diff --git a/Gemfile.lock b/Gemfile.lock
index 7293750d8..206ce0f36 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -21,7 +21,7 @@ PATH
bootstrap-sass (= 3.3.3)
bootstrap_tokenfield_rails
bundler (>= 1.9.4)
- cancan
+ cancancan
carrierwave (~> 0.11)
chartkick
coffee-rails (>= 4.1.0)
@@ -52,7 +52,7 @@ PATH
mail_form
merit
mini_magick
- nokogiri (>= 1.6.8)
+ nokogiri (>= 1.7.1)
omniauth-facebook (~> 3.0.0)
omniauth-github
omniauth-google-oauth2
@@ -80,6 +80,7 @@ PATH
refile (~> 0.5.5)
responders (~> 2.0)
rest-client (>= 1.8)
+ rubyzip (>= 1.2.1)
sass-rails (>= 3.2)
sidekiq (>= 3.4.2)
sidekiq-limit_fetch
@@ -143,13 +144,14 @@ GEM
activerecord (>= 4.0)
acts_as_tree (2.6.1)
activerecord (>= 3.0.0)
- addressable (2.4.0)
+ addressable (2.5.0)
+ public_suffix (~> 2.0, >= 2.0.2)
ambry (1.0.0)
arel (6.0.3)
auto_html (1.6.4)
redcarpet (~> 3.1)
rinku (~> 1.5.0)
- autoprefixer-rails (6.7.2)
+ autoprefixer-rails (6.7.7.1)
execjs
autosize-rails (1.18.17)
rails (>= 3.1)
@@ -178,9 +180,9 @@ GEM
slim (>= 1.3.6, < 4.0)
terminal-table (~> 1.4)
browser (2.3.0)
- builder (3.2.2)
- cancan (1.6.10)
- capybara (2.10.1)
+ builder (3.2.3)
+ cancancan (1.15.0)
+ capybara (2.13.0)
addressable
mime-types (>= 1.16)
nokogiri (>= 1.3.3)
@@ -193,8 +195,8 @@ GEM
json (>= 1.7)
mime-types (>= 1.16)
mimemagic (>= 0.3.0)
- chartkick (2.2.2)
- childprocess (0.5.9)
+ chartkick (2.2.3)
+ childprocess (0.6.2)
ffi (~> 1.0, >= 1.0.11)
cliver (0.3.2)
codeclimate-test-reporter (0.4.8)
@@ -208,7 +210,7 @@ GEM
execjs
coffee-script-source (1.10.0)
colored (1.2)
- concurrent-ruby (1.0.4)
+ concurrent-ruby (1.0.5)
connection_pool (2.2.1)
coveralls (0.8.10)
json (~> 1.8)
@@ -221,7 +223,7 @@ GEM
debug_inspector (0.0.2)
decent_exposure (3.0.2)
activesupport (>= 4.0)
- devise (4.2.0)
+ devise (4.2.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0, < 5.1)
@@ -251,7 +253,7 @@ GEM
launchy (~> 2.1)
mail (~> 2.2)
erubis (2.7.0)
- eventmachine (1.2.2)
+ eventmachine (1.2.3)
execjs (2.7.0)
factory_girl (4.5.0)
activesupport (>= 3.0.0)
@@ -260,16 +262,16 @@ GEM
railties (>= 3.0.0)
faker (1.7.3)
i18n (~> 0.5)
- faraday (0.10.1)
+ faraday (0.11.0)
multipart-post (>= 1.2, < 3)
fastercsv (1.5.5)
- ffi (1.9.14)
+ ffi (1.9.18)
font-awesome-rails (4.7.0.1)
railties (>= 3.2, < 5.1)
foreman (0.83.0)
thor (~> 0.19.1)
formatador (0.2.5)
- formtastic (3.1.4)
+ formtastic (3.1.5)
actionpack (>= 3.2.13)
fuubar (1.3.3)
rspec (>= 2.14.0, < 3.1.0)
@@ -304,13 +306,13 @@ GEM
tilt
has_secure_token (1.0.0)
activerecord (>= 3.0)
- hashie (3.5.1)
+ hashie (3.5.5)
highline (1.7.8)
hike (1.2.3)
http-cookie (1.0.2)
domain_name (~> 0.5)
- i18n (0.7.0)
- i18n-js (3.0.0.rc15)
+ i18n (0.8.1)
+ i18n-js (3.0.0.rc16)
i18n (~> 0.6, >= 0.6.6)
icalendar (2.4.1)
jbuilder (2.3.2)
@@ -321,14 +323,14 @@ GEM
actionpack (>= 3.1)
railties (>= 3.1)
sass (>= 3.2)
- jquery-rails (4.2.2)
+ jquery-rails (4.3.1)
rails-dom-testing (>= 1, < 3)
railties (>= 4.2.0)
thor (>= 0.14, < 2.0)
jquery-turbolinks (2.1.0)
railties (>= 3.1.0)
turbolinks
- json (1.8.3)
+ json (1.8.6)
judge (2.1.1)
rails (>= 3.1)
jwt (1.5.6)
@@ -354,34 +356,34 @@ GEM
method_source (0.8.2)
mime-types (2.99.3)
mimemagic (0.3.2)
- mini_magick (4.6.0)
+ mini_magick (4.6.1)
mini_portile2 (2.1.0)
- minitest (5.9.1)
+ minitest (5.10.1)
multi_json (1.12.1)
multi_xml (0.6.0)
multipart-post (2.0.0)
mysql2 (0.4.2)
nenv (0.2.0)
netrc (0.11.0)
- nokogiri (1.6.8.1)
+ nokogiri (1.7.1)
mini_portile2 (~> 2.1.0)
notiffany (0.0.8)
nenv (~> 0.1)
shellany (~> 0.0)
oauth (0.5.1)
- oauth2 (1.3.0)
- faraday (>= 0.8, < 0.11)
+ oauth2 (1.3.1)
+ faraday (>= 0.8, < 0.12)
jwt (~> 1.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
- omniauth (1.4.1)
- hashie (>= 1.2, < 4)
- rack (>= 1.0, < 3)
+ omniauth (1.6.1)
+ hashie (>= 3.4.6, < 3.6.0)
+ rack (>= 1.6.2, < 3)
omniauth-facebook (3.0.0)
omniauth-oauth2 (~> 1.2)
- omniauth-github (1.2.1)
- omniauth (~> 1.4.0)
+ omniauth-github (1.2.3)
+ omniauth (~> 1.5)
omniauth-oauth2 (>= 1.4.0, < 2.0)
omniauth-google-oauth2 (0.4.1)
jwt (~> 1.5.2)
@@ -403,7 +405,7 @@ GEM
parallel
passgen (1.0.2)
pdf-core (0.6.1)
- phony (2.15.40)
+ phony (2.15.42)
poltergeist (1.11.0)
capybara (~> 2.1)
cliver (~> 0.3.1)
@@ -411,8 +413,6 @@ GEM
prawn (2.0.2)
pdf-core (~> 0.6.0)
ttfunk (~> 1.4.0)
- protected_attributes (1.1.3)
- activemodel (>= 4.0.1, < 5.0)
pry (0.10.3)
coderay (~> 1.1.0)
method_source (~> 0.8.1)
@@ -422,6 +422,7 @@ GEM
activerecord (>= 3.0)
i18n (>= 0.5.0)
railties (>= 3.0.0)
+ public_suffix (2.0.5)
rack (1.6.5)
rack-mini-profiler (0.10.2)
rack (>= 1.2.0)
@@ -451,7 +452,7 @@ GEM
rails-assets-jquery (>= 1.7.0)
rails-assets-font-awesome (4.7.0)
rails-assets-inline-attachment (2.0.3)
- rails-assets-jquery (3.1.1)
+ rails-assets-jquery (3.2.1)
rails-assets-jquery-ui (1.12.1)
rails-assets-jquery (>= 1.6)
rails-assets-jquery-ujs (1.2.2)
@@ -459,9 +460,9 @@ GEM
rails-assets-trentrichardson--jQuery-Timepicker-Addon (1.6.3)
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
- rails-dom-testing (1.0.7)
+ rails-dom-testing (1.0.8)
activesupport (>= 4.2.0.beta, < 5.0)
- nokogiri (~> 1.6.0)
+ nokogiri (~> 1.6)
rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.0.3)
loofah (~> 2.0)
@@ -476,7 +477,7 @@ GEM
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
raindrops (0.15.0)
- rake (11.3.0)
+ rake (10.5.0)
rb-fsevent (0.9.6)
rb-inotify (0.9.5)
ffi (>= 0.5.0)
@@ -490,7 +491,7 @@ GEM
redis-activesupport (5.0.1)
activesupport (>= 3, < 6)
redis-store (~> 1.2.0)
- redis-namespace (1.5.2)
+ redis-namespace (1.5.3)
redis (~> 3.0, >= 3.0.4)
redis-rack (1.6.0)
rack (~> 1.5)
@@ -540,14 +541,14 @@ GEM
rspec-mocks (~> 2.14.0)
rspec-rerun (0.3.1)
rspec
- ruby-ole (1.2.12)
+ ruby-ole (1.2.12.1)
ruby-progressbar (1.7.5)
ruby2ruby (2.2.0)
ruby_parser (~> 3.1)
sexp_processor (~> 4.0)
ruby_parser (3.7.2)
sexp_processor (~> 4.1)
- rubyzip (1.2.0)
+ rubyzip (1.2.1)
safe_yaml (1.0.4)
sass (3.2.19)
sass-rails (4.0.5)
@@ -558,13 +559,13 @@ GEM
sdoc (0.4.1)
json (~> 1.7, >= 1.7.7)
rdoc (~> 4.0)
- selenium-webdriver (3.0.1)
+ selenium-webdriver (3.2.2)
childprocess (~> 0.5)
rubyzip (~> 1.0)
websocket (~> 1.0)
sexp_processor (4.6.0)
shellany (0.0.1)
- sidekiq (4.2.9)
+ sidekiq (4.2.10)
concurrent-ruby (~> 1.0)
connection_pool (~> 2.2, >= 2.2.0)
rack-protection (>= 1.5.0)
@@ -610,8 +611,8 @@ GEM
therubyracer (0.12.2)
libv8 (~> 3.16.14.0)
ref
- thor (0.19.1)
- thread_safe (0.3.5)
+ thor (0.19.4)
+ thread_safe (0.3.6)
tilt (1.4.1)
timecop (0.8.0)
tins (1.6.0)
@@ -650,7 +651,7 @@ GEM
activemodel (>= 4.2)
debug_inspector
railties (>= 4.2)
- websocket (1.2.3)
+ websocket (1.2.4)
websocket-driver (0.6.4)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.2)
@@ -685,9 +686,9 @@ DEPENDENCIES
mysql2!
parallel_tests!
poltergeist!
- protected_attributes!
pry!
rails (~> 4.2.1)!
+ rake (< 11.0)!
redcarpet!
rspec-instafail!
rspec-rails (= 2.14.1)!
@@ -711,4 +712,4 @@ RUBY VERSION
ruby 2.3.1p112
BUNDLED WITH
- 1.13.7
+ 1.14.6
diff --git a/app/assets/images/your_platform/spinner.svg b/app/assets/images/your_platform/spinner.svg
new file mode 100644
index 000000000..3116a69a9
--- /dev/null
+++ b/app/assets/images/your_platform/spinner.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/app/assets/javascripts/your_platform/datatables.coffee b/app/assets/javascripts/your_platform/datatables.coffee
index 2f66fdf8e..00adeca07 100644
--- a/app/assets/javascripts/your_platform/datatables.coffee
+++ b/app/assets/javascripts/your_platform/datatables.coffee
@@ -92,11 +92,12 @@ App.datatables = {
create: (selector, options)->
if $(selector).size() > 0
unless $.fn.dataTable.isDataTable(selector)
- configuration = {}
- $.extend configuration, App.datatables.common_configuration()
- $.extend configuration, options
- $(selector).dataTable(configuration)
- App.datatables.adjust_css()
+ if $(selector).parents('.dataTables_wrapper').size() == 0
+ configuration = {}
+ $.extend configuration, App.datatables.common_configuration()
+ $.extend configuration, options
+ $(selector).dataTable(configuration)
+ App.datatables.adjust_css()
}
$(document).ready ->
diff --git a/app/assets/javascripts/your_platform/resource_nav.js.coffee b/app/assets/javascripts/your_platform/resource_nav.js.coffee
new file mode 100644
index 000000000..2c7b724fa
--- /dev/null
+++ b/app/assets/javascripts/your_platform/resource_nav.js.coffee
@@ -0,0 +1,5 @@
+$(document).ready ->
+ current_tab = $('body').data('tab')
+
+ $('#resource_nav li').removeClass 'active'
+ $("#resource_nav li.#{current_tab}").addClass 'active'
\ No newline at end of file
diff --git a/app/assets/javascripts/your_platform/turbolinks.js.coffee b/app/assets/javascripts/your_platform/turbolinks.js.coffee
index 627694638..c4d0a26e2 100644
--- a/app/assets/javascripts/your_platform/turbolinks.js.coffee
+++ b/app/assets/javascripts/your_platform/turbolinks.js.coffee
@@ -3,3 +3,18 @@
#
$(document).on 'turbolinks:before-cache', ->
$(".alert").remove()
+ App.spinner.hide()
+
+App.spinner = {
+ hide: ->
+ $(".spinner").remove()
+ $(".hidden-by-spinner").removeClass('hidden-by-spinner')
+ show: (link)->
+ link.find('img, i, .glyphicon').addClass('hidden-by-spinner')
+ link.prepend('')
+}
+
+$(document).on 'turbolinks:click', (event)->
+ button = $(event.target)
+ App.spinner.hide()
+ App.spinner.show(button)
\ No newline at end of file
diff --git a/app/assets/stylesheets/bootstrap_layout/footer.css.sass b/app/assets/stylesheets/bootstrap_layout/footer.css.sass
index 9e75d8843..f6ab7843f 100644
--- a/app/assets/stylesheets/bootstrap_layout/footer.css.sass
+++ b/app/assets/stylesheets/bootstrap_layout/footer.css.sass
@@ -1,25 +1,49 @@
+// Footer css from: https://codepen.io/cbracco/pen/zekgx
+
+html
+ height: 100%
+ box-sizing: border-box
+
+*, *:before, *:after
+ box-sizing: inherit
+
+body
+ padding-bottom: 200px
+ min-height: 100%
+ position: relative
+
.bottom_page_footer
#footer
- //position: absolute
- //bottom: 0
- //width: 100%
-
- .footer
text-align: center
+ position: absolute
+ bottom: 0
+ right: 0
+ left: 0
+ background: #1a1e26
padding: 30px 0
- margin-top: 70px
border-top: 1px solid #e5e5e5
- background-color: whiteSmoke
-
- .footer-links
- margin: 1px 0
- display: block
- li
- display: inline
- padding: 0 2px
+ color: #cecfcf
+ font-size: 80%
+
+ a
+ color: #cecfcf
+
+ ul
+ list-style: none
+
+ li
+ display: inline
+ padding: 5px
+
+ #version_footer
+ margin-bottom: 20px
+ color: #484b54
+ a
+ color: #484b54
.side_footer
li.muted
- display: none
\ No newline at end of file
+ display: none
+
diff --git a/app/assets/stylesheets/bootstrap_layout/horizontal_structure_nav.css.sass b/app/assets/stylesheets/bootstrap_layout/horizontal_structure_nav.css.sass
new file mode 100644
index 000000000..a2b13b2a0
--- /dev/null
+++ b/app/assets/stylesheets/bootstrap_layout/horizontal_structure_nav.css.sass
@@ -0,0 +1,6 @@
+.horizontal_structure_nav
+ margin-top: -5px
+ margin-bottom: 5px
+ > ul > li > a
+ background: darken(#f6f8fa, 10%)
+ margin-bottom: 5px
\ No newline at end of file
diff --git a/app/assets/stylesheets/bootstrap_layout/resource_nav.css.sass b/app/assets/stylesheets/bootstrap_layout/resource_nav.css.sass
new file mode 100644
index 000000000..96c06acd0
--- /dev/null
+++ b/app/assets/stylesheets/bootstrap_layout/resource_nav.css.sass
@@ -0,0 +1,10 @@
+@import '_colors'
+
+#resource_nav
+ ul li a
+ background-color: darken($headerbar-color, 10%)
+ ul li a:hover
+ background-color: lighten($headerbar-color, 10%)
+ ul li.active a
+ background-color: lighten($headerbar-color, 10%)
+ color: $headerbar-contrast-color
\ No newline at end of file
diff --git a/app/assets/stylesheets/bootstrap_layout/side_bar.css.sass b/app/assets/stylesheets/bootstrap_layout/side_bar.css.sass
new file mode 100644
index 000000000..1fe90b607
--- /dev/null
+++ b/app/assets/stylesheets/bootstrap_layout/side_bar.css.sass
@@ -0,0 +1,3 @@
+.side_bar
+ h1, h2, h3, h4, h5, h6
+ font-size: 14pt
\ No newline at end of file
diff --git a/app/assets/stylesheets/your_platform/breadcrumbs.css.sass b/app/assets/stylesheets/your_platform/breadcrumbs.css.sass
index 3d3f36afa..db2010e88 100644
--- a/app/assets/stylesheets/your_platform/breadcrumbs.css.sass
+++ b/app/assets/stylesheets/your_platform/breadcrumbs.css.sass
@@ -16,4 +16,7 @@ ul.breadcrumbs
> li.slim
font-weight: normal
> li:last-child a
- color: black
\ No newline at end of file
+ color: black
+
+.breadcrumbs_current_page
+ display: inline-block
\ No newline at end of file
diff --git a/app/assets/stylesheets/your_platform/group_pages.css.sass b/app/assets/stylesheets/your_platform/group_pages.css.sass
new file mode 100644
index 000000000..c2f232835
--- /dev/null
+++ b/app/assets/stylesheets/your_platform/group_pages.css.sass
@@ -0,0 +1,4 @@
+body.group_pages
+ #content
+ h4
+ text-align: center
\ No newline at end of file
diff --git a/app/assets/stylesheets/your_platform/horizontal_structure_nav.css.sass b/app/assets/stylesheets/your_platform/horizontal_structure_nav.css.sass
new file mode 100644
index 000000000..2ebfee044
--- /dev/null
+++ b/app/assets/stylesheets/your_platform/horizontal_structure_nav.css.sass
@@ -0,0 +1,6 @@
+#horizontal_structure_nav, .horizontal_structure_nav
+ text-align: center
+ width: 100%
+ > ul > li
+ float: none
+ display: inline-block
\ No newline at end of file
diff --git a/app/assets/stylesheets/your_platform/turbolinks.css.sass b/app/assets/stylesheets/your_platform/turbolinks.css.sass
new file mode 100644
index 000000000..006778582
--- /dev/null
+++ b/app/assets/stylesheets/your_platform/turbolinks.css.sass
@@ -0,0 +1,11 @@
+.spinner
+ width: 16px
+ height: 16px
+ display: inline-block
+ vertical-align: middle
+ margin-right: 5px
+ background: image-url('your_platform/spinner.svg')
+ background-size: 16px 16px
+
+.hidden-by-spinner
+ display: none
\ No newline at end of file
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index deec5ba4a..bf3c9d19b 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -35,7 +35,7 @@ def create
end
@attachment = Attachment.create! author: current_user
- @attachment.update_attributes(params[:attachment])
+ @attachment.update_attributes(attachment_params)
respond_to do |format|
format.json { render json: Attachment.find(@attachment.id) } # reload does not reload the filename, thus use `find`.
