zena 1.2.3 → 1.2.4

data/app/models/relation_proxy.rb

@@ -70,7 +70,7 @@ class RelationProxy < Relation
   # get
 
   def other_link
-    other_links ? other_links[0] : nil
+    other_links ? other_links.first : nil
   end
 
   def other_id
@@ -100,9 +100,9 @@ class RelationProxy < Relation
     }.merge(opts)
     @records = secure(Node) { Node.find(:all, options) }
   end
-
+  
   LINK_ATTRIBUTES.each do |sym|
-    define_method(sym) do
+    define_method(:"other_#{sym}") do
       other_link ? other_link[sym] : nil
     end
   end

data/app/models/site.rb

@@ -470,9 +470,19 @@ class Site < ActiveRecord::Base
   # unpublished templates).
   def rebuild_index(nodes = nil, page = nil, page_count = nil)
     if !page
-      Site.logger.error("\n----------------- REBUILD INDEX FOR SITE #{host} -----------------\n")
       Zena::SiteWorker.perform(self, :rebuild_index)
     else
+      if page == 1
+        Site.logger.error("\n----------------- REBUILD INDEX FOR SITE #{host} -----------------\n")
+        # Reset reference to cache origin to make sure it is always overwritten
+        Zena::Use::ScopeIndex::AVAILABLE_MODELS.each do |klass|
+          changes = klass.column_names.select{|n| n =~ %r{(.*)_id}}.reject {|n| %w{node_id site_id}.include?(n)}.map do |c|
+            "#{c} = NULL"
+          end.join(', ')
+          Site.logger.error("#{klass.name}: reset #{changes}\n")
+          Zena::Db.execute "UPDATE #{klass.table_name} SET #{changes} WHERE site_id = #{id}"
+        end
+      end
       # do things
       nodes.each do |node|
         node.rebuild_index!

data/app/models/string_hash.rb

@@ -61,5 +61,5 @@ class StringHash < Hash
   end
 
   safe_context [:[], String] => String
-  safe_method :keys => [String]
+  safe_method :keys => {:class => [String], :method => 'keys.sort'}
 end

data/app/models/template.rb

@@ -40,7 +40,7 @@ class Template < TextDocument
   # Class Methods
   class << self
     def accept_content_type?(content_type)
-      content_type =~ /text\/(html|zafu)/
+      content_type =~ /text\/(zafu)/
     end
   end # Class Methods
 

data/app/models/user.rb

@@ -340,7 +340,7 @@ class User < ActiveRecord::Base
     end
   end
 
-  def find_node(path, zip, name, request)
+  def find_node(path, zip, name, request, need_write = false)
     secure!(Node) do
       if name =~ /^\d+$/
         Node.find_by_zip(name)
@@ -397,6 +397,11 @@ class User < ActiveRecord::Base
       if login.blank? && !is_anon?
         self.login = name
       end
+      
+      if !is_admin?
+        # Make sure we remove dev_skin settings if user is not an admin.
+        self[:dev_skin_id] = nil
+      end
     end
 
     # Validates that anon user does not have a login, that other users have a password

data/app/models/virtual_class.rb

@@ -34,7 +34,7 @@ class VirtualClass < Role
     attr_accessor :export_attributes
   end
 
-  self.export_attributes = %w{auto_create_discussion icon monolingual}
+  self.export_attributes = %w{auto_create_discussion icon monolingual content_type}
 
   attr_accessor :import_result
   belongs_to    :create_group, :class_name => 'Group', :foreign_key => 'create_group_id'
@@ -52,7 +52,10 @@ class VirtualClass < Role
   include Zena::Use::ScopeIndex::VirtualClassMethods
 
   property.boolean 'monolingual'
+  property.text    'content_type'
+  
   safe_method  :monolingual? => Boolean
+  safe_method  :content_type => String
   safe_method  :roles     => {:class => ['Role'], :method => 'sorted_roles'}
   safe_method  :relations => {:class => ['RelationProxy'], :method => 'all_relations'}
   safe_method  [:relations, String] => {:class => ['RelationProxy'], :method => 'filtered_relations'}
@@ -68,6 +71,17 @@ class VirtualClass < Role
     end
   end
   
