zena 1.1.1 → 1.1.2

data/History.txt

@@ -1,7 +1,22 @@
+== 1.1.2 2011-11-09
+
+* Minor changes
+ * Support sorting by scope index fields.
+ * Fixed bug in math brick (using Open4 instead of system with redirections).
+ * Added 'change_prop' method in console.
+ * Fixed a bug with 404 pages not showing in the correct language.
+ * Fixed a bug with properties called 'copy' not working as expected.
+ * Added <r:style> tag for dynamic CSS.
+ * Added support for 'value' in 'date' input fields.
+ * Added comment on property definition.
+ * Added 'coalesce' method in queries.
+ * Added 'asset_host?' in Acl queries.
+
 == 1.1.1 2011-07-12
 
 * Minor changes
  * Fixed scoped DOM ids in saved template.
+ * Cosmetic changes to backend.css (menu on the left).
 
 == 1.1.0 2011-07-11
 

data/app/controllers/nodes_controller.rb

@@ -35,7 +35,7 @@ class NodesController < ApplicationController
         format.xml  { render :xml => @node.to_xml }
       end
     elsif base_node = visitor.node_without_secure
-      if node = visitor.find_node(nil, base_node.zip, nil, {}, :get)
+      if node = visitor.find_node(nil, base_node.zip, nil, request)
         # If the visitor is acl authorized to view his own node,
         # redirect there.
         redirect_to zen_path(node)
@@ -132,13 +132,13 @@ class NodesController < ApplicationController
         # swap (a way to preview content by drag & drop)
         @node = other
       elsif params[:change] == 'receiver'
-        attributes[:copy] = other
+        attributes[:_copy] = other
         @node.update_attributes_with_transformation(attributes)
         if !@node.errors.empty?
           @errors = @node.errors
         end
       else
-        attributes[:copy] = @node
+        attributes[:_copy] = @node
         other.update_attributes_with_transformation(attributes)
         if !other.errors.empty?
           @errors = other.errors
@@ -223,7 +223,7 @@ class NodesController < ApplicationController
 
     begin
       # Make sure we can load parent (also enables ACL to work for us here).
-      parent = visitor.find_node(nil, attrs.delete('parent_zip'), nil, {}, :post)
+      parent = visitor.find_node(nil, attrs.delete('parent_zip'), nil, request)
       @node = parent.new_child(attrs, false)
       @node.save
     rescue ActiveRecord::RecordNotFound
@@ -542,7 +542,12 @@ class NodesController < ApplicationController
         if request.env['REQUEST_PATH']
           # request.env['REQUEST_PATH'] is not set during testing (but this is
           # a temporary hack anyway)
-          path = params[:path] = request.env['REQUEST_PATH'].split('/')[2..-1]
+          if path = request.env['REQUEST_PATH'].split('/')[2..-1]
+            params[:path] = path
+          else
+            Node.logger.warn("REQUEST_PATH: #{request.env['REQUEST_PATH'].inspect}")
+            path = params[:path]
+          end
         end
         if path.last =~ Zena::Use::Urls::ALLOWED_REGEXP
           zip    = $3
@@ -558,14 +563,14 @@ class NodesController < ApplicationController
 
           # We use the visitor to find the node in order to ease implementation
           # of custom access rules (Acl).
-          @node = visitor.find_node(path, zip, name, params, request.method)
+          @node = visitor.find_node(path, zip, name, request)
         else
           # bad url
           Node.logger.warn "Path #{path.last.inspect} does not match #{Zena::Use::Urls::ALLOWED_REGEXP}"
           raise ActiveRecord::RecordNotFound
         end
       elsif params[:id]
-        @node = visitor.find_node(nil, params[:id], nil, params, request.method)
+        @node = visitor.find_node(nil, params[:id], nil, request)
       end
 
       if params[:link_id]
@@ -592,7 +597,7 @@ class NodesController < ApplicationController
 
