From 9e7c5a6cae8141dc30c96005de1383266328dbc0 Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Sun, 5 Mar 2017 15:53:12 +0100 Subject: [PATCH 01/18] updating rubyzip to fix CVE-2017-5946 (2017-Wuine5ko) https://trello.com/c/dQuBhvpk/3-cve-2017-5946-rubyzip --- Gemfile.lock | 89 ++++++++++++++++--------------- demo_app/my_platform/Gemfile.lock | 81 ++++++++++++++-------------- your_platform.gemspec | 1 + 3 files changed, 87 insertions(+), 84 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 29cb98529..a1b51bb72 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -80,6 +80,7 @@ PATH refile (~> 0.5.5) responders (~> 2.0) rest-client (>= 1.8) + rubyzip (>= 1.2.1) sass-rails (>= 3.2) sidekiq (>= 3.4.2) sidekiq-limit_fetch @@ -142,7 +143,7 @@ GEM activerecord (~> 4.0, >= 4.0.0) acts-as-taggable-on (4.0.0) activerecord (>= 4.0) - acts_as_tree (2.6.0) + acts_as_tree (2.6.1) activerecord (>= 3.0.0) addressable (2.4.0) ambry (1.0.0) @@ -150,7 +151,7 @@ GEM auto_html (1.6.4) redcarpet (~> 3.1) rinku (~> 1.5.0) - autoprefixer-rails (6.6.0) + autoprefixer-rails (6.7.6) execjs autosize-rails (1.18.17) rails (>= 3.1) @@ -194,8 +195,8 @@ GEM json (>= 1.7) mime-types (>= 1.16) mimemagic (>= 0.3.0) - chartkick (2.2.1) - childprocess (0.5.9) + chartkick (2.2.3) + childprocess (0.6.2) ffi (~> 1.0, >= 1.0.11) cliver (0.3.2) codeclimate-test-reporter (0.4.8) @@ -209,7 +210,7 @@ GEM execjs coffee-script-source (1.10.0) colored (1.2) - concurrent-ruby (1.0.4) + concurrent-ruby (1.0.5) connection_pool (2.2.1) coveralls (0.8.10) json (~> 1.8) @@ -236,52 +237,52 @@ GEM jquery-rails jquery-turbolinks rails (>= 3.2) - elasticsearch (5.0.0) - elasticsearch-api (= 5.0.0) - elasticsearch-transport (= 5.0.0) - elasticsearch-api (5.0.0) + elasticsearch (5.0.3) + elasticsearch-api (= 5.0.3) + elasticsearch-transport (= 5.0.3) + elasticsearch-api (5.0.3) multi_json elasticsearch-model (0.1.9) activesupport (> 3) elasticsearch (> 0.4) hashie - elasticsearch-transport (5.0.0) + elasticsearch-transport (5.0.3) faraday multi_json email_spec (1.6.0) launchy (~> 2.1) mail (~> 2.2) erubis (2.7.0) - eventmachine (1.2.1) + eventmachine (1.2.3) execjs (2.7.0) factory_girl (4.5.0) activesupport (>= 3.0.0) factory_girl_rails (4.5.0) factory_girl (~> 4.5.0) railties (>= 3.0.0) - faker (1.7.1) + faker (1.7.3) i18n (~> 0.5) - faraday (0.10.0) + faraday (0.11.0) multipart-post (>= 1.2, < 3) fastercsv (1.5.5) - ffi (1.9.14) + ffi (1.9.18) font-awesome-rails (4.7.0.1) railties (>= 3.2, < 5.1) - foreman (0.82.0) + foreman (0.83.0) thor (~> 0.19.1) formatador (0.2.5) - formtastic (3.1.4) + formtastic (3.1.5) actionpack (>= 3.2.13) fuubar (1.3.3) rspec (>= 2.14.0, < 3.1.0) ruby-progressbar (~> 1.4) gemoji (3.0.0) - geocoder (1.4.1) - geoip (1.6.2) + geocoder (1.4.3) + geoip (1.6.3) globalid (0.3.7) activesupport (>= 4.1.0) gravatar_image_tag (1.2.0) - groupdate (3.1.1) + groupdate (3.2.0) activesupport (>= 3) guard (2.13.0) formatador (>= 0.2.4) @@ -305,7 +306,7 @@ GEM tilt has_secure_token (1.0.0) activerecord (>= 3.0) - hashie (3.4.6) + hashie (3.5.5) highline (1.7.8) hike (1.2.3) http-cookie (1.0.2) @@ -322,7 +323,7 @@ GEM actionpack (>= 3.1) railties (>= 3.1) sass (>= 3.2) - jquery-rails (4.2.1) + jquery-rails (4.2.2) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) @@ -355,7 +356,7 @@ GEM method_source (0.8.2) mime-types (2.99.3) mimemagic (0.3.2) - mini_magick (4.6.0) + mini_magick (4.6.1) mini_portile2 (2.1.0) minitest (5.9.1) multi_json (1.12.1) @@ -370,20 +371,20 @@ GEM nenv (~> 0.1) shellany (~> 0.0) oauth (0.5.1) - oauth2 (1.3.0) - faraday (>= 0.8, < 0.11) + oauth2 (1.3.1) + faraday (>= 0.8, < 0.12) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.3.1) - hashie (>= 1.2, < 4) - rack (>= 1.0, < 3) + omniauth (1.6.1) + hashie (>= 3.4.6, < 3.6.0) + rack (>= 1.6.2, < 3) omniauth-facebook (3.0.0) omniauth-oauth2 (~> 1.2) - omniauth-github (1.1.2) - omniauth (~> 1.0) - omniauth-oauth2 (~> 1.1) + omniauth-github (1.2.3) + omniauth (~> 1.5) + omniauth-oauth2 (>= 1.4.0, < 2.0) omniauth-google-oauth2 (0.4.1) jwt (~> 1.5.2) multi_json (~> 1.3) @@ -395,13 +396,13 @@ GEM omniauth-oauth2 (1.4.0) oauth2 (~> 1.0) omniauth (~> 1.2) - omniauth-twitter (1.2.1) - json (~> 1.3) + omniauth-twitter (1.4.0) omniauth-oauth (~> 1.1) + rack orm_adapter (0.5.0) passgen (1.0.2) pdf-core (0.6.1) - phony (2.15.38) + phony (2.15.41) poltergeist (1.11.0) capybara (~> 2.1) cliver (~> 0.3.1) @@ -421,7 +422,7 @@ GEM i18n (>= 0.5.0) railties (>= 3.0.0) rack (1.6.5) - rack-mini-profiler (0.10.1) + rack-mini-profiler (0.10.2) rack (>= 1.2.0) rack-protection (1.5.3) rack @@ -480,7 +481,7 @@ GEM ffi (>= 0.5.0) rdoc (4.2.0) redcarpet (3.3.4) - redis (3.3.2) + redis (3.3.3) redis-actionpack (5.0.1) actionpack (>= 4.0, < 6) redis-rack (>= 1, < 3) @@ -488,7 +489,7 @@ GEM redis-activesupport (5.0.1) activesupport (>= 3, < 6) redis-store (~> 1.2.0) - redis-namespace (1.5.2) + redis-namespace (1.5.3) redis (~> 3.0, >= 3.0.4) redis-rack (1.6.0) rack (~> 1.5) @@ -543,7 +544,7 @@ GEM sexp_processor (~> 4.0) ruby_parser (3.7.2) sexp_processor (~> 4.1) - rubyzip (1.2.0) + rubyzip (1.2.1) safe_yaml (1.0.4) sass (3.2.19) sass-rails (4.0.5) @@ -554,20 +555,20 @@ GEM sdoc (0.4.1) json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) - selenium-webdriver (3.0.1) + selenium-webdriver (3.2.2) childprocess (~> 0.5) rubyzip (~> 1.0) websocket (~> 1.0) sexp_processor (4.6.0) shellany (0.0.1) - sidekiq (4.2.7) + sidekiq (4.2.9) concurrent-ruby (~> 1.0) connection_pool (~> 2.2, >= 2.2.0) rack-protection (>= 1.5.0) redis (~> 3.2, >= 3.2.1) sidekiq-limit_fetch (3.4.0) sidekiq (>= 4) - simple_form (3.3.1) + simple_form (3.4.0) actionpack (> 4, < 5.1) activemodel (> 4, < 5.1) simplecov (0.11.1) @@ -575,7 +576,7 @@ GEM json (~> 1.8) simplecov-html (~> 0.10.0) simplecov-html (0.10.0) - sinatra (1.4.7) + sinatra (1.4.8) rack (~> 1.5) rack-protection (~> 1.4) tilt (>= 1.3, < 3) @@ -603,7 +604,7 @@ GEM sprockets (>= 2.8, < 4.0) sugar-rails (1.4.1) railties (>= 3.0.0) - table-formatter (0.4.0) + table-formatter (0.4.1) temple (0.7.6) term-ansicolor (1.3.2) tins (~> 1.0) @@ -645,13 +646,13 @@ GEM raindrops (~> 0.7) vcardigan (0.0.9) wannabe_bool (0.6.0) - warden (1.2.6) + warden (1.2.7) rack (>= 1.0) web-console (3.1.1) activemodel (>= 4.2) debug_inspector railties (>= 4.2) - websocket (1.2.3) + websocket (1.2.4) websocket-driver (0.6.4) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.2) diff --git a/demo_app/my_platform/Gemfile.lock b/demo_app/my_platform/Gemfile.lock index 459bef5d4..89ed88401 100644 --- a/demo_app/my_platform/Gemfile.lock +++ b/demo_app/my_platform/Gemfile.lock @@ -80,6 +80,7 @@ PATH refile (~> 0.5.5) responders (~> 2.0) rest-client (>= 1.8) + rubyzip (>= 1.2.1) sass-rails (>= 3.2) sidekiq (>= 3.4.2) sidekiq-limit_fetch @@ -142,7 +143,7 @@ GEM activerecord (~> 4.0, >= 4.0.0) acts-as-taggable-on (4.0.0) activerecord (>= 4.0) - acts_as_tree (2.6.0) + acts_as_tree (2.6.1) activerecord (>= 3.0.0) addressable (2.4.0) ambry (1.0.0) @@ -150,7 +151,7 @@ GEM auto_html (1.6.4) redcarpet (~> 3.1) rinku (~> 1.5.0) - autoprefixer-rails (6.6.1) + autoprefixer-rails (6.7.6) execjs autosize-rails (1.18.17) rails (>= 3.1) @@ -193,8 +194,8 @@ GEM json (>= 1.7) mime-types (>= 1.16) mimemagic (>= 0.3.0) - chartkick (2.2.2) - childprocess (0.5.8) + chartkick (2.2.3) + childprocess (0.6.2) ffi (~> 1.0, >= 1.0.11) cliver (0.3.2) codeclimate-test-reporter (0.4.8) @@ -208,7 +209,7 @@ GEM execjs coffee-script-source (1.10.0) colored (1.2) - concurrent-ruby (1.0.4) + concurrent-ruby (1.0.5) connection_pool (2.2.1) coveralls (0.8.10) json (~> 1.8) @@ -235,52 +236,52 @@ GEM jquery-rails jquery-turbolinks rails (>= 3.2) - elasticsearch (5.0.0) - elasticsearch-api (= 5.0.0) - elasticsearch-transport (= 5.0.0) - elasticsearch-api (5.0.0) + elasticsearch (5.0.3) + elasticsearch-api (= 5.0.3) + elasticsearch-transport (= 5.0.3) + elasticsearch-api (5.0.3) multi_json elasticsearch-model (0.1.9) activesupport (> 3) elasticsearch (> 0.4) hashie - elasticsearch-transport (5.0.0) + elasticsearch-transport (5.0.3) faraday multi_json email_spec (1.6.0) launchy (~> 2.1) mail (~> 2.2) erubis (2.7.0) - eventmachine (1.2.1) + eventmachine (1.2.3) execjs (2.7.0) factory_girl (4.5.0) activesupport (>= 3.0.0) factory_girl_rails (4.5.0) factory_girl (~> 4.5.0) railties (>= 3.0.0) - faker (1.7.2) + faker (1.7.3) i18n (~> 0.5) - faraday (0.10.1) + faraday (0.11.0) multipart-post (>= 1.2, < 3) fastercsv (1.5.5) - ffi (1.9.10) + ffi (1.9.18) font-awesome-rails (4.7.0.1) railties (>= 3.2, < 5.1) - foreman (0.82.0) + foreman (0.83.0) thor (~> 0.19.1) formatador (0.2.5) - formtastic (3.1.4) + formtastic (3.1.5) actionpack (>= 3.2.13) fuubar (1.3.3) rspec (>= 2.14.0, < 3.1.0) ruby-progressbar (~> 1.4) gemoji (3.0.0) - geocoder (1.4.1) + geocoder (1.4.3) geoip (1.6.3) globalid (0.3.7) activesupport (>= 4.1.0) gravatar_image_tag (1.2.0) - groupdate (3.1.1) + groupdate (3.2.0) activesupport (>= 3) guard (2.13.0) formatador (>= 0.2.4) @@ -304,7 +305,7 @@ GEM tilt has_secure_token (1.0.0) activerecord (>= 3.0) - hashie (3.4.6) + hashie (3.5.5) highline (1.7.8) hike (1.2.3) http-cookie (1.0.2) @@ -354,7 +355,7 @@ GEM method_source (0.8.2) mime-types (2.99.3) mimemagic (0.3.2) - mini_magick (4.6.0) + mini_magick (4.6.1) mini_portile2 (2.1.0) minitest (5.9.1) multi_json (1.12.1) @@ -369,20 +370,20 @@ GEM nenv (~> 0.1) shellany (~> 0.0) oauth (0.5.1) - oauth2 (1.3.0) - faraday (>= 0.8, < 0.11) + oauth2 (1.3.1) + faraday (>= 0.8, < 0.12) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.3.1) - hashie (>= 1.2, < 4) - rack (>= 1.0, < 3) + omniauth (1.6.1) + hashie (>= 3.4.6, < 3.6.0) + rack (>= 1.6.2, < 3) omniauth-facebook (3.0.0) omniauth-oauth2 (~> 1.2) - omniauth-github (1.1.2) - omniauth (~> 1.0) - omniauth-oauth2 (~> 1.1) + omniauth-github (1.2.3) + omniauth (~> 1.5) + omniauth-oauth2 (>= 1.4.0, < 2.0) omniauth-google-oauth2 (0.4.1) jwt (~> 1.5.2) multi_json (~> 1.3) @@ -394,13 +395,13 @@ GEM omniauth-oauth2 (1.4.0) oauth2 (~> 1.0) omniauth (~> 1.2) - omniauth-twitter (1.2.1) - json (~> 1.3) + omniauth-twitter (1.4.0) omniauth-oauth (~> 1.1) + rack orm_adapter (0.5.0) passgen (1.0.2) pdf-core (0.6.1) - phony (2.15.38) + phony (2.15.41) poltergeist (1.8.1) capybara (~> 2.1) cliver (~> 0.3.1) @@ -421,7 +422,7 @@ GEM i18n (>= 0.5.0) railties (>= 3.0.0) rack (1.6.4) - rack-mini-profiler (0.10.1) + rack-mini-profiler (0.10.2) rack (>= 1.2.0) rack-protection (1.5.3) rack @@ -480,7 +481,7 @@ GEM ffi (>= 0.5.0) rdoc (4.2.0) redcarpet (3.3.4) - redis (3.3.2) + redis (3.3.3) redis-actionpack (5.0.1) actionpack (>= 4.0, < 6) redis-rack (>= 1, < 3) @@ -488,7 +489,7 @@ GEM redis-activesupport (5.0.1) activesupport (>= 3, < 6) redis-store (~> 1.2.0) - redis-namespace (1.5.2) + redis-namespace (1.5.3) redis (~> 3.0, >= 3.0.4) redis-rack (1.6.0) rack (~> 1.5) @@ -543,7 +544,7 @@ GEM sexp_processor (~> 4.0) ruby_parser (3.7.2) sexp_processor (~> 4.1) - rubyzip (1.2.0) + rubyzip (1.2.1) safe_yaml (1.0.4) sass (3.2.19) sass-rails (4.0.5) @@ -554,13 +555,13 @@ GEM sdoc (0.4.1) json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) - selenium-webdriver (2.53.4) + selenium-webdriver (3.2.2) childprocess (~> 0.5) rubyzip (~> 1.0) websocket (~> 1.0) sexp_processor (4.6.0) shellany (0.0.1) - sidekiq (4.2.7) + sidekiq (4.2.9) concurrent-ruby (~> 1.0) connection_pool (~> 2.2, >= 2.2.0) rack-protection (>= 1.5.0) @@ -575,7 +576,7 @@ GEM json (~> 1.8) simplecov-html (~> 0.10.0) simplecov-html (0.10.0) - sinatra (1.4.7) + sinatra (1.4.8) rack (~> 1.5) rack-protection (~> 1.4) tilt (>= 1.3, < 3) @@ -645,13 +646,13 @@ GEM raindrops (~> 0.7) vcardigan (0.0.9) wannabe_bool (0.6.0) - warden (1.2.6) + warden (1.2.7) rack (>= 1.0) web-console (3.1.1) activemodel (>= 4.2) debug_inspector railties (>= 4.2) - websocket (1.2.3) + websocket (1.2.4) websocket-driver (0.6.