zena 1.2.3 → 1.2.4

data/History.txt

@@ -1,8 +1,36 @@
+== 1.2.4 2013-06-13
+
+* Major changes
+ * Added class filtering to Acl in 'create' action. <== TODO: Document
+ * Uploading html files does not transform them into zafu (use .zafu ext for this)
+ * Added file upload support from zena remote API.
+ * Added 'content_type' regexp to force virtual class on Document creation. <== TODO: Document
+ * Extended "create group" in vclass to be "allow group" (edit).
+ * Added support for [versions_list] to display list of versions and status.
+ 
+* Minor changes
+ * Support for raw html in zazen with '<notextile>' or '<html>' tag. Must be allowed with notextile='true' on [zazen] tag.
+ * Fixed preview of content with ACL (considering the POST on /zafu as a 'read').
+ * Added support for "class not like Image" or "class <> Image" to sqliss.
+ * Added url to clear cache with /sites/clear_cache (admin only). <== TODO: Document
+ * encode_params now supports arrays.
+ * Add 'id' to date input.
+ * Fixed 404 error.
+ * Toggle takes dynamic parameters for "js" and "arity".
+ * Fixed multiple toggles side-by-side.
+ * Fixed nested blocks and class scoping.
+ * Added support for "onUpdate" in [input] with date type.
+ * Hash 'keys' returns sorted elements in zafu.
+ * Improved computation of width and height in [img] when using 'forced' iformat.
+ * Image width and height properties auto-fix themselves (need to read file on each display if not fixed).
+ * Added support for 'mode' in encode_params.
+ * Fixed [link_name]_status, _comment and other relation proxy methods.
+
 == 1.2.3 2013-03-11
 
 * Major changes
  * Better support for Passenger (deploy receipt, asset host)
- * Support for 'sortable' <== TODO: Document
+ * Support for 'sortable'
  * html_escape all properties by default
  * Better support for Passenger (default deployment method now)
  * Simplified caching (using cachestamp in filename)

data/Rakefile

@@ -5,7 +5,6 @@ require(File.join(File.dirname(__FILE__), 'config', 'boot'))
 
 require 'rake'
 require 'rake/testtask'
-require 'rake/rdoctask'
 
 require 'tasks/rails'
 

data/app/controllers/documents_controller.rb

@@ -13,7 +13,7 @@ class DocumentsController < ApplicationController
   def new
     # Use the Template class so that we can use the same object in forms which need the Template properties.
     @node = @parent.new_child(:class => Template)
-
+    
     respond_to do |format|
       format.html
     end

data/app/controllers/nodes_controller.rb

@@ -23,7 +23,7 @@ class NodesController < ApplicationController
   if Bricks.raw_config['passenger']
     before_filter :escape_path, :only => [:index, :show]
   end
-  before_filter :find_node, :except => [:index, :create, :not_found, :catch_all, :search]
+  before_filter :find_node, :except => [:index, :create, :update, :zafu, :not_found, :catch_all, :search]
   before_filter :check_can_drive, :only => [:edit]
   before_filter :check_path,      :only => [:index, :show]
 
@@ -113,10 +113,23 @@ class NodesController < ApplicationController
     end
   end
 
-  # RJS method. show.js not working... ?
-  # FIXME: remove.
+  # RJS method. Enables using POST in JS for large text preview. Seen as 'read' in ACL.
   def zafu
-    return self.update if params[:method] == 'put'
+    # We allow preview by using POST requests (long text in js) but they should appear as 'GET' in 
+    # find_node.
+    request.method = 'GET' if request.method == 'POST'
+    
+    @node = visitor.find_node(nil, params[:id], nil, request)
+
+    if params[:link_id]
+      @link = Link.find_through(@node, params[:link_id])
+    end
+    
+    # security risk with ACL (change an object before display with extended rights). Must check no ACL before
+    # preview. Only enable with proper security if this is really needed.
+    # if params['node']
+    #   @node.attributes = secure(Node) {Node.transform_attributes(params['node'], @node, true)}
+    # end
     respond_to do |format|
       format.js { render :action => 'show' }
     end
@@ -225,12 +238,20 @@ class NodesController < ApplicationController
 
