zena 0.15.2 → 0.16.0

data/app/models/template.rb

@@ -29,8 +29,7 @@ class Template < TextDocument
 
   private
 
-    def rewrite_klass_mode_format
-
+    def set_defaults
       # only set name from version title on creation
       if name_changed?
         new_name = self.name
@@ -63,7 +62,7 @@ class Template < TextDocument
         content = version.content
         content.mode = content.mode.url_name if content.mode
 
-        if content.klass
+        if !content.klass.blank?
           # update name
           content.format = 'html' if content.format.blank?
           self[:name] = name_from_content(:format => content.format, :mode => content.mode, :klass => content.klass)
@@ -102,12 +101,8 @@ END_TXT
           end
         end
       end
-    end
 
-    # Overwrite document behaviour.
-    def document_before_validation
-      rewrite_klass_mode_format
-      content = version.content
+      super
     end
 
     def valid_section

data/app/models/template_content.rb

@@ -1,4 +1,6 @@
 class TemplateContent < ActiveRecord::Base
+  include Zena::Use::Upload::UploadedFile
+
   include RubyLess::SafeClass
   safe_attribute  :tkpath, :skin_name, :mode, :klass
   safe_method     :ext => String, :format => String, :content_type => String, :filename => String

data/app/models/text_document.rb

@@ -13,7 +13,7 @@ class TextDocument < Document
   class << self
     # Return true if a new text document can be created with the content_type. Used by the superclass Document to choose the corret subclass when creating a new object.
     def accept_content_type?(content_type)
-      (content_type =~ /^(text)/ && TYPE_TO_EXT[content_type.chomp] != ['rtf']) || (content_type =~ /x-javascript/)
+      (content_type =~ /^(text)/ && Zena::TYPE_TO_EXT[content_type.chomp] != ['rtf']) || (content_type =~ /x-javascript/)
     end
 
     def version_class
@@ -68,6 +68,8 @@ class TextDocument < Document
         else
           if new_src = helper.send(:template_url_for_asset, :src => src, :current_folder=>current_folder, :parse_assets => true)
             "url(#{quote}#{new_src}#{quote})"
+          elsif !(src =~ /\.\./) && File.exist?(File.join(SITES_ROOT, current_site.public_path, src))
+            "url(#{quote}#{src}?#{File.mtime(File.join(SITES_ROOT, current_site.public_path, src)).to_i}#{quote})"
           else
             errors.add('asset', '{{asset}} not found', :asset => src.inspect)
             "url(#{quote}#{src}#{quote})"
@@ -93,17 +95,20 @@ class TextDocument < Document
           $&
         else
           quote, url   = $1, $2
-          if url =~ /\A\/\w\w.*?(\d+)(_\w+|)\./
+          if url =~ /\A\/\w\w\/.*?(\d+)(_\w+|)\./
             zip, mode = $1, $2
-            unless asset = secure(Node) { Node.find_by_zip(zip) }
+            if asset = secure(Node) { Node.find_by_zip(zip) }
+              if asset.fullpath =~ /\A#{current_folder}\/(.+)/
+                "url(#{quote}#{$1}#{mode}.#{asset.version.content.ext}#{quote})"
+              else
+                "url(#{quote}/#{asset.fullpath}#{mode}.#{asset.version.content.ext}#{quote})"
+              end
+            else
               errors.add('asset', '{{zip}} not found', :zip => zip)
               "url(#{quote}#{url}#{quote})"
             end
-            if asset.fullpath =~ /\A#{current_folder}\/(.+)/
-              "url(#{quote}#{$1}#{mode}.#{asset.version.content.ext}#{quote})"
-            else
-              "url(#{quote}/#{asset.fullpath}#{mode}.#{asset.version.content.ext}#{quote})"
-            end
+          elsif File.exist?(File.join(SITES_ROOT, current_site.public_path, url.sub(/\?\d+\Z/,'')))
+            "url(#{quote}#{url.sub(/\?\d+\Z/,'')}#{quote})"
           else
             # bad format
             errors.add('base', "cannot unparse asset url #{url.inspect}")