@@ -47,9 +47,10 @@ def create
# PUT /attachments/1.json
def update
@attachment = Attachment.find(params[:id])
+ authorize! :update, @attachment
respond_to do |format|
- if @attachment.update_attributes(params[:attachment])
+ if @attachment.update_attributes(attachment_params)
format.html { redirect_to @attachment, notice: 'Attachment was successfully updated.' }
format.json { head :no_content }
else
@@ -108,6 +109,10 @@ def description
private
+ def attachment_params
+ params.require(:attachment).permit(:description, :file, :parent_id, :parent_type, :title, :author, :type)
+ end
+
# This method secures the version parameter from a DoS attack.
# See: http://brakemanscanner.org/docs/warning_types/denial_of_service/
#
diff --git a/app/controllers/blog_posts_controller.rb b/app/controllers/blog_posts_controller.rb
index 77db18213..1305f67d7 100644
--- a/app/controllers/blog_posts_controller.rb
+++ b/app/controllers/blog_posts_controller.rb
@@ -37,15 +37,22 @@ def create
def update
@blog_post ||= @page
+ authorize! :update, @blog_post
+
params[:blog_post] ||= {}
params[:blog_post][:archived] ||= params[:archived] # required for archivable.js.coffee to work properly.
set_inheritance_instance_variable
- @blog_post.update_attributes params[ :blog_post ].select { |k,v| v.present? && (v != "—")}
+
+ @blog_post.update_attributes(blog_post_params)
respond_with_bip(@blog_post)
end
private
+ def blog_post_params
+ params[:blog_post].try(:permit, :content, :title, :teaser_text, :author, :tag_list, :teaser_image_url, :archived) || {}
+ end
+
def set_inheritance_instance_variable
@page = @blog_post
@pages = @blog_posts
diff --git a/app/controllers/bookmarks_controller.rb b/app/controllers/bookmarks_controller.rb
index c30095e7c..f3d020fc4 100644
--- a/app/controllers/bookmarks_controller.rb
+++ b/app/controllers/bookmarks_controller.rb
@@ -23,7 +23,11 @@ def destroy
respond_with Bookmark.find( params[ :id ] ).destroy
end
- private
+ private
+
+ def bookmark_params
+ params.require(:bookmark).permit(:bookmarkable_id, :bookmarkable_type, :user_id, :user, :bookmarkable)
+ end
def find_bookmarks
user = User.find params[ :user_id ] if params[ :user_id ].present?
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
index 7a39877d4..be9037756 100644
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -5,7 +5,7 @@ class CommentsController < ApplicationController
def create
authorize! :create_comment_for, @commentable
- @comment = @commentable.comments.build(comment_params)
+ @comment = @commentable.comments.build(text: comment_params[:text])
@comment.author = current_user
@comment.save!
@@ -30,7 +30,7 @@ def show
private
def comment_params
- params.require(:comment).permit(:text)
+ params.require(:comment).permit(:text, :commentable_id, :commentable_type)
end
def find_secure_commentable
diff --git a/app/controllers/compact_nav_search_controller.rb b/app/controllers/compact_nav_search_controller.rb
index f41dfac3a..ede2377db 100644
--- a/app/controllers/compact_nav_search_controller.rb
+++ b/app/controllers/compact_nav_search_controller.rb
@@ -2,13 +2,13 @@
# which is used by the "compact" layout.
#
class CompactNavSearchController < ApplicationController
-
+
before_action :find_object
-
+
def show
find_object
authorize! :read, @object
-
+
respond_to do |format|
format.json do
if @object
@@ -30,22 +30,22 @@ def show
end
end
end
-
+
def index
@query = query
@base_object = find_base_object
@results = find_objects.select { |obj| can? :read, obj }
end
-
+
private
-
+
def query
params[:query]
end
def like_query
"%#{query}%"
end
-
+
def find_object
@object = base.descendant_groups.find_by token: query if base.respond_to? :descendant_groups
@object ||= NavNode.where('url_component like ?', like_query).limit(1).first.try(:navable) if not params[:search_base].present? # for example "erlangen/" -- as entry point for navigation
@@ -55,7 +55,7 @@ def find_object
@object ||= base.descendant_events.where('name like ?', like_query).limit(1).first if base.respond_to? :descendant_events
return @object
end
-
+
def find_objects
@objects = []
@objects += base.descendant_groups.where('name like ?', like_query) if base.respond_to? :descendant_groups
@@ -65,7 +65,7 @@ def find_objects
return @objects
end
-
+
def base
find_base_object
end
@@ -79,5 +79,5 @@ def find_base_object
def secure_base_object_class
(%w(Group Corporation Page User Event) & [params[:search_base][:type]]).first.constantize
end
-
+
end
\ No newline at end of file
diff --git a/app/controllers/concerns/current_layout.rb b/app/controllers/concerns/current_layout.rb
index 965150dfd..4582dd4b8 100644
--- a/app/controllers/concerns/current_layout.rb
+++ b/app/controllers/concerns/current_layout.rb
@@ -6,6 +6,7 @@
before_action :prepend_layout_view_path
helper_method :current_layout
+ helper_method :resource_centred_layout?
helper_method :current_logo_url
helper_method :current_logo
@@ -13,7 +14,7 @@
end
def current_layout
- #layout = (permitted_layouts & [layout_setting]).first
+ layout = (permitted_layouts & [layout_setting]).first if current_navable.try(:in_intranet?)
layout ||= mobile_layout_if_mobile_app
layout ||= (permitted_layouts & [params[:layout]]).first
layout ||= current_navable.layout if current_navable.respond_to? :layout
@@ -32,7 +33,7 @@ def save_layout_setting_as_cookie
end
def permitted_layouts
- ([default_layout] + %w(bootstrap minimal compact modern iweb mobile)).uniq
+ ([default_layout] + %w(bootstrap minimal compact modern iweb mobile resource_2017)).uniq
end
def default_layout
@@ -51,6 +52,14 @@ def default_logo
'logo.png'
end
+ def resource_centred_layouts
+ %w(resource_2017)
+ end
+
+ def resource_centred_layout?
+ current_layout.in? resource_centred_layouts
+ end
+
# The mobile app appends the parameter `?layout=mobile` once.
# After that, the layout has to stay mobile. We use a cookie
# to store that. As the mobile app has its own cookie store,
diff --git a/app/controllers/concerns/current_navable.rb b/app/controllers/concerns/current_navable.rb
index b576f7c66..648a72679 100644
--- a/app/controllers/concerns/current_navable.rb
+++ b/app/controllers/concerns/current_navable.rb
@@ -47,6 +47,10 @@ def set_current_navable(navable)
# See: app/controllers/concerns/confirm_admins_only_access.rb
#
confirm_admins_only_access_if_needed
+
+ # Load layout overrides needed for this navable.
+ #
+ prepend_layout_view_path
end
end
\ No newline at end of file
diff --git a/app/controllers/concerns/current_tab.rb b/app/controllers/concerns/current_tab.rb
index b07583791..6efb973a9 100644
--- a/app/controllers/concerns/current_tab.rb
+++ b/app/controllers/concerns/current_tab.rb
@@ -1,16 +1,21 @@
concern :CurrentTab do
included do
- helper_method :current_tab, :current_tab_path
+ helper_method :current_tab, :current_tab_path, :tab_path
end
# This method returns the correct path for the given object
# considering the current tab the user has used last.
#
def current_tab_path(object)
+ tab_path object, current_tab(object)
+ end
+
+ def tab_path(object, tab)
if object.kind_of?(Group)
- case current_tab(object)
+ case tab.to_s
when "subgroups"; group_path(object)
+ when "news"; group_news_path(object)
when "posts"
if can? :index_posts, object
group_posts_path(object)
@@ -21,6 +26,7 @@ def current_tab_path(object)
when "events"; group_events_path(object)
when "members"; group_members_path(object)
when "officers"; group_officers_path(object)
+ when "pages"; group_pages_path(object)
when "settings"
if can? :change_group_settings, object
group_settings_path(object)
@@ -40,9 +46,13 @@ def current_tab(object = nil)
if object.kind_of?(Groups::GroupOfGroups)
"subgroups"
else
- cookies[:group_tab]
+ cookies[:current_tab] || cookies[:group_tab]
end
end
end
+ def set_current_tab(tab)
+ cookies[:current_tab] = tab
+ end
+
end
\ No newline at end of file
diff --git a/app/controllers/contact_messages_controller.rb b/app/controllers/contact_messages_controller.rb
index 775aa8b99..81d490ff8 100644
--- a/app/controllers/contact_messages_controller.rb
+++ b/app/controllers/contact_messages_controller.rb
@@ -16,9 +16,15 @@ def new
def create
authorize! :create, ContactMessage
- ContactMessage.new(params[:contact_message]).deliver
+ ContactMessage.new(contact_message_params).deliver
redirect_to public_root_path, notice: t(:contact_message_has_been_sent)
end
+ private
+
+ def contact_message_params
+ params.require(:contact_message).permit(:subject, :name, :email, :message, :nickname)
+ end
+
end
\ No newline at end of file
diff --git a/app/controllers/corporations_controller.rb b/app/controllers/corporations_controller.rb
index 1e4c0055b..578caa938 100644
--- a/app/controllers/corporations_controller.rb
+++ b/app/controllers/corporations_controller.rb
@@ -1,22 +1,22 @@
class CorporationsController < ApplicationController
respond_to :html, :json
-
+
before_action :find_corporations
authorize_resource
def index
respond_to do |format|
- format.html { redirect_to Corporation.corporations_parent }
+ format.html { redirect_to group_path(Corporation.corporations_parent) }
format.json { respond_with @corporations.pluck(:name) }
end
end
-
-
+
+
private
-
+
def find_corporations
query = params[:term] || params[:query] || ""
@corporations = Corporation.where('name LIKE ?', "%#{query}%")
end
-
+
end
\ No newline at end of file
diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb
index 0bfdba6dc..88a9846a4 100644
--- a/app/controllers/events_controller.rb
+++ b/app/controllers/events_controller.rb
@@ -128,7 +128,7 @@ def create
@group = Group.find(params[:group_id])
authorize! :create_event, @group
- @event = Event.new(params[:event])
+ @event = Event.new(event_params)
@event.name ||= I18n.t(:enter_name_of_event_here)
@event.start_at ||= Time.zone.now.change(hour: 20, min: 15)
@event.group = @group
@@ -166,7 +166,7 @@ def create
# PUT /events/1.json
def update
respond_to do |format|
- if @event.update_attributes!(params[:event])
+ if @event.update_attributes!(event_params)
format.html { redirect_to @event, notice: 'Event was successfully updated.' }
format.json { respond_with_bip(@event) }
else
@@ -267,6 +267,10 @@ def invite
private
+ def event_params
+ params[:event].try(:permit, :description, :location, :end_at, :name, :start_at, :localized_start_at, :localized_end_at, :publish_on_local_website, :publish_on_global_website, :group_id, :contact_person_id) || {}
+ end
+
# For some strange reason, some ajax calls fail since the object is not yet
# available to the other server instance. So, try a few times before giving up.
#
diff --git a/app/controllers/group_members_controller.rb b/app/controllers/group_members_controller.rb
index 1d7c41f6e..18e590450 100644
--- a/app/controllers/group_members_controller.rb
+++ b/app/controllers/group_members_controller.rb
@@ -21,7 +21,7 @@ def index
set_current_access :signed_in
set_current_access_text :all_signed_in_users_can_read_this_member_list
- cookies[:group_tab] = "members"
+ set_current_tab :members
end
end
\ No newline at end of file
diff --git a/app/controllers/group_news_controller.rb b/app/controllers/group_news_controller.rb
new file mode 100644
index 000000000..79d307987
--- /dev/null
+++ b/app/controllers/group_news_controller.rb
@@ -0,0 +1,13 @@
+class GroupNewsController < ApplicationController
+
+ expose :group
+
+ def index
+ authorize! :read_news, group
+
+ set_current_navable group
+ set_current_title "News - #{group.name}"
+ set_current_tab :news
+ end
+
+end
\ No newline at end of file
diff --git a/app/controllers/group_pages_controller.rb b/app/controllers/group_pages_controller.rb
new file mode 100644
index 000000000..11bc5c230
--- /dev/null
+++ b/app/controllers/group_pages_controller.rb
@@ -0,0 +1,13 @@
+class GroupPagesController < ApplicationController
+
+ expose :group
+
+ def index
+ authorize! :read_pages, group
+
+ set_current_navable group
+ set_current_title group.title
+ set_current_tab :pages
+ end
+
+end
\ No newline at end of file
diff --git a/app/controllers/mobile/partials_controller.rb b/app/controllers/mobile/partials_controller.rb
index 8f5cd893e..41bb3fc21 100644
--- a/app/controllers/mobile/partials_controller.rb
+++ b/app/controllers/mobile/partials_controller.rb
@@ -6,7 +6,7 @@ class Mobile::PartialsController < ApplicationController
#
def show
authorize! :read, :mobile_dashboard
- @partial_key = params[:partial_key]
+ @partial_key = (%w(documents events people_search_results recent_contacts) & [params[:partial_key]]).first
load_resources
end
diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
index f030f3344..ccc26fa61 100644
--- a/app/controllers/pages_controller.rb
+++ b/app/controllers/pages_controller.rb
@@ -33,6 +33,7 @@ def show
set_current_title @page.title
set_current_navable @page
set_current_activity :looks_up_information, @page
+ set_current_tab :pages
if @page.group
set_current_access :group
@@ -55,7 +56,7 @@ def update
params[:page] ||= {}
params[:page][:archived] ||= params[:archived] # required for archivable.js.coffee to work properly.
params[:blog_post] ||= params[:page] # required for blog posts in respond_with_bip
- @page.update_attributes params[ :page ]
+ @page.update_attributes!(page_params)
respond_with_bip(@page)
end
@@ -86,6 +87,10 @@ def destroy
private
+ def page_params
+ params.require(:page).permit(:content, :title, :teaser_text, :redirect_to, :author, :tag_list, :teaser_image_url, :archived)
+ end
+
def find_resource_by_permalink
page_id = Permalink.find_by(path: params[:permalink], reference_type: 'Page').try(:reference_id)
@page ||= Page.find(page_id) if page_id
diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index eadedd7d6..0a9f8eff3 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -1,9 +1,9 @@
class PostsController < ApplicationController
-
+
authorize_resource
skip_authorize_resource only: [:new, :create, :preview, :deliver, :index]
skip_authorization_check only: [:preview]
-
+
# This will skip the cross-site-forgery protection for POST /posts.json,
# since incoming emails are not sent via a form in this web app,
# nor is the incoming email signed in.
@@ -14,29 +14,29 @@ class PostsController < ApplicationController
# TODO: Is there a better way to do this?
#
skip_before_action :verify_authenticity_token, only: :create, if: 'request.format.json?'