       case params[:action]
       when 'index'
-        # TODO: this should live in I18n (and maybe it is not needed anymore)
+        # We need this redirection here to enable document caching in another lang
         # bad prefix '/so', '/rx' or '/en?lang=fr'
         if params[:prefix] != prefix
           set_visitor_lang(params[:prefix])

data/app/models/acl.rb

@@ -15,6 +15,8 @@ class Acl < ActiveRecord::Base
   include RubyLess
 
   safe_method :params  => Zena::Use::ZafuSafeDefinitions::ParamsDictionary
+  safe_method :asset_host?  => Boolean
+  safe_method :visitor => User
 
   def safe_method_type(signature, receiver = nil)
     if type = super
@@ -26,8 +28,8 @@ class Acl < ActiveRecord::Base
     end
   end
 
-  def authorize?(base_node, params)
-    res = Node.find_by_sql(eval(make_query(base_node, params).to_s))
+  def authorize?(base_node, params, request)
+    res = Node.find_by_sql(eval(make_query(base_node, params, request).to_s))
     if res.empty?
       nil
     else
@@ -43,6 +45,16 @@ class Acl < ActiveRecord::Base
     @exec_skin ||= secure(Skin) { Skin.find(exec_skin_id) }
   end
 
+  # Returns true if we are on the asset host.
+  def asset_host?
+    @asset_host
+  end
+
+  # Make visitor public so that we can use 'visitor' in queries.
+  def visitor
+    super
+  end
+
   protected
     def set_defaults
       self.format = 'html' if format.blank?
@@ -58,12 +70,14 @@ class Acl < ActiveRecord::Base
     end
 
     def validate_acl
-      make_query(visitor.prototype, {})
+      make_query(visitor.prototype)
     end
 
-    def make_query(node, params)
+    def make_query(node, params = {}, request = nil)
       @node   = node
       @params = params
+      @asset_host = request ? request.port.to_i == Zena::ASSET_PORT : false
+
       # We add a stupid order clause to avoid the 'order by title' thing.
       query = Node.build_query(:first, self.query + ' order by id asc',
         :node_name       => '@node',
@@ -84,4 +98,4 @@ class Acl < ActiveRecord::Base
       errors.add(:query, err.message)
       nil
     end
-end
+end

data/app/models/column.rb

@@ -61,9 +61,11 @@ class Column < ActiveRecord::Base
   end
 
   def export
+    root = current_site.root_node
     {
       'ptype' => ptype,
       'index' => index,
+      'comment' => root.unparse_assets(comment, root, 'comment')
     }
   end
 

data/app/models/node.rb

@@ -846,10 +846,10 @@ class Node < ActiveRecord::Base
       res = {}
       res['parent_id'] = new_attributes[:_parent_id] if new_attributes[:_parent_id] # real id set inside zena.
 
+      copy_node = new_attributes.delete(:_copy)
       attributes = new_attributes.stringify_keys
 
-      if attributes['copy'] || attributes['copy_id']
-        copy_node = attributes.delete('copy')
+      if copy_node || attributes['copy_id']
         copy_node ||= Node.find_by_zip(attributes.delete('copy_id'))
         attributes = copy_node.replace_attributes_in_values(attributes)
       end
@@ -1009,6 +1009,7 @@ class Node < ActiveRecord::Base
   end
 
   # Parse text and replace ids '!30!' by their pseudo path '!(img/bird)!'
+  # key is used in TextDocument overloaded method.
   def unparse_assets(text, helper, key)
     ZazenParser.new(text,:helper=>helper).render(:translate_ids => :relative_path, :node=>self)
   end

data/app/models/site.rb

@@ -33,6 +33,9 @@ class Site < ActiveRecord::Base
   # Should be the same serialization as in Node
   include Property::Serialization::JSON
 
