zena 0.15.2 → 0.16.0

data/lib/zena/acts/multiversion.rb

@@ -189,7 +189,7 @@ module Zena
 
         # VERSION
         def version=(v)
-          if v.kind_of?(Version)
+          if v.kind_of?(Version) && !v.frozen? # TODO: remove !v.frozen? and find why this is loaded during template destroy
             v.node = self
             @version = v
           end
@@ -676,7 +676,7 @@ module Zena
                     redaction_error(meth.to_s[0..-2], "could not be set (no redaction)")
                     return
                   end
-
+          
                   case target
                   when 'c_'
                     if recipient.content_class && recipient = recipient.redaction_content

data/lib/zena/acts/secure.rb

@@ -104,7 +104,8 @@ Just doing the above will filter all result according to the logged in user.
         # we move all before_validation on update and create here so that it is triggered before multiversion's before_validation
         before_validation  :secure_before_validation
 
-        validate {|r| r.errors.add(:base, 'record not secured') unless r.instance_variable_get(:@visitor) }
+        validate :record_must_be_secured
+        #validate {|r| r.errors.add(:base, 'record not secured') unless r.instance_variable_get(:@visitor)}
         validate_on_update {|r| r.errors.add('site_id', 'cannot change') if r.site_id_changed? }
 
         validate_on_create :secure_on_create
@@ -121,6 +122,10 @@ Just doing the above will filter all result according to the logged in user.
 
       module InstanceMethods
 
+        def record_must_be_secured
+          errors.add(:base, 'record not secured') unless @visitor == Thread.current[:visitor]
+        end
+
         # Store visitor to produce scope when needed and to retrieve correct editions.
         def visitor=(visitor)
           @visitor = visitor
@@ -276,6 +281,7 @@ Just doing the above will filter all result according to the logged in user.
           else
             errors.add(:inherit, "bad inheritance mode")
           end
+
         end
 
         # 1. if dgroup changed from old, make sure user could do this and new group is valid
@@ -553,7 +559,7 @@ Just doing the above will filter all result according to the logged in user.
 
       # Set current visitor
       def visitor=(visitor)
-        @visitor = visitor
+        Thread.current[:visitor] = visitor
       end
 
       # Secure scope for read access
@@ -571,17 +577,16 @@ Just doing the above will filter all result according to the logged in user.
       end
 
       def secure_write_scope
-        if visitor.is_su? # super user
-          "site_id = #{visitor.site.id}"
-        else
-          "site_id = #{visitor.site.id} AND wgroup_id IN (#{visitor.group_ids.join(',')})"
-        end
+        scope = {:nodes => {:site_id => visitor.site[:id]}}
+        scope[:nodes] = {:wgroup_id => visitor.group_ids} unless visitor.is_su?
+        scope
       end
 
       # these methods are not actions that can be called from the web !!
       protected
         # secure find with scope (for read/write or publish access).
         def secure_with_scope(klass, node_find_scope)
+
           if ((klass.send(:scoped_methods)[0] || {})[:create] || {})[:visitor]
             # we are already in secure scope: this scope is the new 'exclusive' scope.
             last_scope = klass.send(:scoped_methods).shift
@@ -591,21 +596,20 @@ Just doing the above will filter all result according to the logged in user.
           find = scope[:find] ||= {}
           if klass.ancestors.include?(Zena::Acts::SecureNode::InstanceMethods)
             find[:conditions] = node_find_scope
-          elsif klass.ancestors.include?(Version)
-            ntbl = Node.table_name
-            find[:joins] = "INNER JOIN #{ntbl} ON #{klass.table_name}.node_id = #{ntbl}.id"
+          elsif klass.ancestors.include?(::Version)
+            ntbl = ::Node.table_name
+            find[:joins] = :node
             find[:readonly] = false
             if node_find_scope =~ /publish_from/
               # read, we need to rewrite with node's table name
               find[:conditions] = secure_scope(ntbl)
             else
-              # secure write or drive
-              find[:conditions] = node_find_scope.sub('site_id', "#{ntbl}.site_id")
+              find[:conditions] = node_find_scope
             end
           elsif klass.column_names.include?('site_id')
-            find[:conditions] = "#{klass.table_name}.site_id = #{visitor.site[:id]}"
-          elsif klass.ancestors.include?(Site)
-            find[:conditions] = "#{klass.table_name}.id = #{visitor.site[:id]}"
+            find[:conditions] = {klass.table_name => {:site_id => visitor.site[:id]}}
+          elsif klass.ancestors.include?(::Site)
+            find[:conditions] = {klass.table_name => {:id => visitor.site[:id]}}
           end
 