-
+
def index
if params[:group_id].present?
@group = Group.find(params[:group_id])
@posts = @group.posts.order('sent_at DESC') if @group
-
+
authorize! :index_posts, @group
-
+
@new_post = Post.new
@new_post.group = @group
@new_post.author = current_user
-
+
set_current_title "#{t(:posts)} - #{@group.name}"
set_current_navable @group
set_current_activity :looks_at_posts, @group
set_current_access :group
set_current_access_text I18n.t(:all_members_of_group_name_can_read_these_posts, group_name: @group.name)
-
+
cookies[:group_tab] = "posts"
else
@posts = Post.from_or_to_user(current_user).select { |post| can? :read, post }.reverse
@posts.each { |post| authorize! :read, post }
-
+
set_current_title t(:my_posts)
end
end
@@ -44,42 +44,42 @@ def index
def show
@post = Post.find(params[:id])
@group = @post.group
-
+
@show_all_comments = true
@keep_polling_delivery_counters = (@post.created_at >= 5.minutes.ago)
@show_delivery_report = params[:show_delivery_report].present?
-
+
set_current_title @post.subject
set_current_navable @group
set_current_activity :looks_at_posts, @group
set_current_access :group
set_current_access_text I18n.t(:author_of_post_members_of_group_name_and_mentioned_users_can_read_and_comment_this_post, group_name: @group.name)
end
-
+
def new
@group = Group.find params[:group_id] if params[:group_id].present?
authorize! :create_post_for, @group
-
+
@new_post = Post.new
@new_post.group = @group
@new_post.author = current_user
-
+
set_current_navable @group
set_current_activity :writes_a_message_to_group, @group
set_current_access :group
set_current_access_text I18n.t(:members_of_group_and_global_officers_can_write_posts, group_name: @group.name)
end
-
+
def create
return create_via_email if params[:message].present?
-
+
@group = Group.find(params[:group_id] || params[:post][:group_id] || raise('no group given'))
authorize! :create_post_for, @group
@text = params[:text] || params[:post][:text]
@subject = params[:subject] || params[:post][:text].split("\n").first.first(100)
@attachments_attributes = params[:attachments_attributes] || params[:post].try(:[], :attachments_attributes) || []
-
+
if params[:recipient] == 'me'
@recipients = [current_user]
else
@@ -91,10 +91,10 @@ def create
@recipients = @group.members
end
end
-
+
@post = Post.new subject: @subject, text: @text, group_id: @group.id, author_user_id: current_user.id, sent_at: Time.zone.now, attachments_attributes: @attachments_attributes
@post.save!
-
+
if params[:notification] == "instantly"
@send_counter = @post.send_as_email_to_recipients @recipients
Notification.create_from_post(@post, sent_at: Time.zone.now) unless params[:recipient] == 'me'
@@ -103,11 +103,11 @@ def create
Notification.create_from_post(@post) unless params[:recipient] == 'me'
flash[:notice] = "Nachricht wurde gespeichert. #{@recipients.count} Empfänger werden gemäß ihrer eigenen Benachrichtigungs-Einstellungen informiert, spätestens jedoch nach einem Tag."
end
-
+
Mention.create_multiple_and_notify_instantly(current_user, @post, @post.text) unless params[:recipient] == 'me'
-
+
@post.destroy if params[:recipient] == 'me'
-
+
respond_to do |format|
format.html do
if params[:post][:sent_from_root_page]
@@ -118,9 +118,9 @@ def create
end
format.json { render json: {recipients_count: @send_counter, post_url: @post.url} }
end
-
+
end
-
+
def preview
respond_to do |format|
format.json do
@@ -134,7 +134,7 @@ def preview
end
end
end
-
+
# PUT posts/123/deliver
#
# This forces a post delivery, which is useful when the user decides
@@ -148,11 +148,15 @@ def deliver
@post.notify_recipients
respond_to do |format|
format.json { render json: @post }
- end
+ end
end
-
+
private
-
+
+ def post_params
+ params.require(:post).permit(:author_user_id, :external_author, :group_id, :sent_at, :sticky, :subject, :text, :sent_via, :attachments => [:description, :file, :parent_id, :parent_type, :title, :author])
+ end
+
# This methods processes incoming email messages that can be sent through
#
# POST /posts.json
@@ -168,7 +172,7 @@ def deliver
def create_via_email
#
# ## Authorization
- #
+ #
# In case of comments, the user is authenticated by his user token that is included in the
# reply-to email address, e.g. user-aeng9iLe...oi2iSh7Hahr.post-345.create-comment.plattform@example.com.
# We do not check authorization for comments at the moment. TODO
@@ -182,7 +186,7 @@ def create_via_email
# should be used. This way, the mailgate can be switched off in the Ability class.
#
authorize! :use, :platform_mailgate
-
+
if params[:message]
if ReceivedMail.new(params[:message]).recipient_email.include?('.create-comment.plattform@')
# Then this responds to a conversation and should not create a new post but a comment instead.
@@ -205,5 +209,5 @@ def create_via_email
end
render json: (@posts || [])
end
-
+
end
diff --git a/app/controllers/profile_fields_controller.rb b/app/controllers/profile_fields_controller.rb
index f8ff9425a..7d8caf3b2 100644
--- a/app/controllers/profile_fields_controller.rb
+++ b/app/controllers/profile_fields_controller.rb
@@ -1,7 +1,7 @@
class ProfileFieldsController < ApplicationController
before_action :load_profileable, :only => [:create, :index]
- load_and_authorize_resource except: :index
+ load_and_authorize_resource except: :index, param_method: :profile_field_params
skip_authorization_check only: :index
before_action :log_public_activity_for_profileable, only: [:destroy]
@@ -22,6 +22,7 @@ def index
def create
type = secure_profile_field_type || 'ProfileFields::Custom'
+ @profile_field.type = type
@profile_field = @profile_field.becomes(type.constantize)
@profile_field.profileable = @profileable
@profile_field.label = params[:label] if params[:label].present?
@@ -45,7 +46,7 @@ def update
raise "security interrupt: '#{@profile_field.type}' is no permitted profileable object type."
end
@profile_field = @profile_field.becomes(profile_field_class)
- updated = @profile_field.update_attributes(params[:profile_field])
+ updated = @profile_field.update_attributes(profile_field_params)
# Mark issues to be resolved. Then, they will be rechecked later.
@profile_field.issues.update_all resolved_at: Time.zone.now
@@ -68,6 +69,13 @@ def destroy
private
+ def profile_field_params
+ params
+ .require(:profile_field)
+ .permit(:label, :type, :value, :key, :profileable_id, :profileable_type, :needs_review,
+ :postal_address)
+ end
+
def load_profileable
@profileable ||= @group = Group.find(params[:group_id]) if params[:group_id]
@profileable ||= @user = (User.find params[:user_id]) if params[:user_id]
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index a282a04ff..28342a0e2 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -1,6 +1,6 @@
class ProjectsController < ApplicationController
load_and_authorize_resource
-
+
def index
if @group
@projects = @group.child_projects
@@ -10,9 +10,9 @@ def index
@projects = current_user.groups.collect { |g| g.child_projects }.flatten
set_current_title t(:my_projects)
set_current_navable current_user
- end
+ end
end
-
+
def show
set_current_title @project.title
set_current_navable @project
@@ -20,35 +20,35 @@ def show
set_current_access :group
set_current_access_text I18n.t(:members_of_group_name_can_read_this_content, group_name: @project.group.name)
end
-
+
def update
- @project.update_attributes params[:project]
+ @project.update_attributes(project_params)
respond_with_bip(@project)
end
-
+
def new
set_current_title t(:new_project)
set_current_navable Page.find_intranet_root
-
+
@project = Project.new
end
-
+
def create
@project = Project.new(project_params)
@project.title ||= I18n.t(:new_project)
@project.save!
-
+
if current_user.corporation && @project.group.try(:corporation) != current_user.corporation
current_user.corporation << @project
end
-
+
redirect_to @project
end
-
+
private
-
+
def project_params
params.require(:project).permit(:title, :description, :corporation_name)
end
-
+
end
\ No newline at end of file
diff --git a/app/controllers/semester_calendars_controller.rb b/app/controllers/semester_calendars_controller.rb
index 7eacd4cdb..f5846ea56 100644
--- a/app/controllers/semester_calendars_controller.rb
+++ b/app/controllers/semester_calendars_controller.rb
@@ -23,6 +23,7 @@ def show
set_current_navable @group
set_current_title "#{@group.title}: #{t(:semester_calendar)}"
+ set_current_tab :events
set_current_activity :is_looking_at_semester_calendar, @semester_calendar
set_current_access :signed_in
set_current_access_text :all_signed_in_users_can_read_this_content
@@ -95,6 +96,7 @@ def index
set_current_navable @group
set_current_title "#{I18n.t(:semester_calendars)} #{@group.title}"
+ set_current_tab :events
else
authorize! :index, SemesterCalendar
@@ -116,6 +118,7 @@ def index
set_current_breadcrumbs [
{title: current_title}
]
+ set_current_tab :events
set_current_activity :is_looking_at_semester_calendars
set_current_access :signed_in
set_current_access_text :all_signed_in_users_can_read_this_content
diff --git a/app/controllers/status_memberships_controller.rb b/app/controllers/status_memberships_controller.rb
index d1ecdd1b6..f815ed266 100644
--- a/app/controllers/status_memberships_controller.rb
+++ b/app/controllers/status_memberships_controller.rb
@@ -21,6 +21,10 @@ def destroy
private
+ def status_membership_params
+ params.require(:status_membership).permit(:valid_from, :valid_to, :valid_from_localized_date, :valid_to_localized_date, :needs_review)
+ end
+
def find_membership
@status_membership = Memberships::Status.with_invalid.find(params[:id]) if params[:id].present?
end
diff --git a/app/controllers/workflows_controller.rb b/app/controllers/workflows_controller.rb
index 22aa07c00..a3c3d07e4 100644
--- a/app/controllers/workflows_controller.rb
+++ b/app/controllers/workflows_controller.rb
@@ -66,7 +66,7 @@ def edit
# POST /workflows
# POST /workflows.json
def create
- @workflow = Workflow.new(params[:workflow])
+ @workflow = Workflow.new(workflow_params)
respond_to do |format|
if @workflow.save
@@ -83,7 +83,7 @@ def create
# PUT /workflows/1.json
def update
respond_to do |format|
- if @workflow.update_attributes(params[:workflow])
+ if @workflow.update_attributes(workflow_params)
format.html { redirect_to @workflow, notice: 'Workflow was successfully updated.' }
format.json { head :no_content }
else
@@ -104,4 +104,10 @@ def destroy
end
end
+ private
+
+ def workflow_params
+ params.require(:workflow).permit(:description, :name, :parameters)
+ end
+
end
\ No newline at end of file
diff --git a/app/helpers/body_helper.rb b/app/helpers/body_helper.rb
index 921e5b538..eaa3f388b 100644
--- a/app/helpers/body_helper.rb
+++ b/app/helpers/body_helper.rb
@@ -14,7 +14,8 @@ def body_tag(options = {})
locale: I18n.locale,
env: Rails.env.to_s,
layout: current_layout,
- navable: @navable.try(:to_global_id).try(:to_s)
+ navable: @navable.try(:to_global_id).try(:to_s),
+ tab: current_tab
} do
yield
end
diff --git a/app/helpers/resource_nav_helper.rb b/app/helpers/resource_nav_helper.rb
new file mode 100644
index 000000000..8024d9b0d
--- /dev/null
+++ b/app/helpers/resource_nav_helper.rb
@@ -0,0 +1,7 @@
+module ResourceNavHelper
+
+ def show_resource_nav?
+ resource_centred_layout? && current_navable.try(:in_intranet?)
+ end
+
+end
\ No newline at end of file
diff --git a/app/jobs/application_job.rb b/app/jobs/application_job.rb
index 40350c719..0e270d744 100644
--- a/app/jobs/application_job.rb
+++ b/app/jobs/application_job.rb
@@ -1,4 +1,21 @@
class ApplicationJob < ActiveJob::Base
self.queue_adapter = :sidekiq
+ def serialize
+ # http://stackoverflow.com/a/38592564/2066546
+ super.merge('attempt_number' => (@attempt_number || 0) + 1)
+ end
+
+ def deserialize(job_data)
+ super
+ @attempt_number = job_data['attempt_number']
+ end
+
+ rescue_from ActiveJob::DeserializationError do |exception|
+ # There are cases where sidekiq is too fast, i.e. the background worker
+ # begins to process before the record is accessible through the database.
+ # Just retry in a couple of seconds.
+ retry_job(wait: 30) if @attempt_number < 5
+ end
+
end
\ No newline at end of file
diff --git a/app/models/active_record_update_attributes_bip_extension.rb b/app/models/active_record_update_attributes_bip_extension.rb
index 607a4df4d..7b1d2a3d0 100644
--- a/app/models/active_record_update_attributes_bip_extension.rb
+++ b/app/models/active_record_update_attributes_bip_extension.rb
@@ -20,7 +20,7 @@ def update_attributes(attributes, options = {})
non_empty_attributes[key] = nil if value == "-"
end
- super(non_empty_attributes, options)
+ super(non_empty_attributes)
end
module ClassMethods
diff --git a/app/models/attachment.rb b/app/models/attachment.rb
index 75967135b..a5872a370 100644
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -1,5 +1,4 @@
class Attachment < ActiveRecord::Base
- attr_accessible :description, :file, :parent_id, :parent_type, :title, :author, :type if defined? attr_accessible
belongs_to :parent, polymorphic: true
belongs_to :author, :class_name => "User", foreign_key: 'author_user_id'
diff --git a/app/models/bookmark.rb b/app/models/bookmark.rb
index 32bcdd0f0..77fa78473 100644
--- a/app/models/bookmark.rb
+++ b/app/models/bookmark.rb
@@ -2,11 +2,10 @@
# This model represents bookmarks. User can bookmark objects by clicking on a star beside
# the object's title. Their bookmarks are listed for them in a quick menu, thus
# users have quick access to bookmarked objects.
-#
+#
# Such bookmarkable objects may be other users, or pages, groups, et cetera.
#
class Bookmark < ActiveRecord::Base
- attr_accessible :bookmarkable_id, :bookmarkable_type, :user_id, :user, :bookmarkable if defined? attr_accessible
belongs_to :bookmarkable, polymorphic: true
belongs_to :user
diff --git a/app/models/comment.rb b/app/models/comment.rb
index 2338fc847..87dee065e 100644
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -1,10 +1,9 @@
class Comment < ActiveRecord::Base
- attr_accessible :text
-
+
belongs_to :author, foreign_key: :author_user_id, class_name: 'User'
belongs_to :commentable, polymorphic: true
-
+
has_many :mentions, as: :reference
has_many :mentioned_users, through: :mentions, class_name: 'User', source: 'whom'
-
+
end
diff --git a/app/models/concerns/archivable.rb b/app/models/concerns/archivable.rb
index 6ea35898e..fffa995b0 100644
--- a/app/models/concerns/archivable.rb
+++ b/app/models/concerns/archivable.rb
@@ -1,20 +1,19 @@
concern :Archivable do
included do
- attr_accessible :archived_at, :archived if defined? attr_accessible
attr_accessor :archived
-
+
scope :archived, -> { where('archived_at IS NOT NULL') }
scope :not_archived, -> { where('archived_at IS NULL') }
def archived?
archived
end
-
+
def archived
archived_at ? true : false
end
-
+
def archived=(new_archived_setting)
if new_archived_setting.in? [false, 'false', 0, nil]
self.archived_at = nil
diff --git a/app/models/concerns/dag_link_repair.rb b/app/models/concerns/dag_link_repair.rb
index eebf6fa8a..a9f48ec8a 100644
--- a/app/models/concerns/dag_link_repair.rb
+++ b/app/models/concerns/dag_link_repair.rb
@@ -16,8 +16,12 @@
def repair
delete_links_without_edges
delete_redundant_indirect_links
- recalculate_indirect_counts
fix_types
+ recalculate_indirect_counts
+ # # We don't need this as this is already done in `after_save`
+ # # when doing `recalculate_indirect_counts`.