     begin
       # Make sure we can load parent (also enables ACL to work for us here).
-      parent = visitor.find_node(nil, attrs.delete('parent_zip'), nil, request)
+      zip = attrs.delete('parent_zip')
+      parent = visitor.find_node(nil, zip, nil, request, true)
+      
       @node = parent.new_child(attrs, false)
-      @node.save
+      if visitor.exec_acl && !(@node.kpath =~ %r{^#{visitor.exec_acl.create_kpath}})
+        # Document creation can change initial klass depending on mime type. Make sure it is still allowed.
+        @node.errors.add('klass', 'Not allowed')
+      else
+        @node.save
+      end
     rescue ActiveRecord::RecordNotFound
       # Let normal processing insert errors
-      @node = secure!(Node) { Node.create_node(attrs) }
+      @node = Node.new
+      @node.errors.add('base', 'Not allowed')
     end
     @node.errors.add('file', file_error) if file_error
 
@@ -388,6 +409,12 @@ class NodesController < ApplicationController
   end
 
   def update
+    @node = visitor.find_node(nil, params[:id], nil, request, true)
+
+    if params[:link_id]
+      @link = Link.find_through(@node, params[:link_id])
+    end
+    
     params['node'] ||= {}
     file, file_error = get_attachment
     params['node']['file'] = file if file
@@ -612,7 +639,6 @@ class NodesController < ApplicationController
           else
             set_format(stamp_and_format)
           end
-
           # We use the visitor to find the node in order to ease implementation
           # of custom access rules (Acl).
           @node = visitor.find_node(path, zip, name, request)

data/app/controllers/sites_controller.rb

@@ -1,6 +1,7 @@
+# TODO: Cleanup sites_controller now that we only support visitors for a single site !!
 class SitesController < ApplicationController
   before_filter :remove_methods, :only => [:new, :create, :destroy]
-  before_filter :find_site, :except => [:index, :create, :new]
+  before_filter :find_site, :except => [:index, :create, :new, :clear_cache]
   before_filter :visitor_node
   before_filter :check_is_admin
   layout :admin_layout
@@ -51,6 +52,12 @@ class SitesController < ApplicationController
       end
     end
   end
+  
+  def clear_cache
+    @site = secure!(Site) { Site.first }
+    @site.clear_cache
+    redirect_to '/'
+  end
 
   def action
     if Site::ACTIONS.include?(params[:do])

data/app/controllers/user_sessions_controller.rb

@@ -3,7 +3,7 @@
 Create, destroy sessions by letting users login and logout. When the user does not login, he/she is considered to be the anonymous user.
 =end
 class UserSessionsController < ApplicationController
-  skip_before_filter :set_after_login, :force_authentication?, :redirect_to_https
+  skip_before_filter :force_authentication?, :redirect_to_https
   before_filter :session_redirect_to_https
 
   # /login
@@ -28,15 +28,25 @@ class UserSessionsController < ApplicationController
     end
   end
 
+  # Logout
   def destroy
     port = request.port == 80 ? '' : ":#{request.port}"
     if @user_session = UserSession.find
       @user_session.destroy
       reset_session
+      if current_site.ssl_on_auth
+        # SSH only when authenticated
+        host = current_site.host
+        http = 'http'
+      else
+        # Keep current host and port settings
+        host = host_with_port
+        http = host =~ /:/ ? 'https' : 'http'
+      end
       #flash.now[:notice] = _("Successfully logged out.")
-      redirect_to "http://#{current_site.host}#{params[:redirect] || home_path(:prefix => prefix)}"
+      redirect_to "#{http}://#{host}#{params[:redirect] || home_path(:prefix => prefix)}"
     else
-      redirect_to "http://#{current_site.host}#{home_path(:prefix => prefix)}"
+      redirect_to "http://#{host}#{home_path(:prefix => prefix)}"
     end
   end
 

data/app/models/acl.rb

@@ -49,6 +49,18 @@ class Acl < ActiveRecord::Base
   def visitor
     super
   end
+  
+  def create_vclass_name
+    if create_kpath
+      if klass = VirtualClass.find_by_kpath(create_kpath)
+        klass.name
+      else
+        create_kpath
+      end
+    else
+      'Node'
+    end
+  end
 
   protected
     def set_defaults
@@ -66,6 +78,10 @@ class Acl < ActiveRecord::Base
 