           # FIXME: 'with_scope' is protected now. Can we live with something cleaner like this ?
@@ -627,7 +631,7 @@ Just doing the above will filter all result according to the logged in user.
         def secure_result(klass,result)
           if result && result != []
             if result.kind_of?(Array)
-              if result.first.kind_of?(Node)
+              if result.first.kind_of?(::Node)
                 id_map, ids = construct_id_map(result)
                 ::Version.find(ids).each do |v|
                   if r = id_map[v.id]
@@ -635,7 +639,7 @@ Just doing the above will filter all result according to the logged in user.
                   end
                 end
               end
-            elsif result.kind_of?(Node)
+            elsif result.kind_of?(::Node)
               visitor.visit(result)
             end
             result
@@ -696,7 +700,9 @@ Just doing the above will filter all result according to the logged in user.
         # * owner
         # * members of +write_group+ if node is published and the current date is greater or equal to the publication date
         def secure_write(obj, &block)
-          secure_with_scope(obj, secure_write_scope, &block)
+          scope = {:nodes => {:site_id => visitor.site[:id]}}
+          scope[:nodes] = {:wgroup_id => visitor.group_ids} unless visitor.is_su?
+          secure_with_scope(obj, scope, &block)
         rescue ActiveRecord::RecordNotFound
           # Rails generated exceptions
           # TODO: monitor how often this happens and replace the finders concerned
@@ -722,11 +728,13 @@ Just doing the above will filter all result according to the logged in user.
         # * owner if +max_status+ <= red
         # * owner if private
         def secure_drive(obj, &block)
-          scope = if visitor.is_su? # super user
-            "site_id = #{visitor.site.id}"
-          else
-            "site_id = #{visitor.site.id} AND dgroup_id IN (#{visitor.group_ids.join(',')})"
-          end
+          # scope = if visitor.is_su? # super user
+          #   "site_id = #{visitor.site.id}"
+          # else
+          #   "site_id = #{visitor.site.id} AND dgroup_id IN (#{visitor.group_ids.join(',')})"
+          # end
+          scope = { :nodes => {:site_id => visitor.site.id } }
+          scope[:nodes][:dgroup_id] = visitor.group_ids unless visitor.is_su?
           secure_with_scope(obj, scope, &block)
         rescue ActiveRecord::RecordNotFound
           # Rails generated exceptions
@@ -742,6 +750,10 @@ Just doing the above will filter all result according to the logged in user.
             raise ActiveRecord::RecordNotFound
           end
         end
+
+        def driveable?
+          respond_to?(:dgroup_id)
+        end
     end
   end
   # This exception handles all flagrant access violations or tentatives (like suppression of _su_ user)
@@ -758,17 +770,16 @@ Just doing the above will filter all result according to the logged in user.
 end
 
 ### ============== GLOBAL METHODS ACCESSIBLE TO ALL OBJECTS ============== ######
-# Return the current visitor. Raise an error if the visitor is not set.
-# For controllers, this method must be redefined in Application
-def visitor
-  Thread.current.visitor
-rescue NoMethodError
-  raise Zena::RecordNotSecured.new("Visitor not set, record not secured.")
-end
 