+  # Class path hierarchy. Example for (Post) : N, NN, NNP  
+  def self.split_kpath(kpath)
+    parts = []
+    kpath.split(//).each_index { |i| parts << kpath[0..i] }
+    parts
+  end
+  
+  def split_kpath
+    @split_kpath ||= VirtualClass.split_kpath(kpath)
+  end
+  
   class Cache
     def initialize
       clear_cache!
@@ -240,6 +254,7 @@ class VirtualClass < Role
     attribute = opts[:class_attr] || 'name'
 
     VirtualClass.all_classes(base_kpath, opts[:without]).map do |vclass|
+      # Only insert allowed classes.
       if vclass.create_group_id.nil? || group_ids.include?(vclass.create_group_id)
         # white spaces are insecable spaces (not ' ')
         a, b = vclass.kpath, vclass.name
@@ -249,6 +264,15 @@ class VirtualClass < Role
       end
     end.compact
   end
+  
+  def sub_classes
+    @sub_classes ||= VirtualClass.all_classes(self.kpath).sort {|a,b| a.name <=> b.name}
+  end
+  
+  def content_type_re
+    # if content_type is empty => match all
+    @content_type_re ||= %r{^#{content_type || ".*"}$}
+  end
 
   # Include all roles into the this schema. By including the superclass
   # and all roles related to this class.
@@ -579,6 +603,17 @@ class VirtualClass < Role
       unless self[:real_class]
         errors.add('superclass', 'invalid')
       end
+      
+      if content_type =~ /[^a-zA-Z\.\-\/\*\|\\]/
+        errors.add('content_type', 'invalid characters')
+      else
+        begin
+          re = %r{^#{content_type}$}
+        rescue RegexpError => err
+          errors.add('content_type', err.message)
+        end
+      end
+      
     end
 
     def get_real_class(klass)

data/app/views/acls/_form.rhtml

@@ -21,7 +21,11 @@
       </tr>
       <tr>
         <td class='label'><%= _('action')%> <%= help(_('acl_action_help')) %></td>
-        <td><%= select('acl', 'action',  Acl::ACTIONS ) %></td>
+        <td>
+          <%= select('acl', 'action',  Acl::ACTIONS ) %>
+          
+          <%= _('create only: allow') %> <%= select('acl', 'create_kpath', Node.kpaths_for_form ) %>
+        </td>
       </tr>
       <tr class='priority'>
         <td class='label'><%= _('priority')%> <%= help(_('acl_priority_help')) %></td>

data/app/views/acls/_li.rhtml

@@ -1,7 +1,7 @@
 <tr id='acl<%= li[:id] %>'>
   <td class="adm_icon"><%= link_to_remote( _("img_acl"), :update=>"acl#{li[:id]}", :url=>edit_acl_path(li), :method=>:get) %></td>
   <td class='group'><%= li.group.name %></td>
-  <td class='act'><%= li.action %></td>
+  <td class='act'><%= li.action %><% if li.action == 'create' %> <span class='constant'><%= li.create_vclass_name %></span><% end %></td>
   <td class='name'><%= li.name %></td>
   <td class='mode'><%= li.mode %></td>
   <td class='format'><%= li.format %></td>

data/app/views/templates/document_create_tabs/_file.rhtml

@@ -12,4 +12,5 @@
 
 <label for='node_summary'><%= _('summary') %></label>
 <textarea id='node_summary' rows='3' name='node[summary]'></textarea><br/>
+<input type='hidden' name='redir' value='more'/>
 </form>

data/app/views/templates/document_create_tabs/_template.rhtml

@@ -11,7 +11,7 @@
 <input  id='title' type='text' name='node[title]'/><br/>
 
 <label for='node_target_klass'><%= _('class scope') %></label>
-<%= select('node', 'target_klass', Node.classes_for_form, {:include_blank => true} ) %><br/>
+<%= select('node', 'target_klass', Node.classes_for_form, {:include_blank => true}, {} ) %><br/>
 
