From 23d8a6f5548b4266e9ffb6601799b9d70110c2bc Mon Sep 17 00:00:00 2001 From: bruno bornsztein Date: Thu, 19 Feb 2015 11:51:59 -0600 Subject: [PATCH] moving some assets around, fiing tag extensions --- app/assets/javascripts/active_admin.js.coffee | 14 ++ .../assets/javascripts/jcrop/jquery.Jcrop.js | 0 .../assets/javascripts/jcrop/jquery.color.js | 0 .../assets/javascripts/tag-it/tag-it.js | 0 app/assets/stylesheets/active_admin.css.scss | 4 + .../assets/stylesheets/jcrop/Jcrop.gif | Bin .../stylesheets/jcrop/jquery.Jcrop.min.css | 0 .../assets/stylesheets/tag-it/tag-it.css | 0 .../stylesheets/tag-it/tagit.ui-zendesk.css | 0 app/controllers/base_controller.rb | 2 +- app/controllers/sb_posts_controller.rb | 11 +- app/controllers/topics_controller.rb | 17 ++- app/models/acts_as_taggable_on/tag.rb | 119 +++++++++-------- app/policies/active_admin/page_policy.rb | 11 ++ app/policies/application_policy.rb | 59 +++++++++ app/policies/sb_post_policy.rb | 15 +++ app/policies/topic_policy.rb | 23 ++++ app/views/posts/show.html.haml | 4 + app/views/sb_posts/_sb_post.html.haml | 13 +- app/views/topics/show.html.haml | 2 +- community_engine.gemspec | 3 +- config/initializers/active_admin.rb | 6 +- config/initializers/tag_extensions.rb | 67 ++++++++++ lib/community_engine.rb | 1 + lib/community_engine/admin/categories.rb | 17 +++ lib/community_engine/admin/posts.rb | 58 +++++++-- lib/community_engine/admin/tags.rb | 10 ++ lib/community_engine/authenticated_system.rb | 19 +-- lib/community_engine/version.rb | 2 +- .../acts_as_publishable/README | 3 - .../acts_as_publishable/Rakefile | 22 ---- .../publishing/publishing_generator.rb | 34 ----- .../publishing/templates/migration.rb | 13 -- .../acts_as_publishable/install.rb | 3 - .../test/acts_as_publishable_test.rb | 8 -- .../acts_as_publishable/uninstall.rb | 1 - .../resource_feeder/README | 4 - .../resource_feeder/Rakefile | 22 ---- .../resource_feeder/test/atom_feed_test.rb | 85 ------------- .../resource_feeder/test/rss_feed_test.rb | 61 --------- .../resource_feeder/test/test_helper.rb | 60 --------- .../white_list/README | 35 ----- .../white_list/Rakefile | 22 ---- .../white_list/test/white_list_test.rb | 120 ------------------ 44 files changed, 359 insertions(+), 611 deletions(-) rename {vendor => app}/assets/javascripts/jcrop/jquery.Jcrop.js (100%) rename {vendor => app}/assets/javascripts/jcrop/jquery.color.js (100%) rename {vendor => app}/assets/javascripts/tag-it/tag-it.js (100%) rename {vendor => app}/assets/stylesheets/jcrop/Jcrop.gif (100%) rename {vendor => app}/assets/stylesheets/jcrop/jquery.Jcrop.min.css (100%) rename {vendor => app}/assets/stylesheets/tag-it/tag-it.css (100%) rename {vendor => app}/assets/stylesheets/tag-it/tagit.ui-zendesk.css (100%) create mode 100644 app/policies/active_admin/page_policy.rb create mode 100644 app/policies/application_policy.rb create mode 100644 app/policies/sb_post_policy.rb create mode 100644 app/policies/topic_policy.rb create mode 100644 config/initializers/tag_extensions.rb delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/README delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/Rakefile delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/generators/publishing/publishing_generator.rb delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/generators/publishing/templates/migration.rb delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/install.rb delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/test/acts_as_publishable_test.rb delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/uninstall.rb delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/README delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/Rakefile delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/atom_feed_test.rb delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/rss_feed_test.rb delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/test_helper.rb delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/white_list/README delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/white_list/Rakefile delete mode 100755 vendor/converted2.3plugins_to_lib_leftovers/white_list/test/white_list_test.rb diff --git a/app/assets/javascripts/active_admin.js.coffee b/app/assets/javascripts/active_admin.js.coffee index cbd5ffde..23286fe2 100644 --- a/app/assets/javascripts/active_admin.js.coffee +++ b/app/assets/javascripts/active_admin.js.coffee @@ -2,4 +2,18 @@ #= require jquery.turbolinks #= require turbolinks #= require ckeditor/init +#= require tag-it/tag-it #= require_directory ./ckeditor/rte + +$(document).on 'page:receive', -> + $('input#tags').each -> + $.ajax + type: 'get' + url: $(this).data('auto_complete_url') + success: (data) -> + $(this).tagit + availableTags: data + allowSpaces: true + tagLimit: '20' + stopWritingOnTagLimit: true + return diff --git a/vendor/assets/javascripts/jcrop/jquery.Jcrop.js b/app/assets/javascripts/jcrop/jquery.Jcrop.js similarity index 100% rename from vendor/assets/javascripts/jcrop/jquery.Jcrop.js rename to app/assets/javascripts/jcrop/jquery.Jcrop.js diff --git a/vendor/assets/javascripts/jcrop/jquery.color.js b/app/assets/javascripts/jcrop/jquery.color.js similarity index 100% rename from vendor/assets/javascripts/jcrop/jquery.color.js rename to app/assets/javascripts/jcrop/jquery.color.js diff --git a/vendor/assets/javascripts/tag-it/tag-it.js b/app/assets/javascripts/tag-it/tag-it.js similarity index 100% rename from vendor/assets/javascripts/tag-it/tag-it.js rename to app/assets/javascripts/tag-it/tag-it.js diff --git a/app/assets/stylesheets/active_admin.css.scss b/app/assets/stylesheets/active_admin.css.scss index 7576b891..6623f149 100644 --- a/app/assets/stylesheets/active_admin.css.scss +++ b/app/assets/stylesheets/active_admin.css.scss @@ -1,3 +1,5 @@ + + // SASS variable overrides must be declared before loading up Active Admin's styles. // // To view the variables that Active Admin provides, take a look at @@ -10,6 +12,8 @@ // Active Admin's got SASS! @import "active_admin/mixins"; @import "active_admin/base"; +@import 'tag-it/tag-it'; +@import 'tag-it/tagit.ui-zendesk'; // Overriding any non-variable SASS must be done after the fact. // For example, to change the default status-tag color: diff --git a/vendor/assets/stylesheets/jcrop/Jcrop.gif b/app/assets/stylesheets/jcrop/Jcrop.gif similarity index 100% rename from vendor/assets/stylesheets/jcrop/Jcrop.gif rename to app/assets/stylesheets/jcrop/Jcrop.gif diff --git a/vendor/assets/stylesheets/jcrop/jquery.Jcrop.min.css b/app/assets/stylesheets/jcrop/jquery.Jcrop.min.css similarity index 100% rename from vendor/assets/stylesheets/jcrop/jquery.Jcrop.min.css rename to app/assets/stylesheets/jcrop/jquery.Jcrop.min.css diff --git a/vendor/assets/stylesheets/tag-it/tag-it.css b/app/assets/stylesheets/tag-it/tag-it.css similarity index 100% rename from vendor/assets/stylesheets/tag-it/tag-it.css rename to app/assets/stylesheets/tag-it/tag-it.css diff --git a/vendor/assets/stylesheets/tag-it/tagit.ui-zendesk.css b/app/assets/stylesheets/tag-it/tagit.ui-zendesk.css similarity index 100% rename from vendor/assets/stylesheets/tag-it/tagit.ui-zendesk.css rename to app/assets/stylesheets/tag-it/tagit.ui-zendesk.css diff --git a/app/controllers/base_controller.rb b/app/controllers/base_controller.rb index 01d67132..421bb2a8 100755 --- a/app/controllers/base_controller.rb +++ b/app/controllers/base_controller.rb @@ -3,8 +3,8 @@ require 'pp' class BaseController < ApplicationController - include AuthenticatedSystem + include Pundit include LocalizedApplication include BaseHelper diff --git a/app/controllers/sb_posts_controller.rb b/app/controllers/sb_posts_controller.rb index bc02e968..4e0366b3 100755 --- a/app/controllers/sb_posts_controller.rb +++ b/app/controllers/sb_posts_controller.rb @@ -124,16 +124,11 @@ def destroy end protected - #overide in your app - def authorized? - %w(create new).include?(action_name) || @post.editable_by?(current_user) - end - def find_post @post = SbPost.find_by_id_and_topic_id_and_forum_id(params[:id].to_i, params[:topic_id].to_i, params[:forum_id].to_i) || raise(ActiveRecord::RecordNotFound) end - def sb_post_params - params[:sb_post].permit(:body, :author_email, :author_ip, :author_name, :author_url) - end + def sb_post_params + params[:sb_post].permit(:body, :author_email, :author_ip, :author_name, :author_url) + end end diff --git a/app/controllers/topics_controller.rb b/app/controllers/topics_controller.rb index 23328b4a..e2bc1ba1 100755 --- a/app/controllers/topics_controller.rb +++ b/app/controllers/topics_controller.rb @@ -1,6 +1,8 @@ class TopicsController < BaseController before_action :find_forum_and_topic, :except => :index before_action :login_required, :except => [:index, :show] + after_action :verify_authorized, :except => [:index, :show] + def index @forum = Forum.find(params[:forum_id]) @@ -16,6 +18,7 @@ def index def new @topic = Topic.new @topic.sb_posts.build + authorize @topic end def show @@ -45,6 +48,8 @@ def show def create @topic = @forum.topics.new(topic_params) + authorize @topic + assign_protected @post = @topic.sb_posts.first @@ -72,8 +77,14 @@ def create end end + def edit + authorize @topic + end + def update assign_protected + + authorize @topic @topic.tag_list = params[:tag_list] || '' @topic.update_attributes!(topic_params) respond_to do |format| @@ -83,6 +94,8 @@ def update end def destroy + authorize @topic + @topic.destroy flash[:notice] = :topic_deleted.l_with_args(:topic => CGI::escapeHTML(@topic.title)) respond_to do |format| @@ -110,10 +123,6 @@ def find_forum_and_topic @topic = @forum.topics.find(params[:id]) if params[:id] end - #overide in your app - def authorized? - %w(new create).include?(action_name) || @topic.editable_by?(current_user) - end def topic_params params[:topic].permit(:tag_list, :title, :sticky, :locked, {:sb_posts_attributes => [:body]}, :forum_id) diff --git a/app/models/acts_as_taggable_on/tag.rb b/app/models/acts_as_taggable_on/tag.rb index cdc048ce..bd54b6fb 100644 --- a/app/models/acts_as_taggable_on/tag.rb +++ b/app/models/acts_as_taggable_on/tag.rb @@ -1,72 +1,67 @@ -#require_dependency ActsAsTaggableOn::Engine.config.root.join('app', 'models', 'acts_as_taggable_on', 'tag.rb').to_s +# require_dependency ActsAsTaggableOn::Engine.config.root.join('lib', 'acts_as_taggable_on', 'tag.rb').to_s -class ActsAsTaggableOn::Tag < ActiveRecord::Base +# ActsAsTaggableOn::Tag.instance_eval do +# def popular(limit = 20, type = nil) +# tags = ActsAsTaggableOn::Tag.counts(:at_least => 0).limit(limit).order('count DESC') +# tags = tags.where("taggings.taggable_type = ?", type.capitalize) if type +# tags +# end - class << self - def popular(limit = 20, type = nil) - tags = ActsAsTaggableOn::Tag.counts(:at_least => 0).limit(limit).order('count DESC') - tags = tags.where("taggings.taggable_type = ?", type.capitalize) if type - tags - end +# def default_per_page +# 25 +# end - def default_per_page - 25 - end +# # Calculate the tag counts for all tags. +# # +# # - +:start_at+ - restrict the tags to those created after a certain time +# # - +:end_at+ - restrict the tags to those created before a certain time +# # - +:at_least+ - exclude tags with a frequency less than the given value +# # - +:at_most+ - exclude tags with a frequency greater than the given value +# # +# # Deprecated: +# # +# # - +:conditions+ +# # - +:limit+ +# # - +:order+ +# # +# def counts(options = {}) +# options.assert_valid_keys :start_at, :end_at, :at_least, :at_most, :conditions, :limit, :order, :joins - # Calculate the tag counts for all tags. - # - # - +:start_at+ - restrict the tags to those created after a certain time - # - +:end_at+ - restrict the tags to those created before a certain time - # - +:at_least+ - exclude tags with a frequency less than the given value - # - +:at_most+ - exclude tags with a frequency greater than the given value - # - # Deprecated: - # - # - +:conditions+ - # - +:limit+ - # - +:order+ - # - def counts(options = {}) - options.assert_valid_keys :start_at, :end_at, :at_least, :at_most, :conditions, :limit, :order, :joins +# tags = select("#{quoted_table_name}.id", "#{quoted_table_name}.name", "COUNT(#{quoted_table_name}.id) AS count") +# tags = tags.joins(:taggings) +# tags = tags.having(["COUNT(#{ActsAsTaggableOn::Tagging.quoted_table_name}.id) >= ?", options[:at_least]]) if options[:at_least] +# tags = tags.having(["COUNT(#{ActsAsTaggableOn::Tagging.quoted_table_name}.id) <= ?", options[:at_most]]) if options[:at_most] +# tags = tags.where("#{ActsAsTaggableOn::Tagging.quoted_table_name}.created_at >= ?", options[:start_at]) if options[:start_at] +# tags = tags.where("#{ActsAsTaggableOn::Tagging.quoted_table_name}.created_at <= ?", options[:end_at]) if options[:end_at] +# tags = tags.where(options[:conditions]) if options[:conditions] +# tags = tags.limit(options[:limit]) if options[:limit] +# tags = tags.order(options[:order]) if options[:order] - tags = select("#{quoted_table_name}.id", "#{quoted_table_name}.name", "COUNT(#{quoted_table_name}.id) AS count") - tags = tags.joins(:taggings) - tags = tags.having(["COUNT(#{ActsAsTaggableOn::Tagging.quoted_table_name}.id) >= ?", options[:at_least]]) if options[:at_least] - tags = tags.having(["COUNT(#{ActsAsTaggableOn::Tagging.quoted_table_name}.id) <= ?", options[:at_most]]) if options[:at_most] - tags = tags.where("#{ActsAsTaggableOn::Tagging.quoted_table_name}.created_at >= ?", options[:start_at]) if options[:start_at] - tags = tags.where("#{ActsAsTaggableOn::Tagging.quoted_table_name}.created_at <= ?", options[:end_at]) if options[:end_at] - tags = tags.where(options[:conditions]) if options[:conditions] - tags = tags.limit(options[:limit]) if options[:limit] - tags = tags.order(options[:order]) if options[:order] +# if joins = options.delete(:joins) +# tags = tags.joins(joins) +# end - if joins = options.delete(:joins) - tags = tags.joins(joins) - end +# tags.group("#{quoted_table_name}.id, #{quoted_table_name}.name") +# end +# end - tags.group("#{quoted_table_name}.id, #{quoted_table_name}.name") - end +# ActsAsTaggableOn::Tag.class_eval do +# def to_param +# URI.escape(URI.escape(self.name), /[\/.?#]/) +# end +# def related_tags(limit = 10) +# taggables = self.taggings.limit(10).to_a.collect{|t| t.taggable }.compact - end - - def to_param - URI.escape(URI.escape(self.name), /[\/.?#]/) - end - - def related_tags(limit = 10) - taggables = self.taggings.limit(10).to_a.collect{|t| t.taggable }.compact - - tagging_ids = taggables.map{|t| t.taggings.limit(10).map(&:id) }.flatten.uniq - return [] if tagging_ids.blank? - - ActsAsTaggableOn::Tag.where("tags.id != '#{self.id}'") - .select("tags.id, tags.name, COUNT(tags.id) as count") - .joins(:taggings) - .where({:taggings => {:id => tagging_ids }}) - .group("tags.id, tags.name") - .order("count DESC") - .limit(limit) - end - -end +# tagging_ids = taggables.map{|t| t.taggings.limit(10).map(&:id) }.flatten.uniq +# return [] if tagging_ids.blank? +# ActsAsTaggableOn::Tag.where("tags.id != '#{self.id}'") +# .select("tags.id, tags.name, COUNT(tags.id) as count") +# .joins(:taggings) +# .where({:taggings => {:id => tagging_ids }}) +# .group("tags.id, tags.name") +# .order("count DESC") +# .limit(limit) +# end +# end diff --git a/app/policies/active_admin/page_policy.rb b/app/policies/active_admin/page_policy.rb new file mode 100644 index 00000000..592a8462 --- /dev/null +++ b/app/policies/active_admin/page_policy.rb @@ -0,0 +1,11 @@ +class ActiveAdmin::PagePolicy < ApplicationPolicy + + def dashboard? + true + end + + def index? + true + end + +end diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb new file mode 100644 index 00000000..a3a75ed6 --- /dev/null +++ b/app/policies/application_policy.rb @@ -0,0 +1,59 @@ +class ApplicationPolicy + attr_reader :user, :record + + def initialize(user, record) + @user = user + @record = record + end + + def show? + true + end + + def index? + true + end + + def new? + create? + end + + def create? + true + end + + def edit? + update? + end + + def update? + user.admin? || record.respond_to(:user) && record.user.eql?(user) + end + + def destroy? + update? + end + + def destroy_all? + user.admin? + end + + def scope + Pundit.policy_scope!(user, record.class) + end + + class Scope + attr_reader :user, :scope + + def initialize(user, scope) + @user = user + @scope = scope + end + + def resolve + scope + end + end + +end + diff --git a/app/policies/sb_post_policy.rb b/app/policies/sb_post_policy.rb new file mode 100644 index 00000000..096e5d52 --- /dev/null +++ b/app/policies/sb_post_policy.rb @@ -0,0 +1,15 @@ +class SbPostPolicy < ApplicationPolicy + + def edit? + update? + end + + def destroy? + update? + end + + def update? + record.editable_by?(user) + end + +end diff --git a/app/policies/topic_policy.rb b/app/policies/topic_policy.rb new file mode 100644 index 00000000..4cac0b08 --- /dev/null +++ b/app/policies/topic_policy.rb @@ -0,0 +1,23 @@ +class TopicPolicy < ApplicationPolicy + + def new? + create? + end + + def create? + true + end + + def edit? + update? + end + + def destroy? + update? + end + + def update? + record.editable_by?(user) + end + +end diff --git a/app/views/posts/show.html.haml b/app/views/posts/show.html.haml index e2c941b6..9c63bdfb 100644 --- a/app/views/posts/show.html.haml +++ b/app/views/posts/show.html.haml @@ -73,6 +73,10 @@ -content_for :end_javascript do :javascript + $.ajax({ + type: "PUT", + url: "#{update_views_user_post_path(@post.user, @post)}", + }); $('.email').on('click', function(e){ e.preventDefault(); $.post("#{send_to_friend_user_post_path(:user_id => @user.id, :id => @post.id)}", function(response){ diff --git a/app/views/sb_posts/_sb_post.html.haml b/app/views/sb_posts/_sb_post.html.haml index 4c053704..45c9932f 100644 --- a/app/views/sb_posts/_sb_post.html.haml +++ b/app/views/sb_posts/_sb_post.html.haml @@ -1,5 +1,5 @@ %tr - + %td{:id=>"post-body-#{post.id}"} .editable - if logged_in? @@ -10,23 +10,24 @@ %td.col-sm-3{:style => 'border-left:0'} %ul.list-unstyled -if post.user - %li= link_to avatar_for(post.user), post.user + %li= link_to avatar_for(post.user), post.user %li= link_to truncate(h(post.username), :length => 15), user_path(post.user), :class => (post.topic.editable_by?