 # Return the current site. Raise an error if the visitor is not set.
 def current_site
   visitor.site
 end
 
+# Return the current visitor. Raise an error if the visitor is not set.
+# For controllers, this method must be redefined in Application
+def visitor
+  Thread.current[:visitor] || Zena::RecordNotSecured.new("Visitor not set, record not secured.")
+end
+
 

data/lib/zena/app.rb

@@ -4,22 +4,17 @@ module Zena
     def self.included(base)
       base.prepend_view_path SITES_ROOT
       base.class_eval do
-        include Zena::Use::Authentification::ControllerMethods
+        include Zena::Use::Authlogic::ControllerMethods
         include Zena::Use::Dates::ControllerMethods
         include Zena::Use::ErrorRendering::ControllerMethods
         include Zena::Use::I18n::ControllerMethods
         include Zena::Use::Refactor::ControllerMethods
         include Zena::Use::Rendering::ControllerMethods
+        include Zena::Use::Upload::ControllerMethods
         include Zena::Use::Urls::ControllerMethods
         include Zena::Use::Zafu::ControllerMethods
 
-        # FIXME: could we move these into their modules ?
-        before_filter :set_lang
-        before_filter :authorize
-        before_filter :check_lang
-        after_filter  :set_encoding
-        layout        false
-
+        helper  Zena::Use::Authlogic::ViewMethods
         helper  Zena::Acts::Secure
         helper  Zena::Use::Ajax::ViewMethods
         helper  Zena::Use::Calendar::ViewMethods
@@ -30,12 +25,14 @@ module Zena
         helper  Zena::Use::NestedAttributesAlias::ViewMethods
         helper  Zena::Use::Refactor::ViewMethods
         helper  Zena::Use::Rendering::ViewMethods
+        helper  Zena::Use::Upload::ViewMethods
         helper  Zena::Use::Urls::ViewMethods
         helper  Zena::Use::Zafu::ViewMethods
         helper  Zena::Use::Zazen::ViewMethods
+        helper_method :render_to_string
       end
-      Bricks::Patcher.apply_patches('application_controller.rb')
-      Bricks::Patcher.apply_patches('application_helper.rb')
+      Bricks.apply_patches('application_controller.rb')
+      Bricks.apply_patches('application_helper.rb')
     end
   end
 end

data/lib/zena/controller/test_case.rb

@@ -4,16 +4,21 @@ module Zena
       include Zena::Use::Fixtures
       include Zena::Use::TestHelper
       include Zena::Acts::Secure
+      include ::Authlogic::TestCase
 
-      def logout
-        reset_session
+      def setup
+        activate_authlogic
       end
 
-      alias login_without_controller login
-
-      def login(*args)
-        login_without_controller(*args)
-        @controller.instance_eval { @visitor = Thread.current.visitor }
+      def login(fixture)
+        super
+        if defined?(@controller)
+          @controller.class_eval do
+            def set_visitor
+              # do nothing
+            end
+          end
+        end
       end
 
       def assert_css(match)

data/lib/zena/crypto_provider/initial.rb

@@ -0,0 +1,15 @@
+module Zena
+  module CryptoProvider
+    class Initial
+      def self.encrypt(*tokens)
+        # encrypt password (old bad method: SHA1, no stretching, no per-password salt)
+        Digest::SHA1.hexdigest((tokens.flatten.shift || '') + PASSWORD_SALT)
+      end
+
+      def self.matches?(crypted_password, *tokens)
+        # return true if the tokens match the crypted_password
+        encrypt(*tokens) == crypted_password
+      end
+    end
+  end
+end

data/lib/zena/db.rb

@@ -133,9 +133,14 @@ module Zena
 
     def fetch_ids(sql, attr_name='id')
       connection.select_all(sql, "#{name} Load").map! do |record|
-        record[attr_name]
+        record[attr_name].to_i
       end
     end
+    
+    def fetch_attributes(attributes, table_name, sql)
+      sql = "SELECT #{attributes.map{|a| connection.quote_column_name(a)}.join(',')} FROM #{table_name} WHERE #{sql}"
+      connection.select_all(sql)
+    end
 
     def fetch_attribute(attribute, sql)
       unless sql =~ /SELECT/i

data/lib/zena/deploy.rb

@@ -23,8 +23,10 @@ And yes, 'pass' is not as intuitive as 'password' but we cannot use the latter b
 