 <label for='node_mode'><%= _('mode') %></label>
 <input  id='node_mode' type='text' name='node[mode]'/><br/>

data/app/views/users/_form.rhtml

@@ -23,6 +23,7 @@
     <% end -%>
     <% end -%>
       <tr><td class='label'><%= _("status")%>  </td><td><%= select('user', 'status', User::Status.reject {|k,v| v > User::Status[:admin]}.map{|k,v| [_(k.to_s),v]}.sort{|a,b| b[1] <=> a[1]}) %></td></tr>
+      <tr><td class='label'><%= _("single_access_token")%>  </td><td><%= @user.single_access_token %></td></tr>
       <tr><td class='label'><%= _('language')%>   </td><td><%= select('user', 'lang', visitor.site.lang_list.map {|l| [_(l),l]}) %></td></tr>
       <tr><td class='label'><%= _("time zone")%>  </td><td><select name='user[time_zone]'><%= options_for_select([''] + TZInfo::Timezone.all_identifiers, @user[:time_zone] || '') %></select></td></tr>
     <% unless @user.is_anon? -%>

data/app/views/virtual_classes/_form.erb

@@ -32,16 +32,17 @@
 
 <% if @virtual_class.kind_of?(VirtualClass) -%>
 <% Zena::Use::Fulltext::FULLTEXT_FIELDS.reverse_each do |fld| -%>
-    <tr><td class='label'><%= _(fld)%></td><td><%= text_area('virtual_class', fld, :rows => 2, :cols => 30) %></td></tr>
+    <tr><td class='label'><%= _(fld) %></td><td><%= text_area('virtual_class', fld, :rows => 2, :cols => 30) %></td></tr>
 <% end -%>
-    <tr><td class='label'><%= _('idx_class')%></td><td><%= select('virtual_class', 'idx_class', Zena::Use::ScopeIndex.models_for_form) %></td></tr>
-    <tr><td class='label'><%= _('idx_scope')%></td><td><%= text_area('virtual_class', 'idx_scope', :rows => 2, :cols => 30) %></td></tr>
-    <tr><td class='label'><%= _('idx_reverse_scope')%></td><td><%= text_area('virtual_class', 'idx_reverse_scope', :rows => 2, :cols => 30) %></td></tr>
-    <tr><td class='label'><%= _('prop eval')%></td><td><%= text_area('virtual_class', 'prop_eval', :rows => 2, :cols => 30) %></td></tr>
+    <tr><td class='label'><%= _('idx_class') %></td><td><%= select('virtual_class', 'idx_class', Zena::Use::ScopeIndex.models_for_form) %></td></tr>
+    <tr><td class='label'><%= _('idx_scope') %></td><td><%= text_area('virtual_class', 'idx_scope', :rows => 2, :cols => 30) %></td></tr>
+    <tr><td class='label'><%= _('idx_reverse_scope') %></td><td><%= text_area('virtual_class', 'idx_reverse_scope', :rows => 2, :cols => 30) %></td></tr>
+    <tr><td class='label'><%= _('prop eval') %></td><td><%= text_area('virtual_class', 'prop_eval', :rows => 2, :cols => 30) %></td></tr>
 
-    <tr><td class='label'><%= _('create group')%></td><td><%= select('virtual_class', 'create_group_id',  visitor.all_groups.map{|g| [g.name, g.id]} ) %></td></tr>
+    <tr><td class='label'><%= _('edit group') %></td><td><%= select('virtual_class', 'create_group_id',  visitor.all_groups.map{|g| [g.name, g.id]} ) %></td></tr>
     <tr><td class='label'><%= _('auto create discussion')%></td><td><%= check_box('virtual_class', 'auto_create_discussion') %></td></tr>
-    <tr><td class='label'><%= _('monolingual')%></td><td><%= check_box('virtual_class', 'monolingual') %></td></tr>
+    <tr><td class='label'><%= _('monolingual') %></td><td><%= check_box('virtual_class', 'monolingual') %></td></tr>
+    <tr><td class='label'><%= _('content_type')%></td><td><%= text_field('virtual_class', 'content_type') %></td></tr>
 <% end -%>
     <tr><td class='label'><%= _('icon')%>      </td><td><%= text_field('virtual_class', 'icon',        :size=>15 ) %></td></tr>
     <tr><td colspan='2'><p class='btn_validate'><input type='submit' value='<%= _('validate') %>'/></p></td></tr>

data/bricks/acls/lib/bricks/acls.rb

@@ -34,7 +34,11 @@ module Bricks
       def acl_authorized?(action, params, request)
         node = nil
         group_ids_bak = group_ids.dup
-        acls(action, params[:mode], params[:format]).each do |acl|
+        if action == 'create'
+          klass = (params['node'] || {})['klass']
+        end
+        
+        acls(action, params[:mode], params[:format], klass).each do |acl|
           # Load exec_group to execute query
           if acl.exec_group_id
             @group_ids = group_ids_bak + [acl.exec_group_id]
@@ -56,27 +60,46 @@ module Bricks
 