+ #
+ # recalculate_indirect_validity_ranges
end
def fix_types
@@ -41,6 +45,18 @@ def recalculate_indirect_counts
LinkCountRepairer.repair
end
+ def recalculate_indirect_validity_ranges
+ print "\n\nRecalculate validity ranges of indirect memberships.\n".blue
+ DagLink.where(ancestor_type: "Group", descendant_type: "User", direct: false).each do |membership|
+ membership.recalculate_validity_range_from_direct_memberships
+ if membership.save
+ print "*".blue
+ else
+ print ".".green
+ end
+ end
+ end
+
class RedundantLinkRepairer
def self.scan_and_repair
@@ -51,7 +67,6 @@ def scan_and_repair
mute_sql_log
scan
delete_redundant_links
- recalculate_links
print "\n\nFinished.\n".blue
unmute_sql_log
end
@@ -106,16 +121,6 @@ def delete_redundant_links
end
end
end
-
- def recalculate_links
- print "\n\nRecalculating affected indirect validity ranges.\n".blue
- @occurances.each do |redundant_links|
- original_link = redundant_links[0].becomes Membership
- original_link.recalculate_validity_range_from_direct_memberships
- original_link.save
- print ".".blue
- end
- end
end
class LinkCountRepairer
diff --git a/app/models/concerns/group_mailing_lists.rb b/app/models/concerns/group_mailing_lists.rb
index 9d9228ecf..9d3b98199 100644
--- a/app/models/concerns/group_mailing_lists.rb
+++ b/app/models/concerns/group_mailing_lists.rb
@@ -1,24 +1,20 @@
concern :GroupMailingLists do
-
- included do
- attr_accessible :mailing_list_sender_filter
- end
-
+
# Returns all mailing list profile fields, i.e. email addresses that
# are used as mailing list for that group.
#
def mailing_lists
self.profile_fields.where(type: 'ProfileFields::MailingListEmail')
end
-
+
# Possible settings for the sender filter, i.e. the group attribute that determines
# whether an incoming post is accepted or rejected.
#
def mailing_list_sender_filter_settings
%w(open users_with_account corporation_members group_members officers group_officers global_officers)
end
-
- # Checks whether the given user is allowed to send an email to the mailing lists
+
+ # Checks whether the given user is allowed to send an email to the mailing lists
# of this group.
#
def user_matches_mailing_list_sender_filter?(user)
@@ -53,5 +49,5 @@ def user_matches_mailing_list_sender_filter?(user)
false
end
end
-
+
end
\ No newline at end of file
diff --git a/app/models/concerns/group_memberships.rb b/app/models/concerns/group_memberships.rb
index 495c213f1..49cc17dde 100644
--- a/app/models/concerns/group_memberships.rb
+++ b/app/models/concerns/group_memberships.rb
@@ -97,7 +97,7 @@ def direct_members_titles_string=( titles_string )
def assign_user( user, options = {} )
if user and not user.in?(self.direct_members)
time_of_joining = options[:joined_at] || options[:at] || options[:time] || Time.zone.now
- m = Membership.create user_id: user.id, group_id: self.id
+ m = Membership.create descendant_id: user.id, ancestor_id: self.id
m.update_attributes valid_from: time_of_joining # It does not work when added in `create`.
m
end
diff --git a/app/models/concerns/group_posts.rb b/app/models/concerns/group_posts.rb
new file mode 100644
index 000000000..c6e8167a1
--- /dev/null
+++ b/app/models/concerns/group_posts.rb
@@ -0,0 +1,14 @@
+concern :GroupPosts do
+
+ included do
+ has_many :posts
+ end
+
+ def descendant_post_ids
+ descendant_groups.map(&:post_ids).flatten
+ end
+ def descendant_posts
+ Post.where(id: descendant_post_ids)
+ end
+
+end
\ No newline at end of file
diff --git a/app/models/concerns/group_welcome_message.rb b/app/models/concerns/group_welcome_message.rb
index af34784df..e363b8fdd 100644
--- a/app/models/concerns/group_welcome_message.rb
+++ b/app/models/concerns/group_welcome_message.rb
@@ -2,7 +2,6 @@
included do
delegate :welcome_message, :welcome_message=, to: :settings
- attr_accessible :welcome_message
alias_method :assign_user_before_welcome_message, :assign_user
def assign_user(user, options = {})
diff --git a/app/models/concerns/has_permalinks.rb b/app/models/concerns/has_permalinks.rb
index 6c929502e..e1136195c 100644
--- a/app/models/concerns/has_permalinks.rb
+++ b/app/models/concerns/has_permalinks.rb
@@ -2,8 +2,6 @@
included do
has_many :permalinks, as: :reference, dependent: :destroy
-
- attr_accessible :permalinks_list if defined? attr_accessible
end
def permalink_path
diff --git a/app/models/concerns/membership_creator.rb b/app/models/concerns/membership_creator.rb
index 7e58c91aa..9e2c793b5 100644
--- a/app/models/concerns/membership_creator.rb
+++ b/app/models/concerns/membership_creator.rb
@@ -8,7 +8,7 @@ def create(attributes = {})
attributes[:descendant_id] ||= attributes[:user_id] || attributes[:user].try(:id)
attributes[:ancestor_type] = "Group"
attributes[:descendant_type] = "User"
- attributes = attributes.except(:group_id, :user_id)
+ attributes = attributes.except(:group_id, :user_id, :user, :group)
membership = DagLink.create(attributes).becomes(Membership)
membership.valid_from ||= Time.zone.now
diff --git a/app/models/concerns/page_caching.rb b/app/models/concerns/page_caching.rb
index 7ad348b1e..7201509ae 100644
--- a/app/models/concerns/page_caching.rb
+++ b/app/models/concerns/page_caching.rb
@@ -7,6 +7,7 @@
after_save { RenewCacheJob.perform_later(self, time: Time.zone.now) }
cache :group_id
+ cache :sub_page_ids
end
include StructureableRoleCaching
diff --git a/app/models/concerns/user_avatar.rb b/app/models/concerns/user_avatar.rb
index 4f00467bd..a1003d63b 100644
--- a/app/models/concerns/user_avatar.rb
+++ b/app/models/concerns/user_avatar.rb
@@ -12,7 +12,6 @@
included do
attachment :avatar, type: :image
- attr_accessible :avatar, :remove_avatar if defined? attr_accessible
end
def avatar_base64
diff --git a/app/models/concerns/user_corporations.rb b/app/models/concerns/user_corporations.rb
index 062cd48df..4a3499b6d 100644
--- a/app/models/concerns/user_corporations.rb
+++ b/app/models/concerns/user_corporations.rb
@@ -10,10 +10,6 @@
#
concern :UserCorporations do
- included do
- attr_accessible :corporation_name if defined? attr_accessible
- end
-
def corporation_id
(Corporation.pluck(:id) & self.ancestor_group_ids).first
end
diff --git a/app/models/dag_link.rb b/app/models/dag_link.rb
index ba830e2e9..ba26bf8cf 100644
--- a/app/models/dag_link.rb
+++ b/app/models/dag_link.rb
@@ -1,6 +1,5 @@
class DagLink < ApplicationRecord
- attr_accessible :ancestor_id, :ancestor_type, :count, :descendant_id, :descendant_type, :direct if defined? attr_accessible
acts_as_dag_links polymorphic: true
include DagLinkTypes
diff --git a/app/models/event.rb b/app/models/event.rb
index d760ae40d..b452dfe3d 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -1,5 +1,4 @@
class Event < ActiveRecord::Base
- attr_accessible :description, :location, :end_at, :name, :start_at, :localized_start_at, :localized_end_at, :publish_on_local_website, :publish_on_global_website, :group_id, :contact_person_id if defined? attr_accessible
is_structureable ancestor_class_names: %w(Group Page), descendant_class_names: %w(Group Page)
is_navable
diff --git a/app/models/flag.rb b/app/models/flag.rb
index 302fa7352..c135d389f 100644
--- a/app/models/flag.rb
+++ b/app/models/flag.rb
@@ -1,5 +1,4 @@
class Flag < ActiveRecord::Base
- attr_accessible :flagable_id, :flagable_type, :key if defined? attr_accessible
belongs_to :flagable, polymorphic: true
diff --git a/app/models/geo_location.rb b/app/models/geo_location.rb
index c59be0b9b..32c53a490 100644
--- a/app/models/geo_location.rb
+++ b/app/models/geo_location.rb
@@ -1,6 +1,4 @@
class GeoLocation < ActiveRecord::Base
- attr_accessible :address if defined? attr_accessible
-
# When to perform geocoding queries (to google)
# ==========================================================================================
diff --git a/app/models/group.rb b/app/models/group.rb
index d75ee46cf..99dd764fd 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -4,30 +4,11 @@
#
class Group < ApplicationRecord
- if defined? attr_accessible
- attr_accessible( :name, # just the name of the group; example: 'Corporation A'
- :body, # a description text displayed on the groups pages top
- :token, # (optional) a short-name, abbreviation of the group's name, in
- # a global context; example: 'A'
- :internal_token, # (optional) an internal abbreviation, i.e. used by the
- # members of the group; example: 'AC'
- :extensive_name, # (optional) a long version of the group's name;
- # example: 'The Corporation of A'
- :direct_members_titles_string, # Used for inline-editing: The comma-separated
- # titles of the child users of the group.
- :type
- )
- end
-
- include ActiveModel::ForbiddenAttributesProtection # TODO: Move into initializer
-
is_structureable(ancestor_class_names: %w(Group Page Event),
descendant_class_names: %w(Group User Page Workflow Project))
is_navable
has_profile_fields
- has_many :posts
-
default_scope { includes(:flags) }
scope :regular, -> { not_flagged([:contact_people, :attendees, :officers_parent, :group_of_groups, :everyone, :corporations_parent]) }
@@ -42,6 +23,7 @@ class Group < ApplicationRecord
include GroupMixins::Developers
include GroupMixins::Officers
include GroupMixins::Import
+ include GroupPosts
include GroupProfile
include GroupMailingLists
include GroupDummyUsers
diff --git a/app/models/issue.rb b/app/models/issue.rb
index 11e4ac2c8..b190c3f2c 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -14,7 +14,6 @@
# issue.resecan # Rescan a specific issue.
#
class Issue < ActiveRecord::Base
- attr_accessible :title, :description, :resolved_at, :responsible_admin_id, :reference_id, :reference_type
belongs_to :reference, polymorphic: true
belongs_to :responsible_admin, class_name: 'User'
diff --git a/app/models/last_seen_activity.rb b/app/models/last_seen_activity.rb
index 0d5d7ece7..040c94433 100644
--- a/app/models/last_seen_activity.rb
+++ b/app/models/last_seen_activity.rb
@@ -1,9 +1,8 @@
class LastSeenActivity < ActiveRecord::Base
- attr_accessible :description, :link_to_object_id, :link_to_object_type, :user_id if defined? attr_accessible
-
+
belongs_to :user
belongs_to :link_to_object, polymorphic: true
-
+
def self.current
where('updated_at > ?', 5.minutes.ago).order('created_at')
end
diff --git a/app/models/membership.rb b/app/models/membership.rb
index a0611a384..d685b8fce 100644
--- a/app/models/membership.rb
+++ b/app/models/membership.rb
@@ -14,10 +14,6 @@ class Membership < DagLink
alias_attribute :group_id, :ancestor_id
alias_attribute :group, :ancestor
- attr_accessible :user_id, :group_id if defined? attr_accessible
-
- before_validation :ensure_correct_ancestor_and_descendant_type
-
has_many :issues, as: :reference, dependent: :destroy
@@ -41,7 +37,6 @@ class Membership < DagLink
#
has_many_flags
may_need_review
- attr_accessible :needs_review if defined? attr_accessible
# General Properties
diff --git a/app/models/membership_mixins/validity_range.rb b/app/models/membership_mixins/validity_range.rb
index f1bdf8818..f24f396d2 100644
--- a/app/models/membership_mixins/validity_range.rb
+++ b/app/models/membership_mixins/validity_range.rb
@@ -70,7 +70,6 @@ module MembershipMixins::ValidityRange
extend ActiveSupport::Concern
included do
- attr_accessible :valid_from, :valid_to, :valid_from_localized_date, :valid_to_localized_date
before_validation :set_valid_from_to_now
default_scope { valid }
diff --git a/app/models/nav_node.rb b/app/models/nav_node.rb
index d188875f1..8a85af533 100644
--- a/app/models/nav_node.rb
+++ b/app/models/nav_node.rb
@@ -4,10 +4,6 @@
# relevant to the position of the Navable object within the navigational structure.
#
class NavNode < ActiveRecord::Base
- if defined? attr_accessible
- attr_accessible :breadcrumb_item, :hidden_menu, :menu_item, :slim_breadcrumb, :slim_menu, :slim_url, :url_component
- attr_accessible :hidden_footer
- end
belongs_to :navable, polymorphic: true
diff --git a/app/models/navable.rb b/app/models/navable.rb
index a687c8283..047e267ca 100644
--- a/app/models/navable.rb
+++ b/app/models/navable.rb
@@ -39,5 +39,9 @@ def nav
nav_node
end
+ def in_intranet?
+ ancestor_navables.include? Page.intranet_root
+ end
+
end
end
diff --git a/app/models/notification.rb b/app/models/notification.rb
index 161f1345d..ada77c5df 100644
--- a/app/models/notification.rb
+++ b/app/models/notification.rb
@@ -18,7 +18,6 @@
# end
#
class Notification < ActiveRecord::Base
- attr_accessible :recipient_id, :author_id, :reference_url, :reference_type, :reference_id, :message, :text, :sent_at, :read_at, :failed_at
belongs_to :recipient, class_name: 'User'
belongs_to :author, class_name: 'User'
diff --git a/app/models/page.rb b/app/models/page.rb
index 8c5cde15b..e070b26fb 100644
--- a/app/models/page.rb
+++ b/app/models/page.rb
@@ -1,7 +1,5 @@
class Page < ActiveRecord::Base
- attr_accessible :content, :title, :teaser_text, :redirect_to, :author, :tag_list, :teaser_image_url if defined? attr_accessible
-
is_structureable ancestor_class_names: %w(Page User Group Event), descendant_class_names: %w(Page User Group Event)
is_navable
@@ -23,6 +21,10 @@ class Page < ActiveRecord::Base
:ancestor_events, :author, :parent_pages,
:parent_users, :parent_groups, :parent_events) }
+ scope :regular, -> {
+ where(type: nil)
+ }
+
def not_empty?
attachments.any? || (content && content.length > 5) || children.any?
end
@@ -107,6 +109,17 @@ def group_id
next_parent.try(:id)
end
+ # A sub_page is a descendant_page of the page
+ # that is of the same group, i.e. not a page of
+ # one of the sub groups.