 =end
 require 'erb'
-Capistrano::Configuration.instance(:must_exist).load do
+require File.join(File.dirname(__FILE__), 'info')
+require File.join(File.dirname(__FILE__), '..', 'bricks')
 
+Capistrano::Configuration.instance(:must_exist).load do
   set :templates, File.join(File.dirname(__FILE__), 'deploy')
   self[:app_type]   ||= :mongrel
   self[:app_root]   ||= '/var/zena/current'
@@ -57,7 +59,7 @@ Capistrano::Configuration.instance(:must_exist).load do
 
   desc "set permissions to www-data"
   task :set_permissions, :roles => :app do
-    run "chown -R www-data:www-data #{deploy_to}/current/public #{deploy_to}/current/log"
+    run "chown -R www-data:www-data #{deploy_to}/current/public #{deploy_to}/current/log #{deploy_to}/current/tmp"
   end
 
   "Update the currently released version of the software directly via an SCM update operation"
@@ -111,6 +113,7 @@ Capistrano::Configuration.instance(:must_exist).load do
     run "#{in_current} rake zena:mksite HOST='#{self[:host]}' PASSWORD='#{self[:pass]}' RAILS_ENV='production' LANG='#{self[:lang] || 'en'}'"
     create_vhost
     create_awstats
+    logrotate
     run "chown -R www-data:www-data #{sites_root}/#{self[:host]}"
   end
 
@@ -198,7 +201,7 @@ Capistrano::Configuration.instance(:must_exist).load do
   desc "Update awstats configuration file"
   task :create_awstats, :roles => :web do
     unless debian_host
-      puts "skipping debian specific awstats"
+      puts "skipping 'create_awstats' (debian specific)"
     else
       unless self[:host] && self[:pass]
         puts "host or password not set (use -s host=... -s pass=...)"
@@ -224,6 +227,8 @@ Capistrano::Configuration.instance(:must_exist).load do
         # create .htpasswd file
         run "test ! -e #{sites_root}/#{self[:host]}/log/.awstatspw || rm #{sites_root}/#{self[:host]}/log/.awstatspw"
         run "htpasswd -c -b #{sites_root}/#{self[:host]}/log/.awstatspw 'admin' '#{self[:pass]}'"
+        run "chmod 600 #{sites_root}/#{self[:host]}/log/.awstatspw"
+        run "chown www-data:www-data #{sites_root}/#{self[:host]}/log/.awstatspw"
 
         # reload apache
         apache2_reload_cmd
@@ -231,12 +236,27 @@ Capistrano::Configuration.instance(:must_exist).load do
     end
   end
 
-  desc "Rename a webhost"
-  task :rename_host, :roles => :web do
+  desc "Setup log rotation for a given host"
+  task :logrotate, :roles => :web do
+    unless debian_host
+      puts "skipping 'logrotate' (debian specific)"
+    else
+      unless self[:host]
+        puts "host not set (use -s host=...)"
+      else
+        # create logrotate config file
+        logrotate_conf = render("#{templates}/logrotate_host.rhtml", :config => self )
+        put(logrotate_conf, "/etc/logrotate.d/#{self[:host]}")
+      end
+    end
+  end
+
+  desc "Rename a site and update vhost/awstats/etc"
+  task :rename_site, :roles => :web do
     unless self[:host] && self[:old_host] && self[:pass]
       puts "host or old_host not set (use -s host=... -s pass=... -s old_host=...)"
     else
-      run "#{in_current} rake zena:rename_host OLD_HOST='#{self[:old_host]}' HOST='#{self[:host]}' RAILS_ENV='production'"
+      run "#{in_current} rake zena:rename_site OLD_HOST='#{self[:old_host]}' HOST='#{self[:host]}' RAILS_ENV='production'"
       old_vhosts = ["#{self[:old_host]}",
                     "stats.#{self[:old_host]}",
                     "www.#{self[:old_host]}"]
@@ -249,8 +269,12 @@ Capistrano::Configuration.instance(:must_exist).load do
       awstat_conf = "/etc/awstats/awstats.#{self[:old_host]}.conf"
       run "test -e#{awstat_conf} && rm #{awstat_conf} || true"
 