(post.user) ? "admin" : nil) %li = :post.l.pluralize %span.badge.badge-info =post.user.sb_posts_count -else - %li= image_tag(configatron.photo.missing_thumb, :class => 'thumbnail') + %li= image_tag(configatron.photo.missing_thumb, :class => 'thumbnail') %li= truncate(h(post.username), :length => 15) %li %a{"href"=>"##{post.dom_id}", "rel"=>"bookmark"} %abbr.updated{"title"=>"#{post.created_at.xmlschema}"}= time_ago_in_words(post.created_at) - - - if logged_in? && post.editable_by?(current_user) + + - if policy(post).update? %li - = ajax_spinner_for "edit-post-#{post.id}" + = ajax_spinner_for "edit-post-#{post.id}" = link_to :edit_post.l, edit_forum_topic_sb_post_path(@forum, @topic, post), :class => 'edit-via-ajax', :id => "edit-post-#{post.id}" + - if admin? && post.user && !post.user.admin? %li{"class"=>"make-moderator-#{post.user_id}"} = render :partial => '/moderators/toggle', :locals => {:user => post.user, :forum => @forum} diff --git a/app/views/topics/show.html.haml b/app/views/topics/show.html.haml index dd274bd6..b7a57c4b 100644 --- a/app/views/topics/show.html.haml +++ b/app/views/topics/show.html.haml @@ -18,7 +18,7 @@ - if @topic.locked? %h2= :locked2.l -- if logged_in? && @topic.editable_by?(current_user) +- if policy(@topic).update? %p = link_to :back.l, @forum, :class => 'btn btn-default' = link_to :edit.l, edit_forum_topic_path(@forum, @topic), :class => "btn btn-warning" diff --git a/community_engine.gemspec b/community_engine.gemspec index 5cd29ee6..b55002ba 100644 --- a/community_engine.gemspec +++ b/community_engine.gemspec @@ -25,11 +25,12 @@ Gem::Specification.new do |s| s.test_files = `git ls-files -- {test}/*`.split("\n") s.add_dependency "activeadmin" + s.add_dependency "pundit", "0.3.0" s.add_dependency "actionpack-action_caching", ">= 0" s.add_dependency "actionpack-page_caching", ">= 0" s.add_dependency "acts_as_commentable", "~> 4.0.2" s.add_dependency "acts_as_list", ">= 0.3.0" - s.add_dependency "acts-as-taggable-on", '~> 2.4.1' + s.add_dependency "acts-as-taggable-on", '>= 3.4.4' s.add_dependency "authlogic", ">= 3.3.0" s.add_dependency "aws-sdk", "< 2.0" s.add_dependency "bcrypt", ">= 0" diff --git a/config/initializers/active_admin.rb b/config/initializers/active_admin.rb index d8cf1553..664fb40d 100644 --- a/config/initializers/active_admin.rb +++ b/config/initializers/active_admin.rb @@ -68,12 +68,12 @@ class BaseController # method in a before filter of all controller actions to # ensure that there is a user with proper rights. You can use # CanCanAdapter or make your own. Please refer to documentation. - # config.authorization_adapter = ActiveAdmin::CanCanAdapter + config.authorization_adapter = ActiveAdmin::PunditAdapter # In case you prefer Pundit over other solutions you can here pass # the name of default policy class. This policy will be used in every # case when Pundit is unable to find suitable policy. - # config.pundit_default_policy = "MyDefaultPunditPolicy" + config.pundit_default_policy = "ApplicationPolicy" # You can customize your CanCan Ability class name here. # config.cancan_ability_class = "Ability" @@ -83,7 +83,7 @@ class BaseController # because, by default, user gets redirected to Dashboard. If user # doesn't have access to Dashboard, he'll end up in a redirect loop. # Method provided here should be defined in application_controller.rb. - # config.on_unauthorized_access = :access_denied + config.on_unauthorized_access = :access_denied # == Current User # diff --git a/config/initializers/tag_extensions.rb b/config/initializers/tag_extensions.rb new file mode 100644 index 00000000..c83ccc2b --- /dev/null +++ b/config/initializers/tag_extensions.rb @@ -0,0 +1,67 @@ +require_dependency ActsAsTaggableOn::Engine.config.root.join('lib', 'acts_as_taggable_on', 'tag.rb').to_s + +ActsAsTaggableOn::Tag.instance_eval do + def popular(limit = 20, type = nil) + tags = ActsAsTaggableOn::Tag.counts(:at_least => 0).limit(limit).order('count DESC') + tags = tags.where("taggings.taggable_type = ?", type.capitalize) if type + tags + end + + def default_per_page + 25 + end + + # Calculate the tag counts for all tags. + # + # - +:start_at+ - restrict the tags to those created after a certain time + # - +:end_at+ - restrict the tags to those created before a certain time + # - +:at_least+ - exclude tags with a frequency less than the given value + # - +:at_most+ - exclude tags with a frequency greater than the given value + # + # Deprecated: + # + # - +:conditions+ + # - +:limit+ + # - +:order+ + # + def counts(options = {}) + options.assert_valid_keys :start_at, :end_at, :at_least, :at_most, :conditions, :limit, :order, :joins + + tags = select("#{quoted_table_name}.id", "#{quoted_table_name}.name", "COUNT(#{quoted_table_name}.id) AS count") + tags = tags.joins(:taggings) + tags = tags.having(["COUNT(#{ActsAsTaggableOn::Tagging.quoted_table_name}.id) >= ?", options[:at_least]]) if options[:at_least] + tags = tags.having(["COUNT(#{ActsAsTaggableOn::Tagging.quoted_table_name}.id) <= ?", options[:at_most]]) if options[:at_most] + tags = tags.where("#{ActsAsTaggableOn::Tagging.quoted_table_name}.created_at >= ?", options[:start_at]) if options[:start_at] + tags = tags.where("#{ActsAsTaggableOn::Tagging.quoted_table_name}.created_at <= ?", options[:end_at]) if options[:end_at] + tags = tags.where(options[:conditions]) if options[:conditions] + tags = tags.limit(options[:limit]) if options[:limit] + tags = tags.order(options[:order]) if options[:order] + + if joins = options.delete(:joins) + tags = tags.joins(joins) + end + + tags.group("#{quoted_table_name}.id, #{quoted_table_name}.name") + end +end + +ActsAsTaggableOn::Tag.class_eval do + def to_param + URI.escape(URI.escape(self.name), /[\/.?