       # Find all acls for the visitor for a given action. The action should
       # be one of the following: 'create', 'read', 'update', 'delete'. See
-      # Acl::ACTIONS.
-      def acls(action, mode, format)
+      # Acl::ACTIONS. If the action is 'create', we should also pass the class
+      # of the object to create.
+      def acls(action, mode, format, klass = nil)
         mode = '' if mode.blank?
         # Can the format be blank ?
         format = 'html' if format.blank?
-        secure(Acl) { Acl.find(:all,
-          :conditions => [
-            'group_id IN (?) AND action = ? AND (mode = ? OR mode = ?) AND (format = ? OR format = ?)',
-             group_ids, action, '*', mode, '*', format],
-          :order => 'priority DESC'
-        )} || []
+        if action == 'create'
+          return [] unless klass = VirtualClass[klass || 'Node']
+          # Can the format be blank ?
+          format = 'html' if format.blank?
+          secure(Acl) { Acl.find(:all,
+            :conditions => [
+              'group_id IN (?) AND action = ? AND (mode = ? OR mode = ?) AND (format = ? OR format = ?) AND create_kpath IN (?)',
+               group_ids, action, '*', mode, '*', format, klass.split_kpath],
+            :order => 'priority DESC'
+          )}
+        else
+          secure(Acl) { Acl.find(:all,
+            :conditions => [
+              'group_id IN (?) AND action = ? AND (mode = ? OR mode = ?) AND (format = ? OR format = ?)',
+               group_ids, action, '*', mode, '*', format],
+            :order => 'priority DESC'
+          )}
+        end || []
       end
 
       def get_skin_with_acls(node)
         exec_acl ? exec_acl.exec_skin : get_skin_without_acls(node)
       end
 
-      def find_node_with_acls(path, zip, name, request)
-        find_node_without_acls(path, zip, name, request)
-      rescue ActiveRecord::RecordNotFound
-        raise unless visitor.use_acls?
+      def find_node_with_acls(path, zip, name, request, need_write = false)
+        n = find_node_without_acls(path, zip, name, request, need_write) rescue nil
+        if !n || (!n.can_write? && need_write)
+          n = find_node_force_acls(path, zip, name, request) || n
+        end
+        n
+      end
+      
+      def find_node_force_acls(path, zip, name, request)
+        raise ActiveRecord::RecordNotFound unless visitor.use_acls?
         acl_params = request.params.dup
         if name =~ /^\d+$/
           acl_params[:id] = name
@@ -86,8 +109,13 @@ module Bricks
         else
           acl_params[:id] = zip
         end
-
-        visitor.acl_authorized?(::Acl::ACTION_FROM_METHOD[request.method], acl_params, request)
+        if request.path =~ %r{^/nodes/\d+/zafu$}
+          # This is to allow preview by using POST requests (long text in js).
+          action = 'read'
+        else
+          action = ::Acl::ACTION_FROM_METHOD[request.method]
+        end
+        visitor.acl_authorized?(action, acl_params, request)
       end
     end # UserMethods
   end # Acls

data/bricks/acls/zena/migrate/20130313110443_add_create_kpath_to_acl.rb

@@ -0,0 +1,13 @@
+class AddCreateKpathToAcl < ActiveRecord::Migration
+  def self.up
+    add_column :acls, :create_kpath, :string, :limit => 200
+    add_index :acls, ["create_kpath", "group_id", "action", "site_id"]
+  rescue
+    # Could be run twice (was in zena brick by mistake in zena 1.2.4pre)
+  end
+
+  def self.down
+    remove_column :groups, :auto_publish
+    remove_index :acls, :column => ["create_kpath", "group_id", "action", "site_id"]
+  end
+end

data/bricks/acls/zena/migrate/20130429073432_fix_create_kpath_default.rb

@@ -0,0 +1,8 @@
+class FixCreateKpathDefault < ActiveRecord::Migration
+  def self.up
+    execute %Q{UPDATE acls SET create_kpath = 'N' WHERE create_kpath IS NULL}
+  end
+
+  def self.down
+  end
+end