+  # TODO: can we just use MLIndex in app.rb ?
+  include Zena::Use::MLIndex::SiteMethods
+
   @@attributes_for_form = {
     :bool => %w{authentication http_auth auto_publish},
     :text => %w{name languages default_lang},

data/app/models/user.rb

@@ -328,7 +328,7 @@ class User < ActiveRecord::Base
     end
   end
 
-  def find_node(path, zip, name, params, method)
+  def find_node(path, zip, name, request)
     secure!(Node) do
       if name =~ /^\d+$/
         Node.find_by_zip(name)

data/app/views/columns/_add.html.erb

@@ -1,7 +1,7 @@
 <tr id='add_column' class='btn_add'>
   <td class='add'><%= link_to_function _('btn_column_add'), "['add_column', 'add_column_form'].each(Element.toggle); $('column_name').focus();" %></td>
-  <td class='add_column' colspan='2'></td>
+  <td class='add_column' colspan='3'></td>
 </tr>
 <tr id='add_column_form' style='display:none;'>
   <%= render :partial=>'columns/form' %>
-</tr>
+</tr>

data/app/views/columns/_form.html.erb

@@ -5,7 +5,7 @@
     link_to_function _('btn_x'), "['add_column', 'add_column_form'].each(Element.toggle)"
   end %>
 </td>
-<td class="add" colspan='2'>
+<td class="add" colspan='3'>
   <div id='column_errors'><%= error_messages_for(:column, :object => @column) %></div>
   <% if @column.new_record? %>
   <%= form_remote_tag(:url => columns_path ) %>
@@ -25,6 +25,12 @@
       <td><%= text_field('column', 'name',  :size=>15 ) %></td>
       <td><span class='text'><%= select_tag "column[index]", grouped_options_for_select(Column.indices_for_form, @column.index, '') %></span></td>
     </tr>
+    <tr>
+      <td class='label'><%= _("comment") %></td>
+      <td colspan='3'>
+        <%= text_area('column', 'comment', :rows => 2, :cols => 50) %>
+      </td>
+    </tr>
     <tr><td colspan='4'><p class='btn_validate'><input type='submit' value='<%= _('validate') %>'/></p></td></tr>
   </table>
   </form>
@@ -33,4 +39,4 @@
   <p class='destroy'><%= _('destroy property') %> <input type='submit' value='<%= _('destroy') %>'></p>
   </form>
   <% end -%>
-</td>
+</td>

data/app/views/columns/_li.html.erb

@@ -9,4 +9,7 @@
   <td class='index'>
     <%= li.index_name %>
   </td>
-</tr>
+  <td class='comment zazen'>
+    <%= li.comment ? zazen(li.comment) : '' %>
+  </td>
+</tr>

data/app/views/columns/index.html.erb

@@ -1,11 +1,11 @@
 <h2 class='title'><%= _('properties') %></h2>
 
 <table id='column_list' class='admin' cellspacing="0">
-  <tr><th class='nav' colspan='3'><%= will_paginate @columns %></th></tr>
+  <tr><th class='nav' colspan='4'><%= will_paginate @columns %></th></tr>
   <% role_id = nil; @columns.each do |col| -%>
     <% if col.role_id != role_id; role_id = col.role_id -%>
     <tr class='<%= col.role.class.to_s.underscore %>'>
-      <th class='nav sub constant' colspan='3'>
+      <th class='nav sub constant' colspan='4'>
         <span class='kpath'><%= col.role.kpath %></span> <%= col.role.name %>
       </th>
     </tr>

data/app/views/zafu/default/Node-+adminLayout.zafu

@@ -1,6 +1,14 @@
 <r:include template='$default/Node-admin'>
+  <r:with part='logo'>
+    <r:root do='link'/>
+  </r:with>
+  <r:with part='navigation'>
+    <ul id='menu' do='admin_links'>
+      <li do='each' do='show'>x</li>
+    </ul>
+  </r:with>
   <r:with part='content' do='content_for_layout'>
-    <r:include template='Node' part='title'/>
+    <h2 class='title' do='title'/>
     <div id='related' do='visitor'>
       <r:to_publish>
         <h3 class='group' do='trans'>to publish</h3>

data/app/views/zafu/default/Node-admin.zafu

@@ -15,16 +15,17 @@
   <r:uses_datebox/>
 </head>
 <body>
-  <h1 id='logo' do='link'>admin_interface</h1>
+  <h1 id='logo'>
+    <r:link>admin_interface</r:link>
+  </h1>
   <div id='container'>
     <div id='navigation'>
-      <ul id='menu' do='admin_links'>
+      <ul id='menu' do='admin_links' list='home'>
         <li do='each' do='show'>x</li>
       </ul>
     </div>
 