#]/) + end + + def related_tags(limit = 10) + taggables = self.taggings.limit(10).to_a.collect{|t| t.taggable }.compact + + tagging_ids = taggables.map{|t| t.taggings.limit(10).map(&:id) }.flatten.uniq + return [] if tagging_ids.blank? + + ActsAsTaggableOn::Tag.where("tags.id != '#{self.id}'") + .select("tags.id, tags.name, COUNT(tags.id) as count") + .joins(:taggings) + .where({:taggings => {:id => tagging_ids }}) + .group("tags.id, tags.name") + .order("count DESC") + .limit(limit) + end +end diff --git a/lib/community_engine.rb b/lib/community_engine.rb index a0e48fe9..0aac4a61 100755 --- a/lib/community_engine.rb +++ b/lib/community_engine.rb @@ -39,6 +39,7 @@ require 'jquery-turbolinks' require 'turbolinks' require 'active_admin' +require 'pundit' # Rails 2.3 Plugins converted to lib require 'activity_tracker' diff --git a/lib/community_engine/admin/categories.rb b/lib/community_engine/admin/categories.rb index 87929d46..7463e4b4 100644 --- a/lib/community_engine/admin/categories.rb +++ b/lib/community_engine/admin/categories.rb @@ -1,3 +1,20 @@ ActiveAdmin.register Category do permit_params :name, :tips, :new_post_text, :nav_text, :slug + + menu :parent => "Taxonomy", :priority => 1 + filter :name + + index do + column :id do |category| + link_to category.id, admin_category_path(category) + end + + column :name + column :tips + column :posts do |category| + category.posts.count + end + default_actions + end + end diff --git a/lib/community_engine/admin/posts.rb b/lib/community_engine/admin/posts.rb index 2645c6d0..5bb9a5e6 100644 --- a/lib/community_engine/admin/posts.rb +++ b/lib/community_engine/admin/posts.rb @@ -1,36 +1,51 @@ ActiveAdmin.register Post do permit_params :title, :raw_post, :published_at, :published_as, :category_id + filter :title filter :user - filter :published_as + filter :published_as, as: :select, collection: [['Published','live'], ['Draft','draft']], include_blank: true filter :published_at filter :created_at - + scope_to do + current_user + end index do selectable_column - column :id - column :user - column :title - column :created_at - column :updated_at + column :id do |post| + link_to post.id, admin_post_path(post) + end + column :published_at - column :published_as + column :published_as do |post| + if post.is_live? && post.published_at <= Time.now + link_to(:published.l, user_post_path(post.user, post)) + elsif post.is_live? && post.published_at > Time.now + "Pending" + elsif !post.is_live? + :draft.l + end + end + + column :title do |post| + link_to post.title, user_post_path(post.user, post) + end + column :tags do |post| + simple_format post.taggings.group_by(&:context).map{|context, array| + "#{context}: " + array.map{|t| t.tag.name }.join(',') + }.join("\n") + end actions end form do |f| tabs do - tab 'Main' do + tab 'Content' do f.semantic_errors *f.object.errors.keys - inputs 'Details' do + inputs 'Title' do input :title - input :published_at, as: :datepicker, label: "Publish Post At" - input :published_as, as: :select, collection: [['Live', 'live'], ['Draft', 'draft']] - li "Created at #{f.object.created_at}" unless f.object.new_record? - input :category end inputs 'Content' do @@ -39,6 +54,21 @@ end tab 'Meta' do + inputs 'Publishing' do + input :published_at, minute_step: 15 + input :published_as, as: :select, collection: [['Live', 'live'], ['Draft', 'draft']] + li "Created at #{f.object.created_at}" unless f.object.new_record? + end + + inputs "Taxonomy" do + input :category + input :tag_list, input_html: {id: 'tags', data: {auto_complete_url: auto_complete_for_tag_name_tags_path}} + end + + inputs 'Commenting' do + input :comments_disabled + input :send_comment_notifications + end end end diff --git a/lib/community_engine/admin/tags.rb b/lib/community_engine/admin/tags.rb index d78bac96..caab74fe 100644 --- a/lib/community_engine/admin/tags.rb +++ b/lib/community_engine/admin/tags.rb @@ -1,6 +1,10 @@ ActiveAdmin.register ActsAsTaggableOn::Tag, as: "Tag" do + menu :parent => "Taxonomy", :priority => 2 permit_params :name + filter :name + + controller do def find_resource ActsAsTaggableOn::Tag.find_by_name(URI::decode(params[:id])) @@ -8,4 +12,10 @@ def find_resource end + index do + column :id + column :name + column :taggings_count + column :featured + end end diff --git a/lib/community_engine/authenticated_system.rb b/lib/community_engine/authenticated_system.rb index 31198fe4..0450552f 100755 --- a/lib/community_engine/authenticated_system.rb +++ b/lib/community_engine/authenticated_system.rb @@ -57,21 +57,6 @@ def current_user_session @current_user_session = UserSession.find end - # Check if the user is authorized. - # - # Override this method in your controllers if you want to restrict access - # to only a few actions or if you want to check if the user - # has the correct rights. - # - # Example: - # - # # only allow nonbobs - # def authorize? - # current_user.login != "bob" - # end - def authorized?(action = nil , subject = nil) - true - end def admin? logged_in? && current_user.admin? end @@ -87,7 +72,7 @@ def moderator? # behavior in case the user is not authorized # to access the requested action. For example, a popup window might # simply close itself. - def access_denied + def access_denied(exception=nil) respond_to do |accepts| accepts.html do store_location @@ -131,7 +116,7 @@ def self.included(base) # skip_before_action :login_required # def login_required - logged_in? && authorized? ? true : access_denied + logged_in? ? true : access_denied end def require_user diff --git a/lib/community_engine/version.rb b/lib/community_engine/version.rb index 4b43e0a0..1e0fcae3 100644 --- a/lib/community_engine/version.rb +++ b/lib/community_engine/version.rb @@ -1,7 +1,7 @@ module CommunityEngine module Version MAJOR = 3 - MINOR = 0 + MINOR = 1 PATCH = 0 BUILD = nil diff --git a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/README b/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/README deleted file mode 100755 index e9f567f2..