     def validate_acl
       make_query(visitor.prototype)
+      self[:create_kpath] = 'N' if self[:create_kpath].blank?
+      unless VirtualClass.find_by_kpath(create_kpath)
+        errors.add(:create_kpath, 'invalid (could not find class)')
+      end
     end
 
     def make_query(node, params = {}, request = nil)

data/app/models/document.rb

@@ -63,29 +63,34 @@ class Document < Node
     def new(attrs = {}, vclass = nil)
       attrs = attrs.stringify_keys
       file  = attrs['file'] || ((attrs['version_attributes'] || {})['content_attributes'] || {})['file']
-      if attrs['content_type']
-        content_type = attrs['content_type']
-      elsif file && file.respond_to?(:content_type)
-        content_type = file.content_type
-      elsif ct = attrs['content_type']
+      
+      if ct = attrs['content_type']
         content_type = ct
+      elsif file && file.respond_to?(:content_type) && file.content_type != 'application/octet-stream'
+        content_type = file.content_type
       elsif attrs['title'] =~ /^.*\.(\w+)$/ && types = Zena::EXT_TO_TYPE[$1.downcase]
         content_type = types[0]
+      elsif file
+        content_type = 'application/octet-stream'
+      elsif attrs['target_klass'] || self <= Template
+        content_type = 'text/zafu'
+      else
+        content_type = 'text/plain'
       end
 
-      real_class = document_class_from_content_type(content_type)
+      klass = document_class_from_content_type(content_type)
+      real_class = klass.real_class
 
-      unless vclass && vclass.kpath =~ /\A#{real_class.kpath}/
-        # vclass is not compatible (force kpath)
-        vclass = VirtualClass[real_class.to_s]
+      if vclass && vclass.kpath =~ /\A#{real_class.kpath}/ && vclass.content_type_re =~ content_type
+        klass = vclass
       end
 
       attrs['content_type'] = content_type
 
       if real_class != self
-        secure(real_class) { real_class.o_new(attrs, vclass) }
+        secure(real_class) { real_class.o_new(attrs, klass) }
       else
-        super(attrs, vclass)
+        super(attrs, klass)
       end
     end
 
@@ -99,7 +104,7 @@ class Document < Node
 
     # Return document class and content_type from content_type
     def document_class_from_content_type(content_type)
-      if content_type
+      base = if content_type
         if Image.accept_content_type?(content_type)
           Image
         elsif Template.accept_content_type?(content_type)
@@ -115,6 +120,18 @@ class Document < Node
       else
         self
       end
+      
+      # Try to find a virtual sub-class accepting the content type
+      vclass = nil
+      VirtualClass[base.to_s].sub_classes.each do |v|
+        next if v.real_class?
+        
+        if content_type =~ v.content_type_re
+          vclass = v
+          break
+        end
+      end
+      vclass || VirtualClass[base.to_s]
     end
 
     # Return true if the content_type can change independantly from the file
@@ -156,7 +173,7 @@ class Document < Node
   def filepath(format=nil)
     version.attachment.filepath(format)
   end
-
+  
   protected
     def set_defaults
       set_defaults_from_file
@@ -200,8 +217,10 @@ class Document < Node
       end
 
       klass = Document.document_class_from_content_type(content_type)
+      
+      real_class = klass.real_class
 
-      if klass != self.class
+      if real_class != self.class
         if @new_file
           errors.add('file', 'incompatible with this class')
         else

data/app/models/idx_nodes_integer.rb

@@ -0,0 +1,5 @@
+
+# This is a dummy class that is only loaded during testing (to load fixtures and
+# to count/find index entries).
+class IdxNodesInteger < ActiveRecord::Base
+end

data/app/models/image.rb

@@ -82,8 +82,10 @@ class Image < Document
 
   # Return the width in pixels for an image at the given format.
   def width(format=nil)
-    if format.nil? || format.size == :keep
+    if format.nil? || format[:size] == :keep
       prop['width']
+    elsif format[:size] == :force
+      format[:width]
     else
       if img = image_with_format(format)
         img.width
@@ -95,8 +97,10 @@ class Image < Document
 
   # Return the height in pixels for an image at the given format.
   def height(format=nil)
-    if format.nil? || format.size == :keep
+    if format.nil? || format[:size] == :keep
       prop['height']
+    elsif format[:size] == :force
+      format[:height]
     else
       if img = image_with_format(format)
         img.height
@@ -147,7 +151,7 @@ class Image < Document
 