     <div id='content'>
-      <h1 id='title'><r:title/> <span class='klass'>(<r:klass/>)</span></h1>
       <div id='preview'>
         <h2 class='preview' do='link' do='t'>view_live</h2>
         <r:Image?>
@@ -38,6 +39,8 @@
         </r:Image?>
       </div>
 
+      <h1 id='title'><r:title/> <span class='klass'>(<r:klass/>)</span></h1>
+
       <div id='actions'>
         <r:if test='can_edit?'>
           <label do='t("edit #{klass}")'/>

data/bricks/acls/lib/bricks/acls.rb

@@ -31,7 +31,7 @@ module Bricks
         end
       end
 
-      def acl_authorized?(action, params, base_node = nil)
+      def acl_authorized?(action, params, request)
         node = nil
         group_ids_bak = group_ids.dup
         acls(action, params[:mode], params[:format]).each do |acl|
@@ -39,8 +39,8 @@ module Bricks
           if acl.exec_group_id
             @group_ids = group_ids_bak + [acl.exec_group_id]
           end
-          base_node ||= self.node_without_secure
-          if node = acl.authorize?(base_node, params)
+          base_node = self.node_without_secure
+          if node = acl.authorize?(base_node, params, request)
             self.exec_acl = acl
             # Keep loaded exec_group
             return node
@@ -73,11 +73,11 @@ module Bricks
         exec_acl ? exec_acl.exec_skin : get_skin_without_acls(node)
       end
 
-      def find_node_with_acls(path, zip, name, params, method)
-        find_node_without_acls(path, zip, name, params, method)
+      def find_node_with_acls(path, zip, name, request)
+        find_node_without_acls(path, zip, name, request)
       rescue ActiveRecord::RecordNotFound
         raise unless visitor.use_acls?
-        acl_params = params.dup
+        acl_params = request.params.dup
         if name =~ /^\d+$/
           acl_params[:id] = name
         elsif name
@@ -87,7 +87,7 @@ module Bricks
           acl_params[:id] = zip
         end
 
-        visitor.acl_authorized?(::Acl::ACTION_FROM_METHOD[method], acl_params)
+        visitor.acl_authorized?(::Acl::ACTION_FROM_METHOD[request.method], acl_params, request)
       end
     end # UserMethods
   end # Acls

data/bricks/acls/zena/test/unit/acl_test.rb

@@ -5,6 +5,11 @@ class AclTest < Zena::Unit::TestCase
   def base_node
     visitor.node_without_secure
   end
+  MockRequest = Struct.new(:method, :params, :port)
+
+  def mock_request(method = :get, params = {}, port = 0)
+    MockRequest.new(method, params, port)
+  end
 
   context 'On a site with acl' do
     setup do
@@ -26,17 +31,17 @@ class AclTest < Zena::Unit::TestCase
 
         context 'with a matching query' do
           should 'authorize' do
-            assert subject.authorize?(base_node, :id => nodes_zip(:queen))
+            assert subject.authorize?(base_node, {:id => nodes_zip(:queen)}, mock_request)
           end
 
           should 'return searched node' do
-            assert_equal nodes_id(:queen), subject.authorize?(base_node, :id => nodes_zip(:queen)).id
+            assert_equal nodes_id(:queen), subject.authorize?(base_node, {:id => nodes_zip(:queen)}, mock_request).id
           end
         end # with a matching query
 
         context 'with a node outside the query' do
           should 'not authorize' do
-            assert_nil subject.authorize?(base_node, {:id => nodes_zip(:over_zeus)})
+            assert_nil subject.authorize?(base_node, {:id => nodes_zip(:over_zeus)}, mock_request)
           end
         end # with a node outside the query
 