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/README +++ /dev/null @@ -1,3 +0,0 @@ -ActsAsPublishable -================= - diff --git a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/Rakefile b/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/Rakefile deleted file mode 100755 index a843bd74..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/Rakefile +++ /dev/null @@ -1,22 +0,0 @@ -require 'rake' -require 'rake/testtask' -require 'rake/rdoctask' - -desc 'Default: run unit tests.' -task :default => :test - -desc 'Test the acts_as_publishable plugin.' -Rake::TestTask.new(:test) do |t| - t.libs << 'lib' - t.pattern = 'test/**/*_test.rb' - t.verbose = true -end - -desc 'Generate documentation for the acts_as_publishable plugin.' -Rake::RDocTask.new(:rdoc) do |rdoc| - rdoc.rdoc_dir = 'rdoc' - rdoc.title = 'ActsAsPublishable' - rdoc.options << '--line-numbers' << '--inline-source' - rdoc.rdoc_files.include('README') - rdoc.rdoc_files.include('lib/**/*.rb') -end diff --git a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/generators/publishing/publishing_generator.rb b/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/generators/publishing/publishing_generator.rb deleted file mode 100755 index 8d71a327..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/generators/publishing/publishing_generator.rb +++ /dev/null @@ -1,34 +0,0 @@ -class PublishingGenerator < Rails::Generator::Base - - attr_reader :publishing_class - attr_reader :publishing_table_name - - def initialize(args, options = {}) - klass = args.last - - begin; valid_klass = klass.camelcase.constantize; rescue; end - - if valid_klass - @publishing_table_name = klass.to_s.downcase.pluralize - @publishing_class = klass.to_s.capitalize - else - raise "#{klass} is not a valid class in this application." - end - - super - end - - def manifest - record do |m| - unless options[:skip_migration] - m.migration_template 'migration.rb', 'db/migrate', - :migration_file_name => "add_published_as_to_#{@publishing_table_name}" - end - end - end - - protected - def usage - puts "Usage: #{$0} publishing [ModelName]" - end -end diff --git a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/generators/publishing/templates/migration.rb b/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/generators/publishing/templates/migration.rb deleted file mode 100755 index 24eb924c..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/generators/publishing/templates/migration.rb +++ /dev/null @@ -1,13 +0,0 @@ -class AddPublishedAsTo<%= publishing_class.pluralize %> < ActiveRecord::Migration - - # Add the new tables. - def self.up - add_column :<%= publishing_table_name %>, :published_as, :string, :limit => 16, :default => 'draft' - end - - # Remove the tables. - def self.down - remove_column :<%= publishing_table_name %>, :published_as - end - -end diff --git a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/install.rb b/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/install.rb deleted file mode 100755 index 4566278d..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/install.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'fileutils' - - diff --git a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/test/acts_as_publishable_test.rb b/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/test/acts_as_publishable_test.rb deleted file mode 100755 index 789f4a34..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/test/acts_as_publishable_test.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'test/unit' - -class ActsAsPublishableTest < Test::Unit::TestCase - # Replace this with your real tests. - def test_this_plugin - flunk - end -end diff --git a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/uninstall.rb b/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/uninstall.rb deleted file mode 100755 index 97383334..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/acts_as_publishable/uninstall.rb +++ /dev/null @@ -1 +0,0 @@ -# Uninstall hook code here diff --git a/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/README b/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/README deleted file mode 100755 index 0d1ad936..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/README +++ /dev/null @@ -1,4 +0,0 @@ -ResourceFeeder -============== - -Simple feeds for resources \ No newline at end of file diff --git a/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/Rakefile b/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/Rakefile deleted file mode 100755 index 51fce7b3..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/Rakefile +++ /dev/null @@ -1,22 +0,0 @@ -require 'rake' -require 'rake/testtask' -require 'rake/rdoctask' - -desc 'Default: run unit tests.' -task :default => :test - -desc 'Test the resource_feed plugin.' -Rake::TestTask.new(:test) do |t| - t.libs << 'lib' - t.pattern = 'test/**/*_test.rb' - t.verbose = true -end - -desc 'Generate documentation for the resource_feed plugin.' -Rake::RDocTask.new(:rdoc) do |rdoc| - rdoc.rdoc_dir = 'rdoc' - rdoc.title = 'ResourceFeed' - rdoc.options << '--line-numbers' << '--inline-source' - rdoc.rdoc_files.include('README') - rdoc.rdoc_files.include('lib/**/*.rb') -end diff --git a/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/atom_feed_test.rb b/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/atom_feed_test.rb deleted file mode 100755 index 3112da47..