data/app/models/user.rb

@@ -1,5 +1,7 @@
 require 'digest/sha1'
 require 'tzinfo'
+require 'authlogic/crypto_providers/bcrypt'
+
 =begin rdoc
 There are two special users in each site :
 [anon] Anonymous user. Used to set defaults for newly created users.
@@ -21,12 +23,24 @@ things they can/cannot do :
 TODO: when a user is 'destroyed', pass everything he owns to another user or just mark the user as 'deleted'...
 =end
 class User < ActiveRecord::Base
+
+  acts_as_authentic do |c|
+    #c.transition_from_crypto_providers = Zena::InitialCryptoProvider
+    #c.crypto_provider = Authlogic::CryptoProviders::BCrypt
+    c.crypto_provider = Zena::CryptoProvider::Initial
+    c.validate_email_field = false
+    c.validate_login_field = false
+    c.require_password_confirmation = false
+    c.validate_password_field = false
+  end
+
   include RubyLess::SafeClass
+
   safe_attribute          :login, :name, :first_name, :email, :time_zone, :created_at, :updated_at
   safe_method             :initials => String, :fullname => String, :status => Number, :status_name => String
 
-  zafu_context            :contact => "Contact"
-  attr_accessible         :login, :password, :lang, :first_name, :name, :email, :time_zone, :status, :group_ids, :site_ids
+  safe_context            :contact => 'Contact'
+  attr_accessible         :login, :lang, :first_name, :name, :email, :time_zone, :status, :group_ids, :site_ids, :crypted_password, :password
   attr_accessor           :visited_node_ids
   attr_accessor           :ip
 
@@ -45,11 +59,6 @@ class User < ActiveRecord::Base
   validates_presence_of   :site_id
   before_create           :create_contact
 
-  def contact_with_secure
-    @contact ||= secure(Contact) { contact_without_secure }
-  end
-  alias_method_chain :contact, :secure
-
   Status = {
     :su          => 80,
     :admin       => 60,  # can create other users, manage site, etc
@@ -63,54 +72,8 @@ class User < ActiveRecord::Base
 
 
   class << self
-    # Returns the logged in user or nil if login and password do not match or if the user has no login access to the given host.
-    def login(login, password, host)
-      make_visitor :login => login, :password => password, :host => host
-    end
-
-    # Return the logged in visitor from the session[:user] or the anonymous user if id is nil or does not match
-    def make_visitor(opts)
-      raise ActiveRecord::RecordNotFound.new("host not found #{opts[:host]}") unless
-            site = opts[:site] || Site.find_by_host(opts[:host])
-
-      if opts[:id]        # session[:user]
-        conditions = ['users.id = ?', opts[:id]]
-      elsif opts[:login]  # login
-        return nil if opts[:password].blank?
-        conditions = ['login = ? AND password = ?',opts[:login], hash_password(opts[:password])]
-      else                # anonymous
-        conditions = ['users.id = ?', site[:anon_id]]
-      end
-
-      user = site.users.find(:first, :conditions => conditions)
-
-      if !user && opts[:id]
-        return make_visitor(:site => site) # anonymous user
-      end
-      return nil unless user
-      user.site = site
-      user.visit(site)
-      user.visit(user)
-
-      if user.reader?
-        unless Thread.current.respond_to?(:visitor)
-          class << Thread.current
-            attr_accessor :visitor
-          end
-        end
-        Thread.current.visitor = user
-      elsif !user.is_anon? && opts[:id]
-        # not a reader, refuse login
-        return make_visitor(:site => site)
-      else
-        # anon is not a reader, refuse anonymous user
-        nil
-      end
-    end
-
-    # Do not store clear passwords in the database (salted hash) :
-    def hash_password(string)
-      Digest::SHA1.hexdigest((string || '') + PASSWORD_SALT)
+    def find_allowed_user_by_login(login)
+      first(:conditions=>["login = ? and status > 0", login])
     end
 
     # Creates a new user without setting the defaults (used to create the first users of the site). Use
@@ -128,7 +91,14 @@ class User < ActiveRecord::Base
       end
       super(new_attrs)
     end
+
+  end
+
+  def contact_with_secure
+    @contact ||= secure(Contact) { contact_without_secure }
   end
+  alias_method_chain :contact, :secure
+
 