@@ -44,6 +49,23 @@ class AclTest < Zena::Unit::TestCase
 
     end # an acl
 
+    context 'saving an acl with asset_host in query' do
+      subject do
+        acls(:rap)
+      end
+
+      should 'validate' do
+        erebus_id = groups_id(:erebus)
+        visitor.instance_eval do
+          @group_ids = self.group_ids + [erebus_id]
+        end
+        assert subject.update_attributes(:query => 'nodes where 1 = #{asset_host? ? 1 : 0} in site')
+        assert_nil subject.authorize?(base_node, {:id => nodes_zip(:over_zeus)}, mock_request)
+        assert_equal 'A plan to overrule Zeus', subject.authorize?(base_node, {:id => nodes_zip(:over_zeus)}, mock_request(:get, {}, 80)).title
+      end
+    end # saving an acl with asset_host in query
+
+
     context 'a visitor' do
       context 'with normal access' do
         subject do
@@ -54,7 +76,7 @@ class AclTest < Zena::Unit::TestCase
         should 'find nodes' do
           assert_equal nodes(:over_zeus).id,
                        subject.find_node(
-                        nil, nodes_zip(:over_zeus), nil, {}, :get
+                        nil, nodes_zip(:over_zeus), nil, mock_request(:get)
                        ).id
         end
       end # with normal access
@@ -69,13 +91,13 @@ class AclTest < Zena::Unit::TestCase
           should 'find node in acl scope' do
             assert_equal nodes(:queen).id,
                          subject.find_node(
-                          nil, nodes_zip(:queen), nil, {}, :get
+                          nil, nodes_zip(:queen), nil, mock_request(:get)
                          ).id
           end
 
           should 'not find node out of acl scope' do
             assert_raise(ActiveRecord::RecordNotFound) do
-              subject.find_node(nil, nodes_zip(:over_zeus), nil, {}, :get)
+              subject.find_node(nil, nodes_zip(:over_zeus), nil, mock_request(:get))
             end
           end
 
@@ -87,7 +109,7 @@ class AclTest < Zena::Unit::TestCase
             should 'try acls in turn' do
               assert_equal nodes(:wedding).id,
                            subject.find_node(
-                            nil, nodes_zip(:wedding), nil, {}, :get
+                            nil, nodes_zip(:wedding), nil, mock_request(:get)
                            ).id
             end
           end # with many acls
@@ -95,13 +117,13 @@ class AclTest < Zena::Unit::TestCase
           context 'using method without acl' do
             should 'not find node out of acl scope' do
               assert_raise(ActiveRecord::RecordNotFound) do
-                subject.find_node(nil, nodes_zip(:queen), nil, {}, :put)
+                subject.find_node(nil, nodes_zip(:queen), nil, mock_request(:put))
               end
               assert_raise(ActiveRecord::RecordNotFound) do
-                subject.find_node(nil, nodes_zip(:queen), nil, {}, :delete)
+                subject.find_node(nil, nodes_zip(:queen), nil, mock_request(:delete))
               end
               assert_raise(ActiveRecord::RecordNotFound) do
-                subject.find_node(nil, nodes_zip(:queen), nil, {}, :post)
+                subject.find_node(nil, nodes_zip(:queen), nil, mock_request(:post))
               end
             end
           end # using method without acl
@@ -115,7 +137,7 @@ class AclTest < Zena::Unit::TestCase
 
           should 'not find nodes' do
             assert_raise(ActiveRecord::RecordNotFound) do
-              subject.find_node(nil, nodes_zip(:queen), nil, {}, :get)
+              subject.find_node(nil, nodes_zip(:queen), nil, mock_request(:get))
             end
           end
         end # without acl enabled