+ #
+ def sub_page_ids
+ (child_page_ids + child_pages.map(&:child_page_ids)).flatten
+ end
+ def sub_pages
+ Page.regular.where(id: sub_page_ids)
+ end
+
# Url
# ----------------------------------------------------------------------------------------------------
diff --git a/app/models/post.rb b/app/models/post.rb
index cf79deec8..0e43da0ad 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -1,12 +1,10 @@
class Post < ActiveRecord::Base
- attr_accessible :author_user_id, :external_author, :group_id, :sent_at, :sticky, :subject, :text, :sent_via if defined? attr_accessible
belongs_to :group
belongs_to :author, :class_name => "User", foreign_key: 'author_user_id'
has_many :attachments, as: :parent, dependent: :destroy
accepts_nested_attributes_for :attachments
- attr_accessible :attachments_attributes
has_many :mentions, as: :reference, dependent: :destroy
has_many :directly_mentioned_users, through: :mentions, class_name: 'User', source: 'whom'
diff --git a/app/models/profile_field.rb b/app/models/profile_field.rb
index b704ac763..8f9dc90f1 100644
--- a/app/models/profile_field.rb
+++ b/app/models/profile_field.rb
@@ -1,8 +1,6 @@
# -*- coding: utf-8 -*-
class ProfileField < ActiveRecord::Base
- attr_accessible :label, :type, :value, :key, :profileable_id, :profileable_type, :needs_review if defined? attr_accessible
-
belongs_to :profileable, polymorphic: true
has_many :issues, as: :reference, dependent: :destroy
@@ -98,6 +96,7 @@ def children_count
# Example: For a ProfileFields::FooBar-type profile field, this method returns 'foo_bar'.
#
def underscored_type
+ raise 'This profile field has no type!' unless self.type.present?
self.type.demodulize.underscore
end
diff --git a/app/models/profile_field_mixins/has_child_profile_fields.rb b/app/models/profile_field_mixins/has_child_profile_fields.rb
index 8e8c6ae94..ae6b8564a 100644
--- a/app/models/profile_field_mixins/has_child_profile_fields.rb
+++ b/app/models/profile_field_mixins/has_child_profile_fields.rb
@@ -2,13 +2,13 @@
module ProfileFieldMixins::HasChildProfileFields
# This creates an easier way to access a composed ProfileField's child field
- # values. Instead of calling
+ # values. Instead of calling
#
# bank_account.children.where( :label => :account_number ).first.value
# bank_account.children.where( :label => :account_number ).first.value = "12345"
#
# you may call
- #
+ #
# bank_account.account_number
# bank_account.account_number = "12345"
#
@@ -19,7 +19,7 @@ module ProfileFieldMixins::HasChildProfileFields
# has_child_profile_fields :account_holder, :account_number, ...
# ...
# end
- #
+ #
# Furthermore, this method modifies the intializer to build the child fields
# on build of the main profile_field.
#
@@ -27,8 +27,6 @@ def has_child_profile_fields( *keys )
before_save :build_child_fields_if_absent
after_save :save_child_profile_fields
-
- attr_accessible *keys if defined? attr_accessible
include HasChildProfileFieldsInstanceMethods
@@ -85,7 +83,7 @@ def build_child_fields( keys )
end
end
- # This method saves the child profile fields.
+ # This method saves the child profile fields.
# This is necessary, since the acts_as_tree gem does not provide the
# autosave option for the association.
#
diff --git a/app/models/profile_fields/address.rb b/app/models/profile_fields/address.rb
index 4ceab0c07..1149ca0ce 100644
--- a/app/models/profile_fields/address.rb
+++ b/app/models/profile_fields/address.rb
@@ -204,7 +204,6 @@ def longitude
# Allow to mark one address as primary postal address.
#
- attr_accessible :postal_address if defined? attr_accessible
concerning :PostalAddressFlag do
def postal_address
self.has_flag? :postal_address
diff --git a/app/models/project.rb b/app/models/project.rb
index c83a0f5b6..80ef5a70f 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1,10 +1,9 @@
class Project < ActiveRecord::Base
- attr_accessible :title, :description, :corporation_name
attr_accessor :corporation_name
is_structureable ancestor_class_names: %w(Group Page), descendant_class_names: %w(Group Page)
is_navable
-
+
def group
parent_groups.first
end
diff --git a/app/models/relationship.rb b/app/models/relationship.rb
index 0ceaabfd2..02b91f722 100644
--- a/app/models/relationship.rb
+++ b/app/models/relationship.rb
@@ -2,7 +2,7 @@
#
# This class models a relationship between two users.
#
-# For example, John is the brother of Sue.
+# For example, John is the brother of Sue.
#
# who: John relationship.user1 relationship.who
# is: Brother relationship.is relationship.name
@@ -10,8 +10,6 @@
#
class Relationship < ActiveRecord::Base
- attr_accessible :user1, :user2, :name, :who, :is, :of, :who_by_title, :of_by_title if defined? attr_accessible
-
belongs_to :user1, class_name: "User", inverse_of: :relationships_as_first_user
belongs_to :user2, class_name: "User", inverse_of: :relationships_as_second_user
@@ -38,7 +36,7 @@ def is=( name )
# John is the brother of Sue.
# --- of: Sue
#
- def of
+ def of
self.user2
end
def of=( user )
@@ -46,7 +44,7 @@ def of=( user )
end
# Adding new relationships:
- #
+ #
# Relationship.add( who: john_user, is: :brother, of: :sue_user )
#
# which is the same as:
@@ -65,7 +63,7 @@ def who_by_title
def who_by_title=( title )
self.who = User.find_by_title( title )
end
-
+
# Access method for the second user being given by his title.
#
def of_by_title
diff --git a/app/models/setting.rb b/app/models/setting.rb
index f48d6fd67..6ac81ac3b 100644
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -15,7 +15,3 @@ def self.preferred_locale
super
end
end
-
-class RailsSettings::Base
- attr_accessible :var if defined? attr_accessible
-end
\ No newline at end of file
diff --git a/app/models/user.rb b/app/models/user.rb
index 0c89e8fda..bdfda814e 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,10 +1,4 @@
class User < ActiveRecord::Base
- if defined? attr_accessible
- attr_accessible :first_name, :last_name, :name, :alias, :email, :create_account, :female, :add_to_group,
- :add_to_corporation, :date_of_birth, :localized_date_of_birth,
- :aktivmeldungsdatum, :study_address, :home_address, :work_address, :phone, :mobile,
- :notification_policy
- end
# Gamification: https://github.com/merit-gem/merit
include Merit
diff --git a/app/models/user_account.rb b/app/models/user_account.rb
index cb0b38545..e4808391b 100644
--- a/app/models/user_account.rb
+++ b/app/models/user_account.rb
@@ -33,7 +33,6 @@ class UserAccount < ActiveRecord::Base
# Can unlock via email or after a specified time period.
#
devise :database_authenticatable, :recoverable, :rememberable, :validatable, :registerable
- attr_accessible :login, :password, :password_confirmation, :remember_me if defined? attr_accessible
# Virtual attribute for authenticating by either username, alias or email
attr_accessor :login
diff --git a/app/models/workflow_kit/parameter.rb b/app/models/workflow_kit/parameter.rb
index 939743a87..f2a1186c5 100644
--- a/app/models/workflow_kit/parameter.rb
+++ b/app/models/workflow_kit/parameter.rb
@@ -2,8 +2,6 @@ module WorkflowKit
class Parameter < ActiveRecord::Base
self.table_name = "workflow_kit_parameters"
- attr_accessible :key, :value
-
belongs_to :parameterable, polymorphic: true
def key
diff --git a/app/models/workflow_kit/step.rb b/app/models/workflow_kit/step.rb
index efb0d03c3..ea09d5949 100644
--- a/app/models/workflow_kit/step.rb
+++ b/app/models/workflow_kit/step.rb
@@ -1,13 +1,11 @@
module WorkflowKit
require 'workflow_kit/brick'
-
+
class Step < ActiveRecord::Base
self.table_name = "workflow_kit_steps"
-
- default_scope { order(:sequence_index) }
- attr_accessible :sequence_index, :brick_name, :parameters
+ default_scope { order(:sequence_index) }
belongs_to :workflow
diff --git a/app/models/workflow_kit/workflow.rb b/app/models/workflow_kit/workflow.rb
index 71325bbad..f0b1b70dc 100644
--- a/app/models/workflow_kit/workflow.rb
+++ b/app/models/workflow_kit/workflow.rb
@@ -2,8 +2,6 @@ module WorkflowKit
class Workflow < ActiveRecord::Base
self.table_name = "workflow_kit_workflows"
- attr_accessible :description, :name, :parameters
-
has_many :steps, dependent: :destroy
extend WorkflowKit::Parameterable
diff --git a/app/views/group_news/index.html.haml b/app/views/group_news/index.html.haml
new file mode 100644
index 000000000..4f65f0a92
--- /dev/null
+++ b/app/views/group_news/index.html.haml
@@ -0,0 +1,22 @@
+- content_for :side_bar do
+
+ %h1= t :contact_people
+ %div
+ %ul
+ %li Senior
+ %li Fuxmajor
+ %li Kneipwart
+ %li Philister-x
+
+ = render partial: 'shared/upcoming_events', locals: {events: group.events_with_subgroups.upcoming.limit(3), group: group}
+
+ %h1 Inhalte und Blog-Posts
+ %div
+ %ul
+ - group.descendant_pages.order('updated_at desc').limit(5).each do |page|
+ %li= link_to page.title, page
+
+ %h1 Dokumente
+ %div
+
+= render (([group] + group.descendant_groups) & current_user.groups).collect { |g| g.posts.order('created_at desc').limit(10) }.flatten.sort_by { |post| -post.created_at.to_i }
diff --git a/app/views/group_pages/index.html.haml b/app/views/group_pages/index.html.haml
new file mode 100644
index 000000000..5ce656db6
--- /dev/null
+++ b/app/views/group_pages/index.html.haml
@@ -0,0 +1,6 @@
+= render partial: 'pages/tabs'
+
+- group.descendant_groups.each do |subgroup|
+ - if subgroup.members.include?(current_user) && subgroup.child_pages.any?
+ %h4= subgroup.title
+ = render partial: 'shared/horizontal_child_pages_nav', object: subgroup, as: :navable
\ No newline at end of file
diff --git a/app/views/groups/_address_labels_modal.html.haml b/app/views/groups/_address_labels_modal.html.haml
index bf66eb2e9..831b5e606 100644
--- a/app/views/groups/_address_labels_modal.html.haml
+++ b/app/views/groups/_address_labels_modal.html.haml
@@ -1,12 +1,12 @@
%div.export_modal.modal.fade
.modal-dialog
.modal-content
- = form_tag(group_path(@group, :format => :pdf), {:method => :get, id: 'address_label_export_form'}) do
-
+ = form_tag(group_path(group, :format => :pdf), {:method => :get, id: 'address_label_export_form'}) do
+
%div.modal-header
%a.close{data: {dismiss: 'modal'}, 'aria-label' => 'Close'}
%span{'aria-hidden' => true} ×
- %h4= "#{I18n.t(:address_labels)}: #{@group.name}"
+ %h4= "#{I18n.t(:address_labels)}: #{group.name}"
%div.modal-body
%table
%tr
@@ -22,6 +22,6 @@
%td
- sender_text = session[:address_labels_pdf_sender] || "#{current_user.name}, #{current_user.postal_address_in_one_line}"
%input.address_label_sender_field{name: 'sender', value: sender_text}
-
+
%div.modal-footer
= submit_tag(I18n.t(:create_address_labels_pdf), class: 'btn btn-primary confirm_address_labels_pdf_export')
\ No newline at end of file
diff --git a/app/views/groups/_export_button.html.haml b/app/views/groups/_export_button.html.haml
index 52fb07d30..a9961de79 100644
--- a/app/views/groups/_export_button.html.haml
+++ b/app/views/groups/_export_button.html.haml
@@ -1,4 +1,4 @@
-- if can? :export_member_list, @group
+- if can? :export_member_list, group
%div.btn-group.group_export.pull-right
%a.btn.btn-default.dropdown-toggle(data-toggle="dropdown" href="#")
= icon 'list-alt'
@@ -17,12 +17,12 @@
%li.nav-header=t :pdf_files
- trigger_class = (params[:trigger_export] == 'pdf') ? 'auto_trigger' : ''
%li.export_address_labels{data: {modal_body: render(partial: 'groups/address_labels_modal')}}
- = link_to group_address_labels_path(@group, :format => :pdf, pdf_type: 'zweckform'), :class => "address_labels_export_button #{trigger_class}" do
+ = link_to group_address_labels_path(group, :format => :pdf, pdf_type: 'zweckform'), :class => "address_labels_export_button #{trigger_class}" do
= icon :th
=t :address_labels
(Zweckform 3475)
%li.export_address_labels{data: {modal_body: render(partial: 'groups/address_labels_modal')}}
- = link_to group_address_labels_path(@group, :format => :pdf, pdf_type: 'zweckform', filter: 'without_email'), :class => "address_labels_export_button #{trigger_class}" do
+ = link_to group_address_labels_path(group, :format => :pdf, pdf_type: 'zweckform', filter: 'without_email'), :class => "address_labels_export_button #{trigger_class}" do
= icon :th
Etiketten (Zweckform 3475) für Mitglieder ohne E-Mail-Adresse
- if current_locale.to_s == 'de'
@@ -31,7 +31,7 @@
= fa_icon :amazon
Passende Zweckform-3475-Etiketten 70x36 online bestellen
%li.export_address_labels{data: {modal_body: render(partial: 'groups/address_labels_modal')}}
- = link_to group_address_labels_path(@group, :format => :pdf, pdf_type: 'dpag'), :class => "address_labels_export_button" do
+ = link_to group_address_labels_path(group, :format => :pdf, pdf_type: 'dpag'), :class => "address_labels_export_button" do
= icon :th
=t :address_labels
(DPAG 70x37)
@@ -42,68 +42,68 @@
Passende Zweckform-3474-Etiketten 70x37 online bestellen
%li.nav-header= "#{I18n.t(:excel_tables)} (XLS)"
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :xls, :list => :name_list) do
+ = link_to group_list_export_path(group_id: group.id, :format => :xls, :list => :name_list) do
= excel_icon
= t :name_list
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :xls, :list => :birthday_list) do
+ = link_to group_list_export_path(group_id: group.id, :format => :xls, :list => :birthday_list) do
= excel_icon
= t :birthday_list
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :xls, :list => :special_birthdays) do
+ = link_to group_list_export_path(group_id: group.id, :format => :xls, :list => :special_birthdays) do
= excel_icon
= t :special_birthdays
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :xls, :list => :address_list) do
+ = link_to group_list_export_path(group_id: group.id, :format => :xls, :list => :address_list) do
= excel_icon
= t :address_list
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :xls, :list => :phone_list) do
+ = link_to group_list_export_path(group_id: group.id, :format => :xls, :list => :phone_list) do
= excel_icon
= t :phone_list
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :xls, :list => :member_development) do
+ = link_to group_list_export_path(group_id: group.id, :format => :xls, :list => :member_development) do
= excel_icon
= t :member_development
- - if can? :export_stammdaten_for, @group
+ - if can? :export_stammdaten_for, group
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :xls, :list => :stammdaten) do
+ = link_to group_list_export_path(group_id: group.id, :format => :xls, :list => :stammdaten) do
= excel_icon
= t :stammdaten
- if can? :export, :wingolfsblaetter_export_format
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :xls, :list => :wingolfsblaetter) do
+ = link_to group_list_export_path(group_id: group.id, :format => :xls, :list => :wingolfsblaetter) do
= excel_icon
= t :wingolfsblaetter
%li.nav-header= "#{I18n.t(:tables)} (CSV, UTF-8)"
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :name_list) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :name_list) do
= csv_icon
= t :name_list
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :birthday_list) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :birthday_list) do
= csv_icon
= t :birthday_list
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :special_birthdays) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :special_birthdays) do
= csv_icon
= t :special_birthdays
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :address_list) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :address_list) do
= csv_icon
= t :address_list
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :dpag_internetmarken) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :dpag_internetmarken) do
= csv_icon
= t :address_list_for_dpag_internetmarke
%small (ISO 8859-1)
%li.indent
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :dpag_internetmarken_in_germany) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :dpag_internetmarken_in_germany) do
= csv_icon
nur Inland (DE)
%li.indent
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :dpag_internetmarken_not_in_germany) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :dpag_internetmarken_not_in_germany) do
= csv_icon
nur Ausland
%li.indent
@@ -111,39 +111,39 @@
= awesome_icon 'question-circle'
Hilfe zur DPAG-Internetmarke
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :phone_list) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :phone_list) do
= csv_icon
= t :phone_list
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :email_list) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :email_list) do
= csv_icon
= t :email_list
- - @group.mailing_lists.each do |mailing_list|
+ - group.mailing_lists.each do |mailing_list|
%li.indent
= link_to "mailto:#{mailing_list.value}" do
= icon :envelope
= "#{t(:mailing_list)}: #{mailing_list.value}"
- - if can? :create_post_for, @group
+ - if can? :create_post_for, group
%li.indent
- = link_to group_posts_path(@group) do
+ = link_to group_posts_path(group) do
= icon :envelope
- = t :write_new_post_to_str, str: @group.name
- - if can? :manage, @group
+ = t :write_new_post_to_str, str: group.name
+ - if can? :manage, group
%li.indent
- = link_to group_mailing_lists_path(@group) do
+ = link_to group_mailing_lists_path(group) do
= icon :envelope
= t :install_mailing_list
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :member_development) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :member_development) do
= csv_icon
= t :member_development
- - if can? :export_stammdaten_for, @group
+ - if can? :export_stammdaten_for, group
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :stammdaten) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :stammdaten) do
= csv_icon
= t :stammdaten
- if can? :export, :wingolfsblaetter_export_format
%li
- = link_to group_list_export_path(group_id: @group.id, :format => :csv, :list => :wingolfsblaetter) do
+ = link_to group_list_export_path(group_id: group.id, :format => :csv, :list => :wingolfsblaetter) do
= csv_icon
= t :wingolfsblaetter
diff --git a/app/views/groups/_tabs.html.haml b/app/views/groups/_tabs.html.haml
index 8ac41da6a..e4e3a08da 100644
--- a/app/views/groups/_tabs.html.haml
+++ b/app/views/groups/_tabs.html.haml
@@ -2,32 +2,34 @@
- active ||= 'posts'
- @group = group if defined?(group) and not @group
-%ul.nav.nav-tabs.group.group_tabs
- - if @group.group_of_groups?
