0.5

data/app/models/user.rb

@@ -11,8 +11,7 @@ class User < ActiveRecord::Base
   validates_presence_of     :email
   #validates_length_of       :email,    :within => 6..100 #r@a.wk
   #validates_uniqueness_of   :email,    :case_sensitive => false
-  validates_format_of       :email,    :with => /[^@]{2,}@[^.]{2,}\..{2,}/, :message => "should be an email address, ex. xx@xx.com"
-
+  validates_format_of       :email,    :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :message => "should be an email address, ex. xx@xx.com"
   attr_accessible :login, :email, :name, :first_name, :last_name, :password, :password_confirmation, :expires_at
 
   has_many :user_group_memberships
@@ -89,12 +88,12 @@ class User < ActiveRecord::Base
     @viewable_sections ||= Section.find(:all, :include => {:groups => :users}, :conditions => ["users.id = ?", id])
   end
 
-  def editable_sections
-    @editable_sections ||= Section.find(:all, :include => {:groups => [:group_type, :users]}, :conditions => ["users.id = ? and group_types.cms_access = ?", id, true])
+  def modifiable_sections
+    @modifiable_sections ||= Section.find(:all, :include => {:groups => [:group_type, :users]}, :conditions => ["users.id = ? and group_types.cms_access = ?", id, true])
   end
 
-  #Expects a list of names of Permissions
-  #true if the user has any of the permissions
+  # Expects a list of names of Permissions
+  # true if the user has any of the permissions
   def able_to?(*required_permissions)
     perms = required_permissions.map(&:to_sym)
     permissions.any? do |p| 
@@ -102,24 +101,43 @@ class User < ActiveRecord::Base
     end
   end
     
-  #Expects object to be an object or a section
-  #If it's a section, that will be used
-  #If it's not a section, it will call section on the object
-  #returns true if any of the sections of the groups the user is in matches the page's section.
+  # Expects object to be an object or a section
+  # If it's a section, that will be used
+  # If it's not a section, it will call section on the object
+  # returns true if any of the sections of the groups the user is in matches the page's section.
   def able_to_view?(object)
     section = object.is_a?(Section) ? object : object.section
-    !!(viewable_sections.include?(section) || groups.cms_access.count > 0)
+    viewable_sections.include?(section) || groups.cms_access.count > 0
+  end
+  
+  def able_to_modify?(object)
+    case object
+      when Section
+        modifiable_sections.include?(object)
+      when Page, Link
+        modifiable_sections.include?(object.section)
+      else
+        if object.class.respond_to?(:connectable?) && object.class.connectable?
+          object.connected_pages.all? { |page| able_to_modify?(page) }
+        else
+          true
+        end
+    end
+  end
+  
+  # Expects node to be a Section, Page or Link
+  # Returns true if the specified node, or any of its ancestor sections, is editable by any of 
+  # the user's 'CMS User' groups.
+  def able_to_edit?(object)    
+    able_to?(:edit_content) && able_to_modify?(object)
   end
   
-  #Expects section to be a Section
-  #Returns true if any of the sections of the groups that have group_type = 'CMS User' 
-  #that the user is in match the section.
-  def able_to_edit?(section)    
-    !!(editable_sections.include?(section) && able_to?(:edit_content))
+  def able_to_publish?(object)
+    able_to?(:publish_content) && able_to_modify?(object)
   end
   
   def able_to_edit_or_publish_content?
     able_to?(:edit_content, :publish_content)
   end
   
-end
+end

data/app/portlets/forgot_password_portlet.rb

@@ -0,0 +1,27 @@
+class ForgotPasswordPortlet < Portlet
+  require 'digest/sha1'  
+
+  def render
+    flash[:forgot_password] = {}
+
+    return unless request.method == :post
+    user = User.find_by_email(params[:email])
+    
+    unless user
+      flash[:forgot_password][:error] = "We were unable to verify your account. Please make sure your email address is accurate."
+      return
+    end
+    
+    user.reset_token = generate_reset_token
+    if user.save
+      flash[:forgot_password][:notice] = "Your password has been sent to #{params[:email]}"
+      ForgotPasswordMailer.deliver_reset_password(self.reset_password_url + '?token=' + user.reset_token, user.email)
+    end
+  end
+
+  private
+  def generate_reset_token
+    Digest::SHA1.hexdigest(Time.now.to_s.split(//).sort_by {rand}.join)
+  end
+
+end