   # Return a file with the data for the given format. It is the receiver's responsability to close the file.
   def file(format=nil)
-    if format.nil? || format.size == :keep
+    if format.nil? || format[:size] == :keep
       super()
     else
       if File.exist?(self.filepath(format)) || make_image(format)
@@ -199,6 +203,14 @@ class Image < Document
     fname = "#{filename}.#{Zena::TYPE_TO_EXT[ctype][0]}"
     uploaded_file(file, filename, ctype)
   end
+  
+  # This is called if the image's width and/or height is nil and image builder could
+  # compute the size.
+  def fix_sizes(w, h)
+    prop['width']  = w
+    prop['height'] = h
+    Zena::Db.set_attribute(version, 'properties', encode_properties(@properties))
+  end
 
   private
 
@@ -234,7 +246,7 @@ class Image < Document
         format   ||= Iformat['full']
         @formats ||= {}
         @formats[format[:name]] ||= Zena::Use::ImageBuilder.new(:path => filepath,
-                :width => prop['width'], :height => prop['height']).transform!(format)
+                :width => prop['width'], :height => prop['height'], :node => self).transform!(format)
       else
         raise StandardError, "No image to work on"
       end

data/app/models/node.rb

@@ -619,7 +619,9 @@ class Node < ActiveRecord::Base
     def new_node(new_attributes, transform = true)
       attributes = transform ? transform_attributes(new_attributes) : new_attributes
 
-      klass_name = attributes.delete('class') || attributes.delete('klass') || 'Page'
+      klass_name = attributes.delete('class') || attributes.delete('klass')
+      klass_name ||= attributes['file'] ? 'Document' : 'Page'
+      
       if klass_name.kind_of?(VirtualClass) || klass_name.kind_of?(Class)
         klass = klass_name
       else
@@ -633,6 +635,10 @@ class Node < ActiveRecord::Base
           return node
         end
       end
+      
+      if attributes['file'] && !(klass.kpath =~ %r{^ND})
+        klass = VirtualClass['Document']
+      end
 
       if klass.kind_of?(VirtualClass)
         node = secure(klass.real_class) { klass.new_instance(attributes) }
@@ -766,6 +772,7 @@ class Node < ActiveRecord::Base
                   if ['html','xhtml'].include?(attrs['ext']) && attrs['title'] == 'index'
                     attrs['ext']   = 'zafu'
                     attrs['title'] = 'Node'
+                    attrs['content_type'] = 'text/zafu'
                     insert_zafu_headings = true
                   elsif attrs['ext'] == 'yml' && attrs['title'] == '_roles'
                     # import roles
@@ -908,7 +915,7 @@ class Node < ActiveRecord::Base
       end
 
       if !res['parent_id'] && p = attributes['parent_id']
-        res['parent_zip'] = p
+        res['parent_zip'] = p unless p.blank?
       end
 
       attributes.each do |key, value|
@@ -942,7 +949,7 @@ class Node < ActiveRecord::Base
         elsif key =~ /^(\w+)_id$/
           res["#{$1}_zip"] = value
         elsif key =~ /^(\w+)_ids$/
-          res["#{$1}_zips"] = value.kind_of?(Array) ? value : value.split(',')
+          res["#{$1}_zips"] = value.kind_of?(Array) ? value : value.split(',').map(&:strip)
         elsif key == 'v_status' || key == 'file'
           res[key] = value unless value.blank?
         elsif value.kind_of?(Hash)
@@ -1684,6 +1691,10 @@ class Node < ActiveRecord::Base
           errors.add('klass', 'invalid') if !self.class.allowed_change_to_classes.include?(@new_klass)
         end
       end
+      
+      if vclass.create_group_id
+        errors.add('klass', 'unauthorized') if !visitor.group_ids.include?(vclass.create_group_id)
+      end
     end
 
     # Called before destroy. An node must be empty to be destroyed
@@ -1811,8 +1822,10 @@ class Node < ActiveRecord::Base
     def change_klass
       if @new_klass
         if !can_drive? || !self[:parent_id]
+          # not allowed
           return
         elsif !self.class.allowed_change_to_classes.include?(@new_klass)
+          # invalid class (unknown or visitor does have access)
           return
         end
       end