- %li{class: active == 'subgroups' ? 'active' : ''}
- %a{href: group_subgroups_path(@group)}= @group.name
- - unless @group.group_of_groups?
- - # One can see the posts tab under one of these conditions:
- - # - The user can read all posts of this group.
- - # - The user can see this particular post (due to an invitation) and, therefore, the posts controller is currently used.
- - if can?(:index_posts, @group) or params[:controller] == 'posts'
- %li{class: active == 'posts' ? 'active' : ''}
- %a{href: group_posts_path(@group)} Nachrichten
- %li{class: active == 'profile' ? 'active' : ''}
- %a{href: group_profile_path(@group)} Kontakt & Profil
- %li{class: active == 'events' ? 'active' : ''}
- - if @group.use_semester_calendars? && can?(:use, :semester_calendars)
- - if params[:action] == 'show'
- %a{href: group_semester_calendars_path(@group)}= t :semester_calendar
+- unless show_resource_nav?
+
+ %ul.nav.nav-tabs.group.group_tabs
+ - if @group.group_of_groups?
+ %li{class: active == 'subgroups' ? 'active' : ''}
+ %a{href: group_subgroups_path(@group)}= @group.name
+ - unless @group.group_of_groups?
+ - # One can see the posts tab under one of these conditions:
+ - # - The user can read all posts of this group.
+ - # - The user can see this particular post (due to an invitation) and, therefore, the posts controller is currently used.
+ - if can?(:index_posts, @group) or params[:controller] == 'posts'
+ %li{class: active == 'posts' ? 'active' : ''}
+ %a{href: group_posts_path(@group)} Nachrichten
+ %li{class: active == 'profile' ? 'active' : ''}
+ %a{href: group_profile_path(@group)} Kontakt & Profil
+ %li{class: active == 'events' ? 'active' : ''}
+ - if @group.use_semester_calendars? && can?(:use, :semester_calendars)
+ - if params[:action] == 'show'
+ %a{href: group_semester_calendars_path(@group)}= t :semester_calendar
+ - else
+ %a{href: group_current_semester_calendar_path(@group)}= t :semester_calendar
- else
- %a{href: group_current_semester_calendar_path(@group)}= t :semester_calendar
- - else
- %a{href: group_events_path(@group)}= t :events
- - unless @group.group_of_groups?
- %li{class: active == 'members' ? 'active' : ''}
- %a{href: group_members_path(@group)} Mitglieder
- %li{class: active == 'officers' ? 'active' : ''}
- %a{href: group_officers_path(@group)} Amtsträger
- - if can? :update, @group
- %li{class: active == 'settings' ? 'active' : ''}
- %a{href: group_settings_path(@group)}=t :settings
+ %a{href: group_events_path(@group)}= t :events
+ - unless @group.group_of_groups?
+ %li{class: active == 'members' ? 'active' : ''}
+ %a{href: group_members_path(@group)} Mitglieder
+ %li{class: active == 'officers' ? 'active' : ''}
+ %a{href: group_officers_path(@group)} Amtsträger
+ - if can? :update, @group
+ %li{class: active == 'settings' ? 'active' : ''}
+ %a{href: group_settings_path(@group)}=t :settings
diff --git a/app/views/layouts/_content_area.html.haml b/app/views/layouts/_content_area.html.haml
new file mode 100644
index 000000000..f51f24cef
--- /dev/null
+++ b/app/views/layouts/_content_area.html.haml
@@ -0,0 +1,3 @@
+#content_area
+ = render partial: 'shared/flashes'
+ = convert_to_content_box { yield }
\ No newline at end of file
diff --git a/app/views/layouts/_horizontal_nav.html.haml b/app/views/layouts/_horizontal_nav.html.haml
index a9a8cb65e..a295eb2d1 100644
--- a/app/views/layouts/_horizontal_nav.html.haml
+++ b/app/views/layouts/_horizontal_nav.html.haml
@@ -1,9 +1,12 @@
#horizontal_nav
- %ul.horizontal_nav.nav.navbar-nav.nav-pills
- - horizontal_nav.link_objects.each do |object|
- - if object.kind_of? Hash
- %li
- = link_to object[:title], (object[:path] || object.except(:title))
- - else
- %li{class: horizontal_nav_li_css_class(object), data: {short: ((object.internal_token || object.token) if object.respond_to?(:token))}}
- = link_to_navable (object.nav_title), object
\ No newline at end of file
+ - if show_resource_nav?
+ = render partial: 'layouts/resource_nav'
+ - else
+ %ul.horizontal_nav.nav.navbar-nav.nav-pills
+ - horizontal_nav.link_objects.each do |object|
+ - if object.kind_of? Hash
+ %li
+ = link_to object[:title], (object[:path] || object.except(:title))
+ - else
+ %li{class: horizontal_nav_li_css_class(object), data: {short: ((object.internal_token || object.token) if object.respond_to?(:token))}}
+ = link_to_navable (object.nav_title), object
\ No newline at end of file
diff --git a/app/views/layouts/_horizontal_structure_nav.html.haml b/app/views/layouts/_horizontal_structure_nav.html.haml
new file mode 100644
index 000000000..2836e8a87
--- /dev/null
+++ b/app/views/layouts/_horizontal_structure_nav.html.haml
@@ -0,0 +1,5 @@
+#horizontal_structure_nav
+ - if current_tab.to_s.in? %w(members)
+ = render partial: 'shared/horizontal_child_groups_nav', object: current_navable, as: :navable
+ - elsif current_tab.to_s.in? %w(pages)
+ = render partial: 'shared/horizontal_child_pages_nav', object: current_navable, as: :navable
\ No newline at end of file
diff --git a/app/views/layouts/_multi_column_content_area.html.haml b/app/views/layouts/_multi_column_content_area.html.haml
index 3033b7b36..d46a33fbb 100644
--- a/app/views/layouts/_multi_column_content_area.html.haml
+++ b/app/views/layouts/_multi_column_content_area.html.haml
@@ -1,22 +1,14 @@
- if show_vertical_nav? and content_for?(:side_bar)
.col-sm-3#vertical_nav_area.hidden-print= render partial: 'layouts/vertical_nav'
- .col-sm-6#content_area
- = render partial: 'shared/flashes'
- = convert_to_content_box { yield }
- .col-sm-3
- = yield :side_bar
+ .col-sm-6= render partial: 'layouts/content_area'
+ .col-sm-3.side_bar
+ = convert_to_content_box { yield :side_bar }
- elsif show_vertical_nav? and not content_for?(:side_bar)
.col-sm-3#vertical_nav_area.hidden-print= render partial: 'layouts/vertical_nav'
- .col-sm-9#content_area
- = render partial: 'shared/flashes'
- = convert_to_content_box { yield }
+ .col-sm-9= render partial: 'layouts/content_area'
- elsif not show_vertical_nav? and content_for(:side_bar)
- .col-sm-9#content_area
- = render partial: 'shared/flashes'
- = convert_to_content_box { yield }
- .col-sm-3
- = yield :side_bar
+ .col-sm-9= render partial: 'layouts/content_area'
+ .col-sm-3.side_bar
+ = convert_to_content_box { yield :side_bar }
- else
- #content_area
- = render partial: 'shared/flashes'
- = convert_to_content_box { yield }
+ = render partial: 'layouts/content_area'
diff --git a/app/views/layouts/_resource_nav.html.haml b/app/views/layouts/_resource_nav.html.haml
new file mode 100644
index 000000000..308035c98
--- /dev/null
+++ b/app/views/layouts/_resource_nav.html.haml
@@ -0,0 +1,13 @@
+#resource_nav
+ %ul.horizontal_nav.resource_nav.nav.navbar-nav.nav-pills
+ %li.news
+ = link_to t(:news), tab_path(current_navable, :news)
+ %li.contact
+ = link_to t(:contact_people), tab_path(current_navable, :contact)
+ %li.events
+ = link_to t(:events), tab_path(current_navable, :events)
+ %li.pages
+ = link_to t(:documents), tab_path(current_navable, :pages)
+ %li.members
+ = link_to t(:members), tab_path(current_navable, :members)
+
diff --git a/app/views/layouts/_vertical_nav_lis.html.haml b/app/views/layouts/_vertical_nav_lis.html.haml
index 0be9a6cf3..d96627b1b 100644
--- a/app/views/layouts/_vertical_nav_lis.html.haml
+++ b/app/views/layouts/_vertical_nav_lis.html.haml
@@ -13,7 +13,7 @@
- navable.nav_child_groups.each do |group|
%li.child.group
- - if show_corporation_names_in_vertical_nav?(navable)
- = link_to_navable group.name_with_corporation, group
- - else
- = link_to_navable group.nav_title, group
\ No newline at end of file
+ -#- if show_corporation_names_in_vertical_nav?(navable)
+ -# = link_to_navable group.name_with_corporation, group
+ -#- else
+ = link_to_navable group.nav_title, group
\ No newline at end of file
diff --git a/app/views/layouts/resource_2017.html.haml b/app/views/layouts/resource_2017.html.haml
new file mode 100644
index 000000000..b43666daa
--- /dev/null
+++ b/app/views/layouts/resource_2017.html.haml
@@ -0,0 +1,110 @@
+!!!
+
+- @hide_vertical_nav = true
+
+%html{:lang => 'en'}
+ %head
+ %meta{:charset => 'utf-8'}/
+ %meta{:content => 'IE=Edge,chrome=1', 'http-equiv' => 'X-UA-Compatible'}/
+ %meta{:content => 'width=device-width, initial-scale=1.0', :name => 'viewport'}/
+ %title= website_title_with_app_name
+ = csrf_meta_tags
+ / Le HTML5 shim, for IE6-8 support of HTML elements
+ /[if lt IE 9]
+
+
+
+ = stylesheet_link_tag 'bootstrap_setup', :media => 'all'
+ = stylesheet_link_tag 'bootstrap_layout', :media => 'all'
+ = stylesheet_link_tag 'application', :media => 'all'
+
+ / For third-generation iPad with high-resolution Retina display:
+ / Size should be 144 x 144 pixels
+ = favicon_link_tag 'apple-touch-icon-144x144-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png', :sizes => '144x144'
+ / For iPhone with high-resolution Retina display:
+ / Size should be 114 x 114 pixels
+ = favicon_link_tag 'apple-touch-icon-114x114-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png', :sizes => '114x114'
+ / For first- and second-generation iPad:
+ / Size should be 72 x 72 pixels
+ = favicon_link_tag 'apple-touch-icon-72x72-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png', :sizes => '72x72'
+ / For non-Retina iPhone, iPod Touch, and Android 2.1+ devices:
+ / Size should be 57 x 57 pixels
+ = favicon_link_tag 'apple-touch-icon-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png'
+ / For all other devices
+ / Size should be 32 x 32 pixels
+ = favicon_link_tag 'favicon.ico', :rel => 'shortcut icon'
+
+ %link{rel: 'search', href: opensearch_path, title: "#{app_name} Search", type: 'application/opensearchdescription+xml'}
+
+ = javascript_include_tag 'application'
+ = javascript_include_tag "//cdn.jsdelivr.net/afterglow/latest/afterglow.min.js"
+ = gmaps4rails_api_script_tags
+ = yield :scripts
+ = yield :head
+
+ = body_tag do
+ - if user_account_signed_in?
+ %nav#logged-in-bar.navbar.navbar-default.navbar-fixed-top
+ .container-fluid
+ .navbar-header
+ %button.navbar-toggle.collapsed{data: {toggle: 'collapse', target: '#logged-in-bar-collapse'}}
+ %span.sr-only Toggle Navigation
+ %span.icon-bar
+ %span.icon-bar
+ %span.icon-bar
+ %a.navbar-brand{:href => '#'}= app_name
+
+ .collapse.navbar-collapse#logged-in-bar-collapse
+ %ul.nav.navbar-nav
+ - if not show_role_preview_menu?
+ %li
+ = link_to t(:my_profile), current_user, :class => 'my_profile'
+ %li.dropdown.my_groups
+ %a.dropdown-toggle{href: my_groups_path, data: {toggle: 'dropdown'}}
+ = t :my_groups
+ %b.caret= ''
+ %ul.dropdown-menu
+ = render partial: 'users/groups', object: current_user, as: :user
+
+ - # role indicator and preview menu
+ = render partial: 'layouts/role_preview_switcher'
+
+ %ul.nav.navbar-nav.navbar-right
+ %li.last.dropdown
+ %a.dropdown-toggle.current_user_dropdown{'data-toggle' => 'dropdown', :href => '#'}
+ = render 'layouts/session_bar_avatar'
+ %b.caret
+ = render partial: 'layouts/current_user_dropdown'
+
+ .row#header-bar
+ .col-sm-7.col-xs-12
+ %span#logo
+ = link_to image_tag(logo_url), root_path, class: 'navbar-brand'
+
+ .col-sm-5.col-xs-12
+ #header_help= render partial: 'support_requests/help_button'
+ #header_search
+ %span#search_box= render partial: 'shared/search_box'
+
+ .row#horizontal-nav-bar.hidden-xs
+ -#.col-md-6.col-sm-5.col-xs-12.hidden-xs
+ %span#category_indicator.right
+ = render partial: 'layouts/horizontal_nav'
+
+ .row#breadcrumb-bar
+ %nav#breadcrumb.navbar
+ .container-fluid
+ .breadcrumbs_current_page= "#{t(:current_page)}:"
+ = render partial: 'layouts/breadcrumbs'
+
+ %span#access_indicator
+ = access_indicator if current_user
+
+ .container-fluid
+ .row
+ = render partial: 'layouts/horizontal_structure_nav'
+ .row
+ #content
+ = render partial: 'layouts/multi_column_content_area'
+
+ .bottom_page_footer.hidden-print= render partial: 'layouts/footer' unless @hide_footer
diff --git a/app/views/memberships/_memberships_table.html.haml b/app/views/memberships/_memberships_table.html.haml
index 203f8899e..4ff89fc3c 100644
--- a/app/views/memberships/_memberships_table.html.haml
+++ b/app/views/memberships/_memberships_table.html.haml
@@ -13,9 +13,9 @@
%tr
%th Id
%th
- - if @user # All memberships belong to this user. This column specifies the group then.