data/app/portlets/reset_password_portlet.rb

@@ -0,0 +1,28 @@
+class ResetPasswordPortlet < Portlet
+
+  def render
+    flash[:reset_password] = {}
+    
+    unless params[:token]
+      flash[:reset_password][:error] = "No password token given"
+      return
+    end
+
+    @user = User.find_by_reset_token(params[:token])
+
+    unless @user
+      flash[:reset_password][:notice] = "Invalid password token"    
+      return
+    end
+
+    if request.method == :post
+      @user.password = params[:password]
+      @user.password_confirmation = params[:password_confirmation]
+      
+      if @user.save
+        flash[:reset_password][:notice] = 'Password has been reset'
+      end
+    end
+  end
+
+end

data/app/views/cms/blocks/_toolbar_for_member.html.erb

@@ -1,7 +1,7 @@
 <% able_to? :publish_content do -%>
   <% if @block.respond_to?(:live?) && !@block.live? %>
     <%= link_to span_tag('Publish'), block_path(:publish), 
-      :class => "http_put button left", 
+      :class => "http_put button left#{' disabled' unless current_user.able_to_publish?(@block)}", 
       :id => "publish_button" %>
   <% else %>
     <%= link_to span_tag('Publish'), "#", 
@@ -15,7 +15,7 @@
   :id => "view_button" %>
   
 <%= link_to span_tag('Edit Content'), block_path(:edit), 
-  :class => "button right#{ ' off' if action_name == 'edit'}", 
+  :class => "button right#{ ' off' if action_name == 'edit'}#{' disabled' unless current_user.able_to_edit?(@block)}", 
   :id => "edit_button" %>
   
 <%= link_to span_tag("Add New Content"), new_block_path, 
@@ -33,6 +33,6 @@
 <% end %>
 
 <%= link_to span_tag("<span class=\"delete_img\">&nbsp;</span>Delete"), block_path, 
-  :class => "http_delete confirm_with_title button", 
+  :class => "http_delete confirm_with_title button#{' disabled' unless current_user.able_to_publish?(@block)}", 
   :title => "Are you sure you want to delete '#{@block.name}'?", 
   :id => "delete_button" %>

data/app/views/cms/blocks/index.html.erb

@@ -1,4 +1,5 @@
 <% content_for(:html_head) do %>
+<%= javascript_include_tag "cms/content_library" %>
   <% javascript_tag do %>
     jQuery(function($){
       var collectionName = '<%= content_type.model_class.name.underscore.pluralize %>'
@@ -11,12 +12,14 @@
         var match = this.id.match(/(.*)_(\d+)/)
         var type = match[1]
         var id = match[2]
+        var editable = !$(this).hasClass("non-editable")
+        var publishable = !$(this).hasClass("non-publishable")
         $('table.data tbody tr').removeClass('selected')
         $(this).addClass('selected')
         $('#functions .button').addClass('disabled').attr('href','#')
         $('#add_button').removeClass('disabled').attr('href', '/cms/'+collectionName+'/new')
         $('#view_button').removeClass('disabled').attr('href', '/cms/'+collectionName+'/'+id)
-        $('#edit_button').removeClass('disabled').attr('href', '/cms/'+collectionName+'/'+id+'/edit')
+        if (editable) $('#edit_button').removeClass('disabled').attr('href', '/cms/'+collectionName+'/'+id+'/edit')
         <% if content_type.model_class.versioned? %>
           $('#revisions_button').removeClass('disabled').attr('href', '/cms/'+collectionName+'/'+id+'/versions')
         <% else %>
@@ -28,12 +31,14 @@
           $('#delete_button').addClass('disabled')
             .attr('title', $.trim(cannot_be_deleted_message.text()))
         } else {
-          $('#delete_button').removeClass('disabled')
-            .attr('href', '/cms/'+collectionName+'/'+id)
-            .attr('title', 'Are You Sure You Want To Delete This Record?')
+          if (publishable) {
+            $('#delete_button').removeClass('disabled')
+              .attr('href', '/cms/'+collectionName+'/'+id)
+              .attr('title', 'Are You Sure You Want To Delete This Record?')
+          }
         }
         <% able_to? :publish_content do -%>
-          if($(this).hasClass('draft')) {
+          if($(this).hasClass('draft') && publishable) {
             $('#publish_button').removeClass('disabled').attr('href', '/cms/'+collectionName+'/'+id+'/publish?_redirect_to='+location.href)
           }
         <% end %>
@@ -85,7 +90,7 @@
        col_ct += 1 if content_type.model_class.publishable? %>
     <% @blocks.each do |b| %>
       <% block = b.class.versioned? ? b.as_of_draft_version : b %>
-      <tr id="<%= block.class.name.underscore %>_<%= block.id %>" class="<%= block.class.name.underscore %> <%= block.class.publishable? && !block.published? ? 'draft' : 'published' %>">
+      <tr id="<%= block.class.name.underscore %>_<%= block.id %>" class="<%= block.class.name.underscore %> <%= block.class.publishable? && !block.published? ? 'draft' : 'published' %> <%= 'non-editable' unless current_user.able_to_edit?(block) %> <%= 'non-publishable' unless current_user.able_to_publish?(block) %>">
   <td class="first"></td>
         <% content_type.columns_for_index.each_with_index do |column, i| %>
           <td class="<%= column[:label].gsub(' ', '').underscore %>">