   # Each time a node is found using secure (Zena::Acts::Secure or Zena::Acts::SecureNode), this method is
   # called to set the visitor in the found object. This is also used to keep track of the opened nodes
@@ -157,28 +127,6 @@ class User < ActiveRecord::Base
     self[:email] || ""
   end
 
-  # Store the password, using SHA1. You should change the default value of PASSWORD_SALT (in Zena::ROOT/lib/zena.rb). This makes it harder to use
-  # rainbow tables to find clear passwords from hashed values.
-  def password=(string)
-    if string.blank?
-      self[:password] = nil
-    elsif string && string.length > 4
-      self[:password] = User.hash_password(string)
-    else
-      @password_too_short = true
-    end
-  end
-
-  # Never display the password (even the hash) outside.
-  def password
-    ""
-  end
-
-  # Test password
-  def password_is?(str)
-    self[:password] == User.hash_password(str)
-  end
-
   def status_name
     Num_to_status[status].to_s
   end
@@ -191,13 +139,13 @@ class User < ActiveRecord::Base
   # Return true if the user is the anonymous user for the current visited site
   def is_anon?
     # tested in site_test
-    current_site.anon_id == self[:id] && (!new_record? || self[:login].nil?) # (when creating a new site, anon_id == nil)
+    user_site.anon_id == self[:id] && (!new_record? || self[:login].nil?) # (when creating a new site, anon_id == nil)
   end
 
   # Return true if the user is the super user for the current visited site
   def is_su?
     # tested in site_test
-    current_site.su_id == self[:id]
+    user_site.su_id == self[:id]
   end
 
   # Return true if the user's status is high enough to start editing nodes.
@@ -231,7 +179,7 @@ class User < ActiveRecord::Base
   # Returns a list of the group ids separated by commas for the user (this is used mainly in SQL clauses).
   def group_ids
     @group_ids ||= if is_admin?
-      current_site.groups.map{|g| g[:id]}
+      site.groups.map{|g| g[:id]}
     else
       groups.find(:all, :order=>'name').map{ |g| g[:id] }
     end
@@ -287,20 +235,25 @@ class User < ActiveRecord::Base
   end
 
   private
+
+    def user_site
+      self.site || visitor.site # site when User is new
+    end
+
     def create_contact
       return unless visitor.site[:root_id] # do not try to create a contact if the root node is not created yet
 
       @contact = secure!(Contact) { Contact.new(
         # owner is the user except for anonymous and super user.
         # TODO: not sure this is a good idea...
-        :user_id       => (self[:id] == current_site[:anon_id] || self[:id] == current_site[:su_id]) ? visitor[:id] : self[:id],
+        :user_id       => (self[:id] == site[:anon_id] || self[:id] == site[:su_id]) ? visitor[:id] : self[:id],
         :v_title       => (name.blank? || first_name.blank?) ? login : fullname,
         :c_first_name  => first_name,
         :c_name        => (name || login ),
         :c_email       => email,
         :v_status      => Zena::Status[:pub]
       )}
-      @contact[:parent_id] = current_site[:root_id]
+      @contact[:parent_id] = site[:root_id]
 
       unless @contact.save
         # What do we do with this error ?
@@ -321,10 +274,10 @@ class User < ActiveRecord::Base
       self[:site_id] = visitor.site[:id]
 
       if new_record?
-        self.status = current_site.anon.status if status.blank?
-        self.lang   = current_site.anon.lang   if lang.blank?
+        self.status = site.anon.status if status.blank?
+        self.lang   = site.anon.lang   if lang.blank?
       elsif status.blank?
-        self.status   = current_site.anon.status
+        self.status   = site.anon.status
       end
 
       if login.blank? && !is_anon?
@@ -332,36 +285,30 @@ class User < ActiveRecord::Base
       end
     end
 
-    # Returns the current site (self = visitor) or the visitor's site
-    # FIXME: remove and use 'site'
-    def current_site
-      @site || visitor.site
-    end
-
     # Validates that anon user does not have a login, that other users have a password
     # and that the login is unique for the sites the user belongs to.
     def valid_user
       self[:site_id] = visitor.site[:id]
 