+ - if user # All memberships belong to this user. This column specifies the group then.
Gruppe
- - if @group
+ - if group
Benutzer
%th Pfad
%th Mitglied seit
@@ -27,14 +27,14 @@
%tr{class: ((membership.group && membership.currently_valid?) ? "currently_valid" : "currently_invalid")}
%td.copy-to-clipboard{title: "Membership.now_and_in_the_past.find(#{membership.id})"}= membership.id
%td
- - if @user
+ - if user
- if membership.group
= link_to membership.group.name, membership.group
- else
.alert.alert-danger
%strong GRUPPE FEHLT!
(Datenfehler)
- - if @group
+ - if group
- if membership.user
= link_to membership.user.title, membership.user
- else
@@ -42,7 +42,7 @@
%strong BENUTZER FEHLT!
(Datenfehler)
%td
- - if membership.group && @user
+ - if membership.group && user
%ul
- membership.group.ancestor_navables.each do |ancestor|
%li= link_to ancestor.title, ancestor
diff --git a/app/views/pages/_tabs.html.haml b/app/views/pages/_tabs.html.haml
new file mode 100644
index 000000000..998c9438e
--- /dev/null
+++ b/app/views/pages/_tabs.html.haml
@@ -0,0 +1 @@
+- # Nothing here, yet.
\ No newline at end of file
diff --git a/app/views/pages/show.html.haml b/app/views/pages/show.html.haml
index b3dca130a..459622129 100644
--- a/app/views/pages/show.html.haml
+++ b/app/views/pages/show.html.haml
@@ -1,3 +1,5 @@
+= render partial: 'pages/tabs'
+
%div.col-md-12
= render @page
@@ -15,12 +17,12 @@
- # The user might suspect to create a sibling, but really would create a nested blog post.
- # Note: `@page.type` could be 'Page' for the PagesController. But `Page.find(@page.id)` finds the type in the database.
- #
- - if (Page.find(@page.id).type != 'BlogPost')
+ - if (Page.find(@page.id).type != 'BlogPost')
%div.blog_tools.box
= link_to blog_posts_path(parent_id: @page.id), :class => "btn btn-success add_blog_post", :method => :post, :remote => :true do
= icon :plus
= I18n.t(:add_blog_entry)
-
+
#blog_entries
- if @blog_entries.count > 0
- for blog_entry_page in @blog_entries
diff --git a/app/views/shared/_horizontal_child_groups_nav.html.haml b/app/views/shared/_horizontal_child_groups_nav.html.haml
new file mode 100644
index 000000000..2b8970a3e
--- /dev/null
+++ b/app/views/shared/_horizontal_child_groups_nav.html.haml
@@ -0,0 +1,8 @@
+#horizontal_child_group_nav.horizontal_structure_nav
+ %ul.nav.nav-pills.groups
+ - navable.nav_child_groups.each do |group|
+ %li.child.group
+ -#- if show_corporation_names_in_vertical_nav?(navable)
+ -# = link_to_navable group.name_with_corporation, group
+ -#- else
+ = link_to_navable group.nav_title, group
\ No newline at end of file
diff --git a/app/views/shared/_horizontal_child_pages_nav.html.haml b/app/views/shared/_horizontal_child_pages_nav.html.haml
new file mode 100644
index 000000000..f2c4ff1c7
--- /dev/null
+++ b/app/views/shared/_horizontal_child_pages_nav.html.haml
@@ -0,0 +1,9 @@
+#horizontal_child_pages_nav.horizontal_structure_nav
+ %ul.nav.nav-pills.pages
+ - navable.nav_child_pages.each do |page|
+ - if can? :read, page
+ %li.child.page
+ = link_to_navable page.nav_node.nav_title, page
+ - page.sub_pages.each do |sub_page|
+ %li.child.page.sub_page
+ = link_to_navable sub_page.nav_node.nav_title, sub_page
diff --git a/app/views/shared/_upcoming_events.html.haml b/app/views/shared/_upcoming_events.html.haml
index eade77be1..be9133eb3 100644
--- a/app/views/shared/_upcoming_events.html.haml
+++ b/app/views/shared/_upcoming_events.html.haml
@@ -1,6 +1,7 @@
- # locals:
- events ||= []
- force_show ||= false
+- group ||= group
- #
- # helper methods:
- # EventsHelper#group_to_create_the_event_in
@@ -9,8 +10,8 @@
%h1.upcoming_events
=t :events
.ics_abo_buttons.tool
- - if @group
- %a#ics_abo{href: group_events_url(group_id: @group.id, format: 'ics', protocol: 'webcal', token: current_user.account.auth_token), title: "Kalender-Abo (ICS, iCal): Veranstaltungen von '#{@group.name}' im Kalender auf dem eigenen Rechner abonnieren.", data: {placement: 'top'}}
+ - if group
+ %a#ics_abo{href: group_events_url(group_id: group.id, format: 'ics', protocol: 'webcal', token: current_user.account.auth_token), title: "Kalender-Abo (ICS, iCal): Veranstaltungen von '#{group.name}' im Kalender auf dem eigenen Rechner abonnieren.", data: {placement: 'top'}}
= icon :calendar
- elsif current_user
%a.btn.btn-default#ics_abo{href: events_url(format: 'ics', protocol: 'webcal', token: current_user.account.auth_token), title: "Veranstaltungen, die mich betreffen, im Kalender auf dem eigenen Rechner abonnieren. Der Kalender wird dann automatisch auf dem Laufenden gehalten. (Empfohlen.)", data: {placement: 'top'}}
@@ -28,11 +29,11 @@
= surround "'", "'" do
= group_to_create_the_event_for.name
.show_all
- - if @group
- = link_to t(:show_all_events), group_events_path(group_id: @group.id, all: true)
+ - if group
+ = link_to t(:show_all_events), group_events_path(group_id: group.id, all: true)
- else
= link_to t(:show_all_events), events_path
- - if can?(:use, :semester_calendars) && can?(:index, SemesterCalendar) and not @group
+ - if can?(:use, :semester_calendars) && can?(:index, SemesterCalendar) and not group
.show_semester_calendars
= link_to t(:show_semester_calendars), semester_calendars_path
- if current_user.primarily_administrated_corporation && can?(:create, SemesterCalendar)
diff --git a/config/initializers/strong_parameters.rb b/config/initializers/strong_parameters.rb
new file mode 100644
index 000000000..331bac3e9
--- /dev/null
+++ b/config/initializers/strong_parameters.rb
@@ -0,0 +1,3 @@
+# http://railscasts.com/episodes/371-strong-parameters
+#
+ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
diff --git a/config/locales/breadcrumbs/de.yml b/config/locales/breadcrumbs/de.yml
new file mode 100644
index 000000000..57b240fac
--- /dev/null
+++ b/config/locales/breadcrumbs/de.yml
@@ -0,0 +1,2 @@
+de:
+ current_page: Aktuelle Seite
\ No newline at end of file
diff --git a/config/locales/breadcrumbs/en.yml b/config/locales/breadcrumbs/en.yml
new file mode 100644
index 000000000..2a51c98d7
--- /dev/null
+++ b/config/locales/breadcrumbs/en.yml
@@ -0,0 +1,2 @@
+en:
+ current_page: Current page
\ No newline at end of file
diff --git a/config/locales/group_member_data_summaries/en.yml b/config/locales/group_member_data_summaries/en.yml
new file mode 100644
index 000000000..393176f8b
--- /dev/null
+++ b/config/locales/group_member_data_summaries/en.yml
@@ -0,0 +1,3 @@
+en:
+ data_administration: Data administration
+ sort_members_by: Sort members by
\ No newline at end of file
diff --git a/config/locales/news/de.yml b/config/locales/news/de.yml
new file mode 100644
index 000000000..240df083e
--- /dev/null
+++ b/config/locales/news/de.yml
@@ -0,0 +1,2 @@
+de:
+ news: Neuigkeiten
\ No newline at end of file
diff --git a/config/locales/news/en.yml b/config/locales/news/en.yml
new file mode 100644
index 000000000..3fc5bc1ef
--- /dev/null
+++ b/config/locales/news/en.yml
@@ -0,0 +1,2 @@
+en:
+ news: News
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 47627c775..5104e533d 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -69,6 +69,7 @@
get 'groups/:id/address_labels/(:filter)/:pdf_type.:format', to: 'groups#show', as: 'group_address_labels'
#get 'groups/:parent_group_id/subgroups(.:format)', to: 'groups#index', as: 'subgroups'
resources :groups do
+ get :news, to: 'group_news#index'
get :subgroups, to: 'groups#index'
get :mine, on: :collection, to: 'groups#index_mine'
get 'events/public', to: 'events#index', published_on_local_website: true
@@ -76,6 +77,7 @@
resources :semester_calendars
get :semester_calendar, to: 'semester_calendars#show_current', as: 'current_semester_calendar'
resources :posts
+ get :pages, to: 'group_pages#index'
get :profile, to: 'profiles#show'
get :profile_fields, to: 'profile_fields#index'
get :members, to: 'group_members#index'
diff --git a/demo_app/my_platform/Gemfile b/demo_app/my_platform/Gemfile
index 273828990..4b5dd0776 100644
--- a/demo_app/my_platform/Gemfile
+++ b/demo_app/my_platform/Gemfile
@@ -41,9 +41,6 @@ source 'https://rubygems.org' do
# Use unicorn as the app server
gem 'unicorn'
- # RAILS-3-MIGRATION TEMPORARY GEMS
- gem 'protected_attributes', require: 'protected_attributes'
-
# Use Capistrano for deployment
# gem 'capistrano-rails', group: :development
@@ -103,6 +100,7 @@ source 'https://rubygems.org' do
# see: http://stackoverflow.com/questions/13807686
gem 'json'
gem 'colored'
+ gem 'rake', '< 11.0' # http://stackoverflow.com/a/35893625/2066546, Gem Load Error is: undefined method `last_comment', TODO: Remove after updating rspec.
end
source 'https://rails-assets.org'
diff --git a/demo_app/my_platform/Gemfile.lock b/demo_app/my_platform/Gemfile.lock
index 8e7536ca6..b6f5a6bfa 100644
--- a/demo_app/my_platform/Gemfile.lock
+++ b/demo_app/my_platform/Gemfile.lock
@@ -21,7 +21,7 @@ PATH
bootstrap-sass (= 3.3.3)
bootstrap_tokenfield_rails
bundler (>= 1.9.4)
- cancan
+ cancancan
carrierwave (~> 0.11)
chartkick
coffee-rails (>= 4.1.0)
@@ -52,7 +52,7 @@ PATH
mail_form
merit
mini_magick
- nokogiri (>= 1.6.8)
+ nokogiri (>= 1.7.1)
omniauth-facebook (~> 3.0.0)
omniauth-github
omniauth-google-oauth2
@@ -80,6 +80,7 @@ PATH
refile (~> 0.5.5)
responders (~> 2.0)
rest-client (>= 1.8)
+ rubyzip (>= 1.2.1)
sass-rails (>= 3.2)
sidekiq (>= 3.4.2)
sidekiq-limit_fetch
@@ -149,7 +150,7 @@ GEM
auto_html (1.6.4)
redcarpet (~> 3.1)
rinku (~> 1.5.0)
- autoprefixer-rails (6.7.2)
+ autoprefixer-rails (6.7.7.1)
execjs
autosize-rails (1.18.17)
rails (>= 3.1)
@@ -178,9 +179,10 @@ GEM
slim (>= 1.3.6, < 4.0)
terminal-table (~> 1.4)
browser (2.3.0)
- builder (3.2.2)
- cancan (1.6.10)
- capybara (2.5.0)
+ builder (3.2.3)
+ cancancan (1.16.0)
+ capybara (2.13.0)
+ addressable
mime-types (>= 1.16)
nokogiri (>= 1.3.3)
rack (>= 1.0.0)
@@ -192,8 +194,8 @@ GEM
json (>= 1.7)
mime-types (>= 1.16)
mimemagic (>= 0.3.0)
- chartkick (2.2.2)
- childprocess (0.5.8)
+ chartkick (2.2.3)
+ childprocess (0.6.2)
ffi (~> 1.0, >= 1.0.11)
cliver (0.3.2)
codeclimate-test-reporter (0.4.8)
@@ -207,7 +209,7 @@ GEM
execjs
coffee-script-source (1.10.0)
colored (1.2)
- concurrent-ruby (1.0.4)
+ concurrent-ruby (1.0.5)
connection_pool (2.2.1)
coveralls (0.8.10)
json (~> 1.8)
@@ -220,7 +222,7 @@ GEM
debug_inspector (0.0.2)
decent_exposure (3.0.2)
activesupport (>= 4.0)
- devise (4.2.0)
+ devise (4.2.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0, < 5.1)
@@ -250,7 +252,7 @@ GEM
launchy (~> 2.1)
mail (~> 2.2)
erubis (2.7.0)
- eventmachine (1.2.2)
+ eventmachine (1.2.3)
execjs (2.7.0)
factory_girl (4.5.0)
activesupport (>= 3.0.0)
@@ -259,16 +261,16 @@ GEM
railties (>= 3.0.0)
faker (1.7.3)
i18n (~> 0.5)
- faraday (0.10.1)
+ faraday (0.11.0)
multipart-post (>= 1.2, < 3)
fastercsv (1.5.5)
- ffi (1.9.10)
+ ffi (1.9.18)
font-awesome-rails (4.7.0.1)
railties (>= 3.2, < 5.1)
foreman (0.83.0)
thor (~> 0.19.1)
formatador (0.2.5)
- formtastic (3.1.4)
+ formtastic (3.1.5)
actionpack (>= 3.2.13)
fuubar (1.3.3)
rspec (>= 2.14.0, < 3.1.0)
@@ -303,13 +305,13 @@ GEM
tilt
has_secure_token (1.0.0)
activerecord (>= 3.0)
- hashie (3.5.1)
+ hashie (3.5.5)
highline (1.7.8)
hike (1.2.3)
http-cookie (1.0.2)
domain_name (~> 0.5)
- i18n (0.7.0)
- i18n-js (3.0.0.rc15)
+ i18n (0.8.1)
+ i18n-js (3.0.0.rc16)
i18n (~> 0.6, >= 0.6.6)
icalendar (2.4.1)
jbuilder (2.3.2)
@@ -320,14 +322,14 @@ GEM
actionpack (>= 3.1)
railties (>= 3.1)
sass (>= 3.2)
- jquery-rails (4.2.2)
+ jquery-rails (4.3.1)
rails-dom-testing (>= 1, < 3)
railties (>= 4.2.0)
thor (>= 0.14, < 2.0)
jquery-turbolinks (2.1.0)
railties (>= 3.1.0)
turbolinks
- json (1.8.3)
+ json (1.8.6)
judge (2.1.1)
rails (>= 3.1)
jwt (1.5.6)
@@ -353,34 +355,34 @@ GEM
method_source (0.8.2)
mime-types (2.99.3)
mimemagic (0.3.2)
- mini_magick (4.6.0)
+ mini_magick (4.6.1)
mini_portile2 (2.1.0)
- minitest (5.9.1)
+ minitest (5.10.1)
multi_json (1.12.1)
multi_xml (0.6.0)
multipart-post (2.0.0)
mysql2 (0.4.2)
nenv (0.2.0)
netrc (0.11.0)
- nokogiri (1.6.8.1)
+ nokogiri (1.7.1)
mini_portile2 (~> 2.1.0)
notiffany (0.0.8)
nenv (~> 0.1)
shellany (~> 0.0)
oauth (0.5.1)
- oauth2 (1.3.0)
- faraday (>= 0.8, < 0.11)
+ oauth2 (1.3.1)
+ faraday (>= 0.8, < 0.12)
jwt (~> 1.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
- omniauth (1.4.1)
- hashie (>= 1.2, < 4)
- rack (>= 1.0, < 3)
+ omniauth (1.6.1)
+ hashie (>= 3.4.6, < 3.6.0)
+ rack (>= 1.6.2, < 3)
omniauth-facebook (3.0.0)
omniauth-oauth2 (~> 1.2)
- omniauth-github (1.2.1)
- omniauth (~> 1.4.0)
+ omniauth-github (1.2.3)
+ omniauth (~> 1.5)
omniauth-oauth2 (>= 1.4.0, < 2.0)
omniauth-google-oauth2 (0.4.1)
jwt (~> 1.5.2)
@@ -397,12 +399,12 @@ GEM
omniauth-oauth (~> 1.1)
rack
orm_adapter (0.5.0)
- parallel (1.10.0)
- parallel_tests (2.13.0)
+ parallel (1.11.1)
+ parallel_tests (2.14.0)
parallel
passgen (1.0.2)
pdf-core (0.6.1)
- phony (2.15.40)
+ phony (2.15.42)
poltergeist (1.8.1)
capybara (~> 2.1)
cliver (~> 0.3.1)
@@ -411,8 +413,6 @@ GEM
prawn (2.0.2)
pdf-core (~> 0.6.0)
ttfunk (~> 1.4.0)
- protected_attributes (1.1.3)
- activemodel (>= 4.0.1, < 5.0)
pry (0.10.3)
coderay (~> 1.1.0)
method_source (~> 0.8.1)
@@ -422,7 +422,7 @@ GEM
activerecord (>= 3.0)
i18n (>= 0.5.0)
railties (>= 3.0.0)
- rack (1.6.4)
+ rack (1.6.5)
rack-mini-profiler (0.10.2)
rack (>= 1.2.0)
rack-protection (1.5.3)
@@ -451,7 +451,7 @@ GEM
rails-assets-jquery (>= 1.7.0)
rails-assets-font-awesome (4.7.0)
rails-assets-inline-attachment (2.0.3)
- rails-assets-jquery (3.1.1)
+ rails-assets-jquery (3.2.1)
rails-assets-jquery-ui (1.12.1)
rails-assets-jquery (>= 1.6)
rails-assets-jquery-ujs (1.2.2)
@@ -459,9 +459,9 @@ GEM
rails-assets-trentrichardson--jQuery-Timepicker-Addon (1.6.3)
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
- rails-dom-testing (1.0.7)
+ rails-dom-testing (1.0.8)
activesupport (>= 4.2.0.beta, < 5.0)
- nokogiri (~> 1.6.0)
+ nokogiri (~> 1.6)
rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.0.3)
loofah (~> 2.0)
@@ -476,7 +476,7 @@ GEM
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
raindrops (0.15.0)
- rake (11.3.0)
+ rake (10.5.0)
rb-fsevent (0.9.6)
rb-inotify (0.9.5)
ffi (>= 0.5.0)
@@ -490,7 +490,7 @@ GEM
redis-activesupport (5.0.1)
activesupport (>= 3, < 6)
redis-store (~> 1.2.0)
- redis-namespace (1.5.2)
+ redis-namespace (1.5.3)
redis (~> 3.0, >= 3.0.4)
redis-rack (1.6.0)
rack (~> 1.5)
@@ -540,14 +540,14 @@ GEM
rspec-mocks (~> 2.14.0)
rspec-rerun (0.3.1)
rspec
- ruby-ole (1.2.12)
+ ruby-ole (1.2.12.1)
ruby-progressbar (1.7.5)
ruby2ruby (2.2.0)
ruby_parser (~> 3.1)
sexp_processor (~> 4.0)
ruby_parser (3.7.2)
sexp_processor (~> 4.1)
- rubyzip (1.2.0)
+ rubyzip (1.2.1)
safe_yaml (1.0.4)
sass (3.2.19)
sass-rails (4.0.5)
@@ -558,13 +558,13 @@ GEM
sdoc (0.4.1)
json (~> 1.7, >= 1.7.7)
rdoc (~> 4.0)
- selenium-webdriver (2.53.4)
+ selenium-webdriver (3.2.2)
childprocess (~> 0.5)
rubyzip (~> 1.0)
websocket (~> 1.0)
sexp_processor (4.6.0)
shellany (0.0.1)
- sidekiq (4.2.9)
+ sidekiq (4.2.10)
concurrent-ruby (~> 1.0)
connection_pool (~> 2.2, >= 2.2.0)
rack-protection (>= 1.5.0)
@@ -610,8 +610,8 @@ GEM
therubyracer (0.12.2)
libv8 (~> 3.16.14.0)
ref
- thor (0.19.1)
- thread_safe (0.3.5)
+ thor (0.19.4)
+ thread_safe (0.3.6)
tilt (1.4.1)
timecop (0.8.0)
tins (1.6.0)
@@ -650,7 +650,7 @@ GEM
activemodel (>= 4.2)
debug_inspector
railties (>= 4.2)
- websocket (1.2.3)
+ websocket (1.2.4)
websocket-driver (0.6.3)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.2)
@@ -685,9 +685,9 @@ DEPENDENCIES
mysql2!