data/app/views/cms/content/show.html.erb

@@ -12,9 +12,9 @@
   <iframe src="<%=h cms_toolbar_path(:page_id => @page.id, :page_version => @page.version, :mode => @mode, :page_toolbar => @show_page_toolbar ? 1 : 0) %>" width="100%" height="<%= @show_page_toolbar ? 159 : 100 %>px" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" name="cms_toolbar"></iframe>
 <% end %>
 
-<% @page.connectors.for_page_version(@page.version).each do |c| %>
-  <% content_for(c.container.to_sym) do %>
-    <%= render_connector c %>
+<% @_connectors.each_with_index do |connector, i| %>
+  <% content_for(connector.container.to_sym) do %>
+    <%= render_connector_and_connectable(connector, @_connectables[i]) %>
   <% end %>
 <% end %> 
 

data/app/views/cms/forgot_password_mailer/reset_password.text.html.erb

@@ -0,0 +1,3 @@
+This email is in response to your request to reset your password. Please follow the link below and fill in the password fields to the new credentials you wish to use to authenticate yourself.
+
+<a href="<%= @url %>"><%= @url %></a>

data/app/views/cms/forgot_password_mailer/reset_password.text.plain.erb

@@ -0,0 +1,3 @@
+This email is in response to your request to reset your password. Please copy and paste the link into your browser and fill in the password fields to the new credentials you wish to use to authenticate yourself.
+
+<%= @url %>

data/app/views/cms/menus/_menu.html.erb

@@ -0,0 +1,9 @@
+<div id="<%= css_id %>" class="<%= css_class %>">
+<% unless items.empty?
+%>  <ul>
+<% items.each_with_index do |item, i|
+      %><%= render :partial => "/cms/menus/menu_item", :object => item, :locals => { :depth => 1, :position => i + 1, :item_count => items.length }
+      %><% end 
+%>  </ul>
+<% end
+%></div>

data/app/views/cms/menus/_menu_item.html.erb

@@ -0,0 +1,11 @@
+<% indent = (depth - 1) * 4
+%><%= " "*(indent + 4) %><li id="<%= menu_item[:id] %>" class="depth-<%= depth %><%= ' first' if position == 1 %><%= ' last' if position == item_count %><%= ' on' if menu_item[:selected] %><%= ' open' unless menu_item[:children].blank? %>">
+<%= " "*(indent + 6) %><a href="<%= menu_item[:url] %>"<%= ' target=#{menu_item[:target]}' if menu_item[:target] %>><%= menu_item[:name] %></a>
+<% unless menu_item[:children].blank?
+%><%= " "*(indent + 6)  %><ul>
+<% menu_item[:children].each_with_index do |item, i|
+%><%= render :partial => "/cms/menus/menu_item", :object => item, :locals => { :depth => depth + 1, :position => i + 1, :item_count => menu_item[:children].length }
+%><% end 
+%><%= " "*(indent + 6)  %></ul>
+<% end 
+%><%= " "*(indent + 4)  %></li>