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/atom_feed_test.rb +++ /dev/null @@ -1,85 +0,0 @@ -require File.dirname(__FILE__) + '/test_helper' -class AtomFeedTest < Test::Unit::TestCase - attr_reader :request - - def setup - @request = OpenStruct.new - @request.host_with_port = 'example.com' - @records = Array.new(5).fill(Post.new) - @records.each &:save - end - - def test_default_atom_feed - atom_feed_for @records - - assert_select 'feed' do - assert_select '>title', 'Posts' - assert_select '>id', "tag:#{request.host_with_port}:Posts" - assert_select '>link' do - assert_select "[rel='alternate']" - assert_select "[type='text/html']" - assert_select "[href='http://example.com/posts']" - end - assert_select 'entry', 5 do - assert_select 'title', :text => 'feed title (title)' - assert_select "content[type='html']", '<p>feed description (description)</p>' - assert_select 'id', "tag:#{request.host_with_port},#{@records.first.created_at.xmlschema}:#{'http://example.com/posts/1'}" - assert_select 'published', @records.first.created_at.xmlschema - assert_select 'updated', @records.first.created_at.xmlschema - assert_select 'link' do - assert_select "[rel='alternate']" - assert_select "[type='text/html']" - assert_select "[href='http://example.com/posts/1']" - end - end - end - end - - def test_should_allow_custom_feed_options - atom_feed_for @records, :feed => { :title => 'Custom Posts', :link => '/posts', :description => 'stuff', :self => '/posts.atom' } - - assert_select 'feed>title', 'Custom Posts' - assert_select "feed>link[href='/posts']" - assert_select 'feed>subtitle', 'stuff' - assert_select 'feed>link' do - assert_select "[rel='self']" - assert_select "[type='application/atom+xml']" - assert_select "[href='/posts.atom']" - end - end - - def test_should_allow_custom_item_attributes - atom_feed_for @records, :item => { :title => :name, :description => :body, :pub_date => :create_date, :link => :id } - - assert_select 'entry', 5 do - assert_select 'title', :text => 'feed title (name)' - assert_select "content[type='html']", '<p>feed description (body)</p>' - assert_select 'published', (@records.first.created_at - 5.minutes).xmlschema - assert_select 'updated', (@records.first.created_at - 5.minutes).xmlschema - assert_select 'id', "tag:#{request.host_with_port},#{(@records.first.created_at - 5.minutes).xmlschema}:1" - assert_select 'link' do - assert_select "[rel='alternate']" - assert_select "[type='text/html']" - assert_select "[href='1']" - end - end - end - - def test_should_allow_custom_item_attribute_blocks - atom_feed_for @records, :item => { :title => lambda { |r| r.name }, :description => lambda { |r| r.body }, :pub_date => lambda { |r| r.create_date }, - :link => lambda { |r| "/#{r.created_at.to_i}" }, :guid => lambda { |r| r.created_at.to_i } } - - assert_select 'entry', 5 do - assert_select 'title', :text => 'feed title (name)' - assert_select "content[type='html']", '<p>feed description (body)</p>' - assert_select 'published', (@records.first.created_at - 5.minutes).xmlschema - assert_select 'updated', (@records.first.created_at - 5.minutes).xmlschema - assert_select 'id', /:\d+$/ - assert_select 'link' do - assert_select "[rel='alternate']" - assert_select "[type='text/html']" - assert_select "[href=?]", /^\/\d+$/ - end - end - end -end diff --git a/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/rss_feed_test.rb b/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/rss_feed_test.rb deleted file mode 100755 index 012bd064..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/rss_feed_test.rb +++ /dev/null @@ -1,61 +0,0 @@ -require File.dirname(__FILE__) + '/test_helper' -class RssFeedTest < Test::Unit::TestCase - def setup - @records = Array.new(5).fill(Post.new) - @records.each &:save - end - - def test_default_rss_feed - rss_feed_for @records - - assert_select 'rss[version="2.0"]' do - assert_select 'channel' do - assert_select '>title', 'Posts' - assert_select '>link', 'http://example.com/posts' - assert_select 'language', 'en-us' - assert_select 'ttl', '40' - end - assert_select 'item', 5 do - assert_select 'title', :text => 'feed title (title)' - assert_select 'description', '<p>feed description (description)</p>' - %w(guid link).each do |node| - assert_select node, 'http://example.com/posts/1' - end - assert_select 'pubDate', @records.first.created_at.to_s(:rfc822) - end - end - end - - def test_should_allow_custom_feed_options - rss_feed_for @records, :feed => { :title => 'Custom Posts', :link => '/posts', :description => 'stuff', :language => 'en-gb', :ttl => '80' } - - assert_select 'channel>title', 'Custom Posts' - assert_select 'channel>link', '/posts' - assert_select 'channel>description', 'stuff' - assert_select 'channel>language', 'en-gb' - assert_select 'channel>ttl', '80' - end - - def test_should_allow_custom_item_attributes - rss_feed_for @records, :item => { :title => :name, :description => :body, :pub_date => :create_date, :link => :id } - - assert_select 'item', 5 do - assert_select 'title', :text => 'feed title (name)' - assert_select 'description', '<p>feed description (body)</p>' - assert_select 'pubDate', (@records.first.created_at - 5.minutes).to_s(:rfc822) - assert_select 'link', '1' - assert_select 'guid', '1' - end - end - - def test_should_allow_custom_item_attribute_blocks - rss_feed_for @records, :item => { :title => lambda { |r| r.name }, :description => lambda { |r| r.body }, :pub_date => lambda { |r| r.create_date }, - :link => lambda { |r| "/#{r.created_at.to_i}" }, :guid => lambda { |r| r.created_at.to_i } } - - assert_select 'item', 5 do - assert_select 'title', :text => 'feed title (name)' - assert_select 'description', '<p>feed description (body)</p>' - assert_select 'pubDate', (@records.first.created_at - 5.minutes).to_s(:rfc822) - end - end -end diff --git a/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/test_helper.rb b/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/test_helper.rb deleted file mode 100755 index 35853c95..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/resource_feeder/test/test_helper.rb +++ /dev/null @@ -1,60 +0,0 @@ -Rails.env = 'test' -require File.expand_path(File.join(File.dirname(__FILE__), '../../../../config/environment.rb')) -require 'action_controller/test_process' -require 'breakpoint' -require 'ostruct' - -class Post - attr_reader :id, :created_at - def save; @id = 1; @created_at = Time.now.utc end - def new_record?; @id.nil? end - - [:title, :name].each do |attr_name| - define_method attr_name do - "feed title (#{attr_name})" - end - end - - [:description, :body].each do |attr_name| - define_method attr_name do - "

feed description (#{attr_name})