-      if !current_site.being_created? && !visitor.is_admin? && visitor[:id] != self[:id]
+      if !site.being_created? && !visitor.is_admin? && visitor[:id] != self[:id]
         errors.add('base', 'You do not have the rights to do this.')
         return false
       end
 
-      errors.add('lang', 'not available') unless current_site.lang_list.include?(lang)
+      errors.add('lang', 'not available') unless site.lang_list.include?(lang)
 
       if is_anon?
         # Anonymous user *must* have an empty login
         self[:login]    = nil
-        self[:password] = nil
+        self[:crypted_password] = nil
       else
         if new_record?
           # Refuse to add a user in a site if already a user with same login.
-          errors.add(:password, "can't be blank") if self[:password].nil? || self[:password] == ""
+          errors.add(:password, "can't be blank") if self[:crypted_password].nil? || self[:crypted_password] == ""
         else
           # get old password
           old = User.find(self[:id])
-          self[:password] = old[:password] if self[:password].nil? || self[:password] == ""
+          self[:crypted_password] = old[:crypted_password] if self[:crypted_password].nil? || self[:crypted_password] == ""
           errors.add(:login, "can't be blank") if self[:login].blank?
           errors.add(:status, 'You do not have the rights to do this.') if self[:id] == visitor[:id] && old.is_admin? && self.status.to_i != old.status
         end
@@ -386,14 +333,14 @@ class User < ActiveRecord::Base
     def valid_groups #:doc:
       g_ids = @defined_group_ids || (new_record? ? [] : group_set_ids)
       g_ids.reject! { |g| g.blank? }
-      g_ids << current_site.public_group_id
-      g_ids << current_site.site_group_id unless is_anon?
+      g_ids << site.public_group_id
+      g_ids << site.site_group_id unless is_anon?
       g_ids.uniq!
       g_ids.compact!
       self.groups = []
       g_ids.each do |id|
         group = Group.find(id)
-        unless current_site.being_created? || group.site_id == self.site_id
+        unless site.being_created? || group.site_id == self.site_id
           errors.add('group', 'not found')
           next
         end
@@ -403,7 +350,7 @@ class User < ActiveRecord::Base
 
     # Do not allow destruction of the site's special users.
     def dont_destroy_protected_users #:doc:
-      raise Zena::AccessViolation, "su and Anonymous users cannot be destroyed !" if current_site.protected_user_ids.include?(id)
+      raise Zena::AccessViolation, "su and Anonymous users cannot be destroyed !" if site.protected_user_ids.include?(id)
     end
 
     def old

data/app/models/user_session.rb

@@ -0,0 +1,4 @@
+class UserSession < Authlogic::Session::Base
+  self.find_by_login_method = :find_allowed_user_by_login
+
+end

data/app/models/version.rb

@@ -38,7 +38,7 @@ class Version < ActiveRecord::Base
                      :zip => Number, :user_zip => Number # FIXME: replace by 'id'....
   # writable
   attr_accessible    :title, :text, :summary, :comment, :publish_from, :lang, :status, :content_attributes, :dyn_attributes
-  zafu_context       :author => "Contact", :user => "User", :node => "Node"
+  safe_context       :author => 'Contact', :user => 'User', :node => 'Node'
 
   belongs_to            :user
   before_validation     :version_before_validation

data/app/views/comments/create.rjs

@@ -16,13 +16,13 @@
 update_page_content(page, @comment)
 =begin
 if @comment.new_record?
-  page.replace "#{params[:dom_id]}_form", :file => fullpath_from_template_url + "_form.erb"
+  page.replace "#{params[:dom_id]}_form", :file => template_path_from_template_url + "_form.erb"
 else
   pos = params[:position] || :before
   ref = params[:reference] || "#{params[:dom_id]}_add"
-  page.insert_html pos.to_sym, ref, :file => fullpath_from_template_url + ".erb"
+  page.insert_html pos.to_sym, ref, :file => template_path_from_template_url + ".erb"
   @comment = Comment.new
-  page.replace "#{params[:dom_id]}_form", :file => fullpath_from_template_url + "_form.erb"
+  page.replace "#{params[:dom_id]}_form", :file => template_path_from_template_url + "_form.erb"
   if params[:done]
     page << params[:done]
   else