data/app/views/cms/pages/_edit_connector.html.erb

@@ -1,4 +1,4 @@
-<div class="cms_edit_connectable" style="display: block; height: auto; width: inherit; position: relative; border: 1px solid #999; margin: 1px -6px 0 -6px; padding: 25px 5px 0 5px;  background: url(/images/cms/containers/beta.png) repeat-x 0 0;">
+<div class="cms_edit_connectable" style="display: block; height: auto; position: relative; border: 1px solid #999; margin: 1px -6px 0 -6px; padding: 25px 5px 0 5px;  background: url(/images/cms/containers/beta.png) repeat-x 0 0;">
   <div style="display: block; width: 100%; position: absolute; top: 5px; left: 5px; height: 30px;">
     <%= link_to image_tag("cms/pages/show_connectable.gif", :style => "text-decoration: none; padding: 0; background: none; margin: 0; float: none; border: none;"), cms_connectable_path(connectable), :title => "View this content (#{connectable.name})" , :style => "text-decoration: none; padding: 0 2px 0 0; background: none; margin: 0; float: none; border: none;"%>
     <%= link_to image_tag("cms/pages/edit_connectable.gif", :style => "text-decoration: none; padding: 0; background: none; margin: 0; float: none; border: none;"), edit_cms_connectable_path(connectable, :_redirect_to => @page.path), :title => "Edit this content (#{connectable.name})" , :style => "text-decoration: none; padding: 0 2px 0 0; background: none; margin: 0; float: none; border: none;"%>

data/app/views/cms/pages/_edit_container.html.erb

@@ -1,4 +1,4 @@
-<div class="cms_edit_container" style="height: auto; width: inherit; background: url(/images/cms/containers/alpha.png) repeat-x 0 0; border: 1px solid #999; margin: -8px 0 0 -8px; padding: 24px 7px 1px 7px; position: relative;">
+<div class="cms_edit_container" style="height: auto; background: url(/images/cms/containers/alpha.png) repeat-x 0 0; border: 1px solid #999; margin: -8px 0 0 -8px; padding: 24px 7px 1px 7px; position: relative;">
     <div style="display: block; width: 100%; position: absolute; top: 5px; left: 5px; height: 30px;">
       <%= link_to image_tag("cms/pages/add_connectable.gif", :style => "text-decoration: none; padding: 0; background: none; margin: 0; float: none; border: none;"), cms_content_types_path(:connect_to_page_id => @page, :connect_to_container => name), :title => "Add new content to this container (#{name})" , :style => "text-decoration: none; padding: 0 2px 0 0; background: none; margin: 0; float: none; border: none;"%>
       <%= link_to image_tag("cms/pages/connect_connectable.gif", :style => "text-decoration: none; padding: 0; background: none; margin: 0; float: none; border: none;"), new_cms_connector_path(:page_id => @page, :container => name), :title => "Insert existing content into this container (#{name})" , :style => "text-decoration: none; padding: 0 2px 0 0; background: none; margin: 0; float: none; border: none;"%>

data/app/views/cms/section_nodes/_node.html.erb

@@ -8,7 +8,7 @@
   <table class="section_node <%= node_type %> <%= "movable" if current_user.able_to?(:publish_content) %>" width="100%" cellspacing="0" cellpadding="0">
     <tr><td colspan="4" class="drop-before"></td></tr>
     <tr<%= ' class="doubled"' if access_icon && hidden %>>
-      <td id="<%= node_type %>_<%= node.id %>" class="<%= node_type == "section" && node.root? ? 'root' : '' %> <%= node_type %> node">
+      <td id="<%= node_type %>_<%= node.id %>" class="<%= node_type == "section" && node.root? ? 'root' : '' %> <%= node_type %> node <%= 'non-editable' unless current_user.able_to_edit?(node) %>">
 	      <%= icon %>
 	      <div><%= h(node.name) %></div>
       </td>