parallel_tests!
poltergeist!
- protected_attributes!
pry!
rails (~> 4.2.1)!
+ rake (< 11.0)!
redcarpet!
rspec-instafail!
rspec-rails (= 2.14.1)!
@@ -711,4 +711,4 @@ RUBY VERSION
ruby 2.3.1p112
BUNDLED WITH
- 1.13.7
+ 1.14.6
diff --git a/demo_app/my_platform/app/controllers/application_controller.rb b/demo_app/my_platform/app/controllers/application_controller.rb
index 48fd6acc8..2a0ab63ea 100644
--- a/demo_app/my_platform/app/controllers/application_controller.rb
+++ b/demo_app/my_platform/app/controllers/application_controller.rb
@@ -1,10 +1,9 @@
require_dependency YourPlatform::Engine.root.join('app/controllers/application_controller').to_s
class ApplicationController
- include ActiveModel::MassAssignmentSecurity
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
#protect_from_forgery with: :exception
-
+
end
diff --git a/demo_app/my_platform/config/application.rb b/demo_app/my_platform/config/application.rb
index ad6d83756..722d4b827 100644
--- a/demo_app/my_platform/config/application.rb
+++ b/demo_app/my_platform/config/application.rb
@@ -57,9 +57,6 @@ class Application < Rails::Application
# config.i18n.default_locale = :de
config.active_record.raise_in_transactional_callbacks = true
-
- config.active_record.whitelist_attributes = false
- #config.active_record.mass_assignment_sanitizer = :strict
end
end
diff --git a/demo_app/my_platform/config/environments/test.rb b/demo_app/my_platform/config/environments/test.rb
index 9e9801442..d45bcf4ad 100644
--- a/demo_app/my_platform/config/environments/test.rb
+++ b/demo_app/my_platform/config/environments/test.rb
@@ -40,4 +40,6 @@
# Raises error for missing translations
# config.action_view.raise_on_missing_translations = true
+
+ config.action_controller.action_on_unpermitted_parameters = :raise
end
diff --git a/lib/your_platform/engine.rb b/lib/your_platform/engine.rb
index 987b591e1..d1d406129 100644
--- a/lib/your_platform/engine.rb
+++ b/lib/your_platform/engine.rb
@@ -34,7 +34,7 @@
require 'omniauth-facebook'
# Authorization
-require 'cancan'
+require 'cancancan'
# Encryption
require 'has_secure_token'
diff --git a/spec/models/profile_section_spec.rb b/spec/models/profile_section_spec.rb
index b725ce92d..6e33398ba 100644
--- a/spec/models/profile_section_spec.rb
+++ b/spec/models/profile_section_spec.rb
@@ -10,7 +10,6 @@
before do
class MyStructureable < ActiveRecord::Base
- attr_accessible :name
is_structureable( ancestor_class_names: %w(MyStructureable),
descendant_class_names: %w(MyStructureable Group User Workflow Page) )
has_profile_fields sections: [ :general, :group ]
diff --git a/spec/models/profile_spec.rb b/spec/models/profile_spec.rb
index 101bb0e0e..83ee93ea0 100644
--- a/spec/models/profile_spec.rb
+++ b/spec/models/profile_spec.rb
@@ -7,10 +7,9 @@
end
describe Profile do
-
+
before do
class MyStructureable < ActiveRecord::Base
- attr_accessible :name
is_structureable( ancestor_class_names: %w(MyStructureable),
descendant_class_names: %w(MyStructureable Group User Workflow Page) )
has_profile_fields sections: [ :general, :group ]
@@ -18,19 +17,19 @@ class MyStructureable < ActiveRecord::Base
@profileable = MyStructureable.create(name: "My Profileable")
@address_field = @profileable.profile_fields.create( label: "Home Address", value: "Berliner Platz 1, Erlangen", type: "ProfileFields::Address" )
-
+
@profile = Profile.new(@profileable)
end
-
+
subject { @profile }
-
+
describe "#profileable" do
subject { @profile.profileable }
it "should return the Profileable the Profile is associated with" do
subject.should == @profileable
end
end
-
+
describe "#profile_fields" do
subject { @profile.profile_fields }
it "should return the profile fields of the profileable object" do
@@ -38,14 +37,14 @@ class MyStructureable < ActiveRecord::Base
subject.should include @address_field
end
end
-
+
describe "#fields" do
subject { @profile.fields }
it "should be the same as #profile_fields" do
subject.should == @profile.profile_fields
end
end
-
+
describe "#sections" do
subject { @profile.sections }
it "should be an array of ProfileSection objects" do
@@ -53,7 +52,7 @@ class MyStructureable < ActiveRecord::Base
subject.first.should be_kind_of ProfileSection
end
end
-
+
describe "#section_by_title" do
subject { @profile.section_by_title(:general) }
it "should return the ProfileSection where the title matches the given title" do
@@ -61,7 +60,7 @@ class MyStructureable < ActiveRecord::Base
subject.title.should.to_s == "general"
end
end
-
+
describe "#sections_by_title" do
subject { @profile.sections_by_title([:group, :general]) }
it "should return an array of ProfileSections where the titles matche the given titles" do
diff --git a/spec/models/profileable_spec.rb b/spec/models/profileable_spec.rb
index 45ce1f021..02bef248c 100644
--- a/spec/models/profileable_spec.rb
+++ b/spec/models/profileable_spec.rb
@@ -10,12 +10,11 @@
before do
class MyStructureable < ActiveRecord::Base
- attr_accessible :name
is_structureable( ancestor_class_names: %w(MyStructureable),
descendant_class_names: %w(MyStructureable Group User Workflow Page) )
end
end
-
+
describe ".is_profileable" do
before do
class MyStructureable
@@ -52,7 +51,7 @@ class MyStructureable
end
@profileable = MyStructureable.create
end
-
+
describe "#email=" do
subject { @profileable.email = "foo@example.com" }
it "should create an email profile field" do
@@ -72,13 +71,13 @@ class MyStructureable
subject.should == "bar@example.com"
end
end
-
+
describe "#profile" do
subject { @profileable.profile }
it { should be_kind_of Profile }
its(:profileable) { should == @profileable }
end
-
+
describe "#profile_section_titles" do
subject { @profileable.profile_section_titles }
it "should be an array of titles" do
@@ -86,10 +85,10 @@ class MyStructureable
subject.first.should be_kind_of Symbol
end
it "should include the proper sections for default" do
- subject.should include :contact_information, :about_myself, :study_information, :career_information, :organizations, :bank_account_information, :description
+ subject.should include :contact_information, :about_myself, :study_information, :career_information, :organizations, :bank_account_information, :description
end
end
-
+
describe "#profile_sections" do
subject { @profileable.profile_sections }
it "should be an array of ProfileSection objects" do
@@ -97,10 +96,10 @@ class MyStructureable
subject.first.should be_kind_of ProfileSection
end
it "should include the proper sections for default" do
- subject.collect { |section| section.title }.should include :contact_information, :about_myself, :study_information, :career_information, :organizations, :bank_account_information, :description
+ subject.collect { |section| section.title }.should include :contact_information, :about_myself, :study_information, :career_information, :organizations, :bank_account_information, :description
end
end
-
+
describe "#profile_fields_by_type" do
before do
@address_field = @profileable.profile_fields.create(type: "ProfileFields::Address", value: "Berliner Platz 1, Erlangen")
@@ -113,7 +112,7 @@ class MyStructureable
end
end
end
-
+
describe "#profile_fields" do
before do
@profileable.profile_fields.create(type: "ProfileFields::Address", value: "Berliner Platz 1, Erlangen")
@@ -131,7 +130,7 @@ class MyStructureable
end
end
end
-
+
describe "creating profile fields for a User: " do
before do
@profileable = create(:user)
diff --git a/spec/models/structureable_mixins/has_special_groups_spec.rb b/spec/models/structureable_mixins/has_special_groups_spec.rb
index 1ba5f3f3a..50e36bc2b 100644
--- a/spec/models/structureable_mixins/has_special_groups_spec.rb
+++ b/spec/models/structureable_mixins/has_special_groups_spec.rb
@@ -10,7 +10,6 @@
before do
class MyStructureable < ActiveRecord::Base
- attr_accessible :name
is_structureable( ancestor_class_names: %w(MyStructureable),
descendant_class_names: %w(MyStructureable Group User) )
end
@@ -216,7 +215,6 @@ def title
before do
class MyStructureable < ActiveRecord::Base
- attr_accessible :name
is_structureable( ancestor_class_names: %w(MyStructureable),
descendant_class_names: %w(MyStructureable Group User) )
@@ -433,7 +431,6 @@ def vip_testers
before do
class MyStructureable < ActiveRecord::Base
- attr_accessible :name
is_structureable( ancestor_class_names: %w(MyStructureable),
descendant_class_names: %w(MyStructureable Group User) )
diff --git a/spec/models/structureable_mixins/roles_spec.rb b/spec/models/structureable_mixins/roles_spec.rb
index 380957b72..16675026c 100644
--- a/spec/models/structureable_mixins/roles_spec.rb
+++ b/spec/models/structureable_mixins/roles_spec.rb
@@ -10,7 +10,6 @@
before do
class MyStructureable < ActiveRecord::Base
- attr_accessible :name
is_structureable( ancestor_class_names: %w(MyStructureable Group),
descendant_class_names: %w(MyStructureable Group User) )
end
diff --git a/spec/models/term_reports/for_corporation_spec.rb b/spec/models/term_reports/for_corporation_spec.rb
index 57ac0e3ca..043d157fe 100644
--- a/spec/models/term_reports/for_corporation_spec.rb
+++ b/spec/models/term_reports/for_corporation_spec.rb
@@ -6,7 +6,7 @@
@corporation = create :corporation_with_status_groups
@semester_calendar = @corporation.semester_calendars.create year: 2016, term: :winter_term
- @event = @corporation.events.create title: "Winter party", start_at: "2016-12-01".to_datetime
+ @event = @corporation.events.create name: "Winter party", start_at: "2016-12-01".to_datetime
@new_member = create :user
@corporation.status_groups.first.assign_user @new_member, at: "2016-12-01".to_date
diff --git a/your_platform.gemspec b/your_platform.gemspec
index 2a819d3da..62982dc3e 100644
--- a/your_platform.gemspec
+++ b/your_platform.gemspec
@@ -82,7 +82,7 @@ Gem::Specification.new do |s|
s.add_dependency 'omniauth-facebook', '~> 3.0.0'
# Authorization
- s.add_dependency 'cancan' # MIT License
+ s.add_dependency 'cancancan'
# To use ActiveModel has_secure_password (password encryption)
s.add_dependency 'bcrypt', '>= 3.0.1' # MIT License
@@ -179,9 +179,10 @@ Gem::Specification.new do |s|
# https://github.com/lautis/uglifier/pull/86
s.add_dependency 'uglifier', '>= 2.7.2'
s.add_dependency 'mail', '>= 2.6.0' # https://gemnasium.com/fiedl/your_platform/alerts#advisory_309
- s.add_dependency 'nokogiri', '>= 1.6.8' # CVE-2015-8806, https://gemnasium.com/github.com/fiedl/your_platform/alerts#advisory_392
+ s.add_dependency 'nokogiri', '>= 1.7.1' # CVE-2016-4658, CVE-2016-5131, https://hakiri.io/github/fiedl/wingolfsplattform/master/6541cea428e4b4e6d94ef8070ed9b5da8eedb770/warnings/0991529a69e93e
s.add_dependency 'actionpack', '>= 4.2.5.2' # CVE-2016-2098, https://gemnasium.com/fiedl/your_platform/alerts#advisory_342
s.add_dependency 'activerecord', '>= 4.2.7.1' # CVE-2016-6317, https://gemnasium.com/github.com/fiedl/your_platform/alerts#advisory_426
+ s.add_dependency 'rubyzip', '>= 1.2.1' # CVE-2017-5946, https://gemnasium.com/github.com/fiedl/wingolfsplattform/alerts#advisory_658
#
# Development Dependencies