data/bricks/acls/zena/test/integration/acl_integration_test.rb

@@ -145,7 +145,8 @@ class AclIntegrationTest < Zena::Integration::TestCase
         setup do
           # The visitor can create objects in assigned_project as direct parent
           Zena::Db.execute "UPDATE acls SET query = '%q{assigned_project}', action = 'create' WHERE id = #{acls_id(:rap)}"
-          @create_url = "http://erebus.host/nodes?node[parent_id]=#{nodes_zip(:queen)}&node[klass]=Page&node[title]=foobar"
+          @create_url = "http://erebus.host/nodes?node[parent_id]=#{nodes_zip(:queen)}&node[klass]=Contact&node[title]=foobar"
+          @create_bad = "http://erebus.host/nodes?node[parent_id]=#{nodes_zip(:queen)}&node[klass]=Page&node[title]=foobar"
         end
 
         context 'with wrong user status' do
@@ -170,6 +171,14 @@ class AclIntegrationTest < Zena::Integration::TestCase
             assert_equal nodes_id(:queen), node.parent_id
             assert_equal 'foobar', node.title
           end
+          
+          context 'with wrong klass type' do
+            should 'create item' do
+              assert_difference('Node.count', 0) do
+                post @create_bad
+              end
+            end
+          end
 
           should 'not create item out of acl scope' do
             assert_difference('Node.count', 0) do
@@ -177,6 +186,30 @@ class AclIntegrationTest < Zena::Integration::TestCase
             end
             assert_response :missing
           end
+          
+          context 'with read access' do
+            setup do
+              # We must grant read access on visitor node to avoid errors in page rendering
+              Zena::Db.execute "UPDATE nodes SET rgroup_id = #{groups_id(:site)} WHERE id IN (#{nodes_id(:queen)},#{nodes_id(:demeter)})"
+            end
+            
+            should 'read without acl' do
+              get "http://erebus.host/oo/project#{nodes_zip(:queen)}.html"
+              assert_response :success
+              assert_nil visitor.exec_acl
+            end
+            
+            should 'load acl' do
+              assert_difference('Node.count', 1) do
+                post @create_url
+              end
+              node = assigns(:node)
+              assert visitor.exec_acl
+              assert_equal visitor.id, node.user_id
+              assert_equal nodes_id(:queen), node.parent_id
+              assert_equal 'foobar', node.title
+            end
+          end
 
           context 'without use acl' do
             setup do
@@ -223,6 +256,25 @@ class AclIntegrationTest < Zena::Integration::TestCase
             put "http://erebus.host/nodes/#{nodes_zip(:queen)}?node[title]=foobar"
             assert_response :missing
           end
+          
+          context 'with read access' do
+            setup do
+              # We must grant read access on visitor node to avoid errors in page rendering
+              Zena::Db.execute "UPDATE nodes SET rgroup_id = #{groups_id(:site)} WHERE id IN (#{nodes_id(:persephone)},#{nodes_id(:demeter)})"
+            end
+            
+            should 'read without acl' do
+              get "http://erebus.host/oo/contact#{nodes_zip(:persephone)}.html"
+              assert_response :success
+              assert_nil visitor.exec_acl
+            end
+            
+            should 'load acl' do
+              put @update_url
+              assert_equal 'foobar', nodes(:persephone).title
+              assert visitor.exec_acl
+            end
+          end
 
           context 'without use acl' do
             setup do

data/bricks/acls/zena/test/sites/erebus/acls.yml

@@ -17,6 +17,27 @@ rap:
   # allow any format
   format:          '*'
 
+# Create Posts in assigned projects
+create_rap:
+  name:            create posts in assigned projects
+  # Anyone in the 'sky' group
+  group:           sky
+  # can create
+  action:          create
+  # in  'assigned_projects'
+  query:           "%q{assigned_projects}"
+  # objects with kpath
+  create_kpath:    NRC
+  # by receiving the 'erebus' access group
+  exec_group:      erebus
+  # and viewing it through the 'sky' Skin.
+  exec_skin:       sky
+  priority:        10
+  # allow any mode
+  mode:            '*'
+  # allow any format
+  format:          '*'
+
 # Read self (this never matches)
 self:
   name:            read assigned projects