data/app/views/cms/sections/_form.html.erb

@@ -11,46 +11,48 @@
   </div>
 </div>
 
-<div class="checkbox_group fields" style="float: left; width: 100%">
-  <label>Public Permissions</label>
-  <%= hidden_field_tag "section[group_ids][]", "", :id => nil %>
-  <div class="checkboxes">
-    <% for group in public_groups %>
-    <div class="checkbox_fields">
-      <%= check_box_tag "section[group_ids][]", group.id,
-            @section.groups.include?(group), :class => "public_group_ids", :id => "public_group_ids_#{group.id}", :tabindex => next_tabindex %>
-        <label for="public_group_ids_<%= group.id %>"><%= group.name %></label>
-    </div>
-    <% end %>
-    <div class="instructions">Which &ldquo;Public&rdquo; groups can view pages in this section?</div>
-    <div class="check_uncheck">
-      <%= link_to_check_all 'input.public_group_ids' %>, 
-      <%= link_to_uncheck_all 'input.public_group_ids' %>
+<% able_to?(:administrate) do %>
+  <div class="checkbox_group fields" style="float: left; width: 100%">
+    <label>Public Permissions</label>
+    <%= hidden_field_tag "section[group_ids][]", "", :id => nil %>
+    <div class="checkboxes">
+      <% for group in public_groups %>
+      <div class="checkbox_fields">
+        <%= check_box_tag "section[group_ids][]", group.id,
+              @section.groups.include?(group), :class => "public_group_ids", :id => "public_group_ids_#{group.id}", :tabindex => next_tabindex %>
+          <label for="public_group_ids_<%= group.id %>"><%= group.name %></label>
+      </div>
+      <% end %>
+      <div class="instructions">Which &ldquo;Public&rdquo; groups can view pages in this section?</div>
+      <div class="check_uncheck">
+        <%= link_to_check_all 'input.public_group_ids' %>, 
+        <%= link_to_uncheck_all 'input.public_group_ids' %>
+      </div>
     </div>
   </div>
-</div>
 
-<br clear="all" />
+  <br clear="all" />
 
-<div class="checkbox_group fields" style="float: left; width: 100%">
-  <label>CMS Permissions</label>
-  <%= hidden_field_tag "section[group_ids][]", "", :id => nil %>
-  <div class="checkboxes">
-    <% for group in cms_groups %>
-    <div class="checkbox_fields">
-        <%= check_box_tag "section[group_ids][]", group.id,
-            @section.groups.include?(group), :class => "cms_group_ids", :id => "cms_group_ids_#{group.id}", :tabindex => next_tabindex %>
-        <label for="cms_group_ids_<%= group.id %>"><%= group.name %></label>
-    </div>
-    <% end %>
-    <div class="instructions">Which &ldquo;CMS&rdquo; groups can edit pages and content in this section?</div>
-    <div class="check_uncheck">
-      <%= link_to_check_all 'input.cms_group_ids' %>, 
-      <%= link_to_uncheck_all 'input.cms_group_ids' %>
+  <div class="checkbox_group fields" style="float: left; width: 100%">
+    <label>CMS Permissions</label>
+    <%= hidden_field_tag "section[group_ids][]", "", :id => nil %>
+    <div class="checkboxes">
+      <% for group in cms_groups %>
+      <div class="checkbox_fields">
+          <%= check_box_tag "section[group_ids][]", group.id,
+              @section.groups.include?(group), :class => "cms_group_ids", :id => "cms_group_ids_#{group.id}", :tabindex => next_tabindex %>
+          <label for="cms_group_ids_<%= group.id %>"><%= group.name %></label>
+      </div>
+      <% end %>
+      <div class="instructions">Which &ldquo;CMS&rdquo; groups can edit pages and content in this section?</div>
+      <div class="check_uncheck">
+        <%= link_to_check_all 'input.cms_group_ids' %>, 
+        <%= link_to_uncheck_all 'input.cms_group_ids' %>
+      </div>
     </div>
   </div>
-</div>
-<br clear="all" />
+  <br clear="all" />
+<% end %>
 