+      logrotate_conf = "/etc/logrotate.d/#{self[:old_host]}"
+      run "test -e #{logrotate_conf} && rm #{logrotate_conf} || true"
+
       create_vhost
       create_awstats
+      logrotate
       clear_zafu
       clear_cache
       set_permissions
@@ -261,8 +285,10 @@ Capistrano::Configuration.instance(:must_exist).load do
   task :apache2_setup, :roles => :web do
     self[:ports] = (mongrel_port.to_i...(mongrel_port.to_i + mongrel_count.to_i)).to_a
     httpd_conf = render("#{templates}/httpd.rhtml", :config => self)
+    log_rotate = render("#{templates}/logrotate_app.rhtml", :config => self)
     if debian_host
       put(httpd_conf, "/etc/apache2/conf.d/#{db_name}")
+      put(log_rotate, "/etc/logrotate.d/#{db_name}")
     else
       put(httpd_conf, "/etc/apache2/conf.d/#{db_name}")
     end
@@ -374,4 +400,6 @@ Capistrano::Configuration.instance(:must_exist).load do
     run "#{in_current} tar czf #{db_name}_data.tgz #{db_name}.sql.tgz sites_data.tgz zena_version.txt"
     get_backup
   end
+
+  Bricks.load_misc('deploy')
 end

data/lib/zena/deploy/logrotate_app.rhtml

@@ -0,0 +1,9 @@
+<%= config[:app_root] %>/log/production.log {
+	weekly
+	missingok
+	rotate 9
+	compress
+	delaycompress
+	notifempty
+	copytruncate
+}

data/lib/zena/deploy/logrotate_host.rhtml

@@ -0,0 +1,34 @@
+<%= config[:sites_root] %>/<%= config[:host] %>/log/apache2.access.log {
+	weekly
+	missingok
+	rotate 52
+	compress
+	delaycompress
+	notifempty
+	create 640 www-data www-data
+	sharedscripts
+  prerotate
+  /usr/lib/cgi-bin/awstats.pl -update -config=<%= config[:host] %>
+  endscript
+	postrotate
+		if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then
+			/etc/init.d/apache2 reload > /dev/null
+		fi
+	endscript
+}
+
+<%= config[:sites_root] %>/<%= config[:host] %>/log/apache2.error.log {
+	weekly
+	missingok
+	rotate 52
+	compress
+	delaycompress
+	notifempty
+	create 640 www-data www-data
+	sharedscripts
+	postrotate
+		if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then
+			/etc/init.d/apache2 reload > /dev/null
+		fi
+	endscript
+}

data/lib/zena/deploy/template.rb

@@ -33,12 +33,4 @@ inside('app/controllers') do
 end
 
 rake 'zena:assets'
-rake 'db:create'
-rake 'zena:migrate'
-rake "zena:mksite HOST='localhost' PASSWORD='admin' LANG='en'"
-inside('.') do
-  run 'rake zena:migrate RAILS_ENV=production'
-  run "rake zena:mksite HOST='localhost' PASSWORD='admin' LANG='en' RAILS_ENV=production"
-  run "#{Gem.win_platform? ? 'start' : 'open'} #{File.join(Zena::ROOT, 'lib/zena/deploy/start.html')}"
-  exec "script/server -e production -p 3211"
-end
+