data/app/views/comments/edit.rjs

@@ -1,2 +1,2 @@
-page.replace "#{params[:dom_id]}_#{@comment.zip}", :file => fullpath_from_template_url + "_form.erb"
+page.replace "#{params[:dom_id]}_#{@comment.zip}", :file => template_path_from_template_url + "_form.erb"
 page << "$('#{params[:dom_id]}_form_t').focusFirstElement();"

data/app/views/comments/update.rjs

@@ -1 +1 @@
-page.replace "#{params[:dom_id]}.#{@comment.zip}", :file => fullpath_from_template_url + ".erb"
+page.replace "#{params[:dom_id]}.#{@comment.zip}", :file => template_path_from_template_url + ".erb"

data/app/views/nodes/_import_results.rhtml

@@ -12,7 +12,7 @@
         <% else -%>
         <td><%= node.errors.empty? ? (node[:create_or_update]) : 'error' %></td>
         <td><%= _('%{count} versions') % {:count => node.instance_variable_get(:@versions_count)} %></td>
-        <td><%= !node.errors.empty? ? error_messages_for(node) : 'ok' %></td>
+        <td><%= !node.errors.empty? ? node.errors.map {|k,v| "[#{k}] #{v}"}.join(', ') : 'ok' %></td>
         <% end -%>
       </tr>
     <% end -%>

data/app/views/nodes/create.rjs

@@ -1,13 +1,13 @@
 update_page_content(page, @node)
 =begin
 if @node.new_record?
-  page.replace "#{params[:dom_id]}_form", :file => fullpath_from_template_url + "_form.erb"
+  page.replace "#{params[:dom_id]}_form", :file => template_path_from_template_url + "_form.erb"
 else
   pos = params[:position] || :before
   ref = params[:reference] || "#{params[:dom_id]}_add"
-  page.insert_html pos.to_sym, ref, :file => fullpath_from_template_url + ".erb"
+  page.insert_html pos.to_sym, ref, :file => template_path_from_template_url + ".erb"
   @node = @node.parent.new_child(:class => @node.class)
-  page.replace "#{params[:dom_id]}_form", :file => fullpath_from_template_url + "_form.erb"
+  page.replace "#{params[:dom_id]}_form", :file => template_path_from_template_url + "_form.erb"
   if params[:done]
     page << params[:done]
   else

data/app/views/templates/document_create_tabs/_file.rhtml

@@ -2,8 +2,7 @@
 <%= hidden_field 'node', 'parent_id', :value=>@node.parent_zip  %>
 <p class="btn_validate"><input type="submit" value='<%= _('validate') %>'/></p>
 
-<label for='attachment'><%= _('file') %></label>
-<input id="attachment<%= @uuid %>" name="attachment" onchange="Zena.get_filename('attachment<%= @uuid %>','node_v_title'); $('node_v_title').focus(); $('node_v_title').select();" class='file' type="file" />
+<%= upload_field %>
 
 <label for='node_name'><%= _('title') %></label>
 <input id='node_v_title' type='text' name='node[v_title]'/><br/>

data/app/views/templates/document_create_tabs/_import.rhtml

@@ -1,9 +1,14 @@
 <%= upload_form_tag( :controller => 'nodes', :action => 'import', :id => @node.parent_zip ) %>
 <p class="btn_validate"><input type="submit" value='<%= _('validate') %>'/></p>
 
-<label for='attachment'><%= _('file') %></label>
-<input id="attachment<%= @uuid %>" name="attachment" class='file' type="file" />
+<%= upload_field %>
+
 
 <label for='node_klass'><%= _('class of first element') %></label>
 <%= select('node', 'klass', Node.classes_for_form, :selected => 'Page' ) %><br/>
+
+<% if @node.can_publish? && !visitor.site.auto_publish? %>
+<label for='node_v_status'><%= _('publish nodes') %></label>
+<small><input type='checkbox' name='node[v_status]' value='50'/> <%= _('pub') %></small><br/>
+<% end -%>
 </form>