" - end - end - - def create_date - @created_at - 5.minutes - end -end - -class Test::Unit::TestCase - include ResourceFeeder::Rss, ResourceFeeder::Atom - - def render_feed(xml) - @response = OpenStruct.new - @response.headers = {'Content-Type' => 'text/xml'} - @response.body = xml - end - - def rss_feed_for_with_ostruct(resources, options = {}) - render_feed rss_feed_for_without_ostruct(resources, options) - end - - def atom_feed_for_with_ostruct(resources, options = {}) - render_feed atom_feed_for_without_ostruct(resources, options) - end - - alias_method_chain :rss_feed_for, :ostruct - alias_method_chain :atom_feed_for, :ostruct - - def html_document - @html_document ||= HTML::Document.new(@response.body, false, true) - end - - def user_posts_url - "http://example.com/posts" - end - - def user_post_url(post) - "http://example.com/posts/#{post.id}" - end -end \ No newline at end of file diff --git a/vendor/converted2.3plugins_to_lib_leftovers/white_list/README b/vendor/converted2.3plugins_to_lib_leftovers/white_list/README deleted file mode 100755 index 968d2f21..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/white_list/README +++ /dev/null @@ -1,35 +0,0 @@ -WhiteList -========= - -This White Listing helper will html encode all tags and strip all attributes that aren't specifically allowed. -It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any -tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out -the extensive test suite. - - <%= white_list @article.body %> - -You can add or remove tags/attributes if you want to customize it a bit. - -add table tags - - WhiteListHelper.tags += %w(table td th) - -remove tags - - WhiteListHelper.tags -= %w(div span) - -clear any attributes that are allowed for tags - - WhiteListHelper.attributes['a'] = [] - -allow a new attribute for the tag - - WhiteListHelper.attributes['img'] += %w(style) - -add new tag with attributes - - WhiteListHelper.attributes['table'] = %w(cellpadding cellspacing) - -change allowed attributes for all tags - - WhiteListHelper.attributes[nil] = %w(id class style) \ No newline at end of file diff --git a/vendor/converted2.3plugins_to_lib_leftovers/white_list/Rakefile b/vendor/converted2.3plugins_to_lib_leftovers/white_list/Rakefile deleted file mode 100755 index ce067bed..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/white_list/Rakefile +++ /dev/null @@ -1,22 +0,0 @@ -require 'rake' -require 'rake/testtask' -require 'rake/rdoctask' - -desc 'Default: run unit tests.' -task :default => :test - -desc 'Test the white_list plugin.' -Rake::TestTask.new(:test) do |t| - t.libs << 'lib' - t.pattern = 'test/**/*_test.rb' - t.verbose = true -end - -desc 'Generate documentation for the white_list plugin.' -Rake::RDocTask.new(:rdoc) do |rdoc| - rdoc.rdoc_dir = 'rdoc' - rdoc.title = 'WhiteList' - rdoc.options << '--line-numbers' << '--inline-source' - rdoc.rdoc_files.include('README') - rdoc.rdoc_files.include('lib/**/*.rb') -end diff --git a/vendor/converted2.3plugins_to_lib_leftovers/white_list/test/white_list_test.rb b/vendor/converted2.3plugins_to_lib_leftovers/white_list/test/white_list_test.rb deleted file mode 100755 index 460b42cb..00000000 --- a/vendor/converted2.3plugins_to_lib_leftovers/white_list/test/white_list_test.rb +++ /dev/null @@ -1,120 +0,0 @@ -require 'test/unit' -require File.expand_path(File.join(File.dirname(__FILE__), '../../../../config/environment.rb')) - -class WhiteListTest < Test::Unit::TestCase - include WhiteListHelper - public :contains_bad_protocols? - - (WhiteListHelper.tags + WhiteListHelper.attributes.keys).compact.each do |tag_name| - define_method "test_should_allow_#{tag_name}_tag" do - assert_white_listed "start <#{tag_name} id=\"1\" name=\"foo\">foo bar baz end", "start <#{tag_name} id='1'>foo <bad>bar</bad> baz end" - end - end - - def test_should_allow_anchors - assert_white_listed %(), "<script>baz</script>" - end - - WhiteListHelper.attributes['img'].each do |img_attr| - define_method "test_should_allow_image_#{img_attr}_attribute" do - assert_white_listed %(), "" - end - end - - def test_should_handle_non_html - assert_white_listed 'abc' - end - - def test_should_handle_blank_text - assert_white_listed nil - assert_white_listed '' - end - - def test_should_allow_custom_tags - text = "foo" - assert_equal(text, white_list(text, :tags => %w(u))) - end - - def test_should_allow_custom_tags_with_attributes - text = "
foo
" - assert_equal(text, white_list(text, :attributes => {'fieldset' => %w(foo)})) - end - - [%w(img src), %w(a href)].each do |(tag, attr)| - define_method "test_should_strip_#{attr}_attribute_in_#{tag}_with_bad_protocols" do - assert_white_listed %(<#{tag} #{attr}="javascript:bang" id="1">boo), %(<#{tag} id='1'>boo) - end - end - - def test_should_flag_bad_protocols - %w(about chrome data disk hcp help javascript livescript lynxcgi lynxexec ms-help ms-its mhtml mocha opera res resource shell vbscript view-source vnd.ms.radio wysiwyg).each do |proto| - assert contains_bad_protocols?("#{proto}://bad") - end - end - - def test_should_accept_good_protocols - WhiteListHelper.protocols.each do |proto| - assert !contains_bad_protocols?("#{proto}://good") - end - end - - def test_should_reject_hex_codes_in_protocol - assert contains_bad_protocols?("%6A%61%76%61%73%63%72%69%70%74%3A%61%6C%65%72%74%28%22%58%53%53%22%29") - assert_white_listed %(1), "1" - end - - def test_should_block_script_tag - assert_white_listed %(), "<script src='http:' /></script>" - end - - [%(), - %(), - %(), - %(">), - %(), - %(), - %(), - %(), - %(), - %(), - %(), - %(), - %(), - %(), - %()].each_with_index do |img_hack, i| - define_method "test_should_not_fall_for_xss_image_hack_#{i}" do - assert_white_listed img_hack, "" - end - end - - def test_should_sanitize_tag_broken_up_by_null - assert_white_listed %(alert(\"XSS\")), "<scr>alert(\"XSS\")</scr>" - end - - def test_should_sanitize_invalid_script_tag - assert_white_listed %(), "<script /></script>" - end - - def test_should_sanitize_script_tag_with_multiple_open_brackets - assert_white_listed %(<), "<<script>alert(\"XSS\");//<</script>" - assert_white_listed %(