 <div class="buttons">
   <%= lt_button_wrapper(f.submit("Save", :class => "submit", :tabindex => next_tabindex)) %>

data/app/views/cms/shared/access_denied.html.erb

@@ -0,0 +1,3 @@
+<% page_title "Access Denied" %>
+<%= content_for :functions, "<h1>#{ @page_title }</h1>" %>
+<p>Sorry, you do not have permission to access this page.</p>

data/app/views/cms/users/change_password.html.erb

@@ -1,10 +1,12 @@
 <% @page_title = @toolbar_title = "Set New Password" %>
-<% content_for :toolbar_links do %>
-  <%= link_to(span_tag("List All"), url_for(:controller => "users", :action => "index"), :id => "list_all_button", :class => "button") %>
-  <%= link_to(span_tag("Edit User"), url_for(:controller => "users", :action => "edit", :id => @user.id), :id => "edit_user_button", :class => "button") %>
-<% end %>
+<% able_to? :administrate do %>
+  <% content_for :toolbar_links do %>
+    <%= link_to(span_tag("List All"), url_for(:controller => "users", :action => "index"), :id => "list_all_button", :class => "button") %>
+    <%= link_to(span_tag("Edit User"), url_for(:controller => "users", :action => "edit", :id => @user.id), :id => "edit_user_button", :class => "button") %>
+  <% end %>
 
-<%= content_for :functions, render(:partial => "toolbar") %>
+  <%= content_for :functions, render(:partial => "toolbar") %>
+<% end %>
 
 <% content_for :html_head do %>
   <%= stylesheet_link_tag('cms/form_layout') %>
@@ -16,4 +18,4 @@
   <div class="buttons">
     <%= lt_button_wrapper(f.submit("Save", :class => "submit")) %>
   </div>
-<% end %>
+<% end %>

data/app/views/cms/users/index.html.erb

@@ -26,7 +26,7 @@
     <% @users.each do |user|%>
     <tr>
         <td class="first"></td>
-        <td><div class="dividers"><%= link_to "#{user.first_name} #{user.last_name}", [:cms, user] %></div></td>
+        <td><div class="dividers"><%= link_to "#{user.first_name} #{user.last_name}", edit_cms_user_path(user) %></div></td>
 	      <td><div class="dividers"><%= link_to user.email, "mailto:#{user.email}" %></div></td>
         <td>
             <div class="dividers">

data/app/views/cms/users/show.html.erb

@@ -0,0 +1,50 @@
+<% @page_title = @toolbar_title = h(@user.login) %>
+
+<% content_for :toolbar_links do %>
+  <%= link_to(span_tag("List All"), cms_users_path, 
+    :id => "list_all_button", 
+    :class => "button") if current_user.able_to?(:administrate) %>
+  <%= link_to(span_tag("Change Password"), [:change_password, :cms, @user], 
+    :id => "change_password_button", 
+    :class => "button") %>
+<% end %>
+
+<% content_for :functions do %> 
+  <%= render(:partial => "toolbar") %>
+<% end %>
+
+<% content_for :html_head do %>
+  <%= stylesheet_link_tag('cms/form_layout') %>
+<% end %>
+
+<div class="faux_form">
+  <div class="fields">
+    <span class="label">Username</span>
+    <%=h @user.login %>
+  </div>
+  
+  <div class="fields">
+    <span class="label">Email</span>
+    <%=h @user.email %>
+  </div>
+  
+  <div class="fields">
+    <span class="label">First name</span>
+    <%=h @user.first_name %>
+  </div>
+  
+  <div class="fields">
+    <span class="label">Last name</span>
+    <%=h @user.last_name %>
+  </div>
+  
+  <div class="fields">
+    <span class="label">Groups</span>
+    
+    <ul>
+      <% @user.groups.each do |group| -%>
+        <li><%= group.name %></li>
+      <% end -%>
+    </ul>
+  </div>
+</div>