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.2) diff --git a/your_platform.gemspec b/your_platform.gemspec index 18fb3bbd1..df8ece100 100644 --- a/your_platform.gemspec +++ b/your_platform.gemspec @@ -184,6 +184,7 @@ Gem::Specification.new do |s| s.add_dependency 'nokogiri', '>= 1.6.8' # CVE-2015-8806, https://gemnasium.com/github.com/fiedl/your_platform/alerts#advisory_392 s.add_dependency 'actionpack', '>= 4.2.5.2' # CVE-2016-2098, https://gemnasium.com/fiedl/your_platform/alerts#advisory_342 s.add_dependency 'activerecord', '>= 4.2.7.1' # CVE-2016-6317, https://gemnasium.com/github.com/fiedl/your_platform/alerts#advisory_426 + s.add_dependency 'rubyzip', '>= 1.2.1' # CVE-2017-5946, https://gemnasium.com/github.com/fiedl/wingolfsplattform/alerts#advisory_658 # Development Dependencies # -------------------------------------------------------------------------------- From eb37a93a466868a2f9aa566553a2f2ff12a69f3e Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Mon, 13 Mar 2017 14:55:42 +0100 Subject: [PATCH 02/18] layouts: allow personal layout setting in the intranet --- app/controllers/concerns/current_layout.rb | 2 +- app/controllers/concerns/current_navable.rb | 4 ++++ app/models/navable.rb | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app/controllers/concerns/current_layout.rb b/app/controllers/concerns/current_layout.rb index 965150dfd..b417011a5 100644 --- a/app/controllers/concerns/current_layout.rb +++ b/app/controllers/concerns/current_layout.rb @@ -13,7 +13,7 @@ end def current_layout - #layout = (permitted_layouts & [layout_setting]).first + layout = (permitted_layouts & [layout_setting]).first if current_navable.try(:in_intranet?) layout ||= mobile_layout_if_mobile_app layout ||= (permitted_layouts & [params[:layout]]).first layout ||= current_navable.layout if current_navable.respond_to? :layout diff --git a/app/controllers/concerns/current_navable.rb b/app/controllers/concerns/current_navable.rb index b576f7c66..648a72679 100644 --- a/app/controllers/concerns/current_navable.rb +++ b/app/controllers/concerns/current_navable.rb @@ -47,6 +47,10 @@ def set_current_navable(navable) # See: app/controllers/concerns/confirm_admins_only_access.rb # confirm_admins_only_access_if_needed + + # Load layout overrides needed for this navable. + # + prepend_layout_view_path end end \ No newline at end of file diff --git a/app/models/navable.rb b/app/models/navable.rb index a687c8283..047e267ca 100644 --- a/app/models/navable.rb +++ b/app/models/navable.rb @@ -39,5 +39,9 @@ def nav nav_node end + def in_intranet? + ancestor_navables.include? Page.intranet_root + end + end end From 87d63ba08b5a50d15ac68936b4f27ec886fc33ed Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Tue, 14 Mar 2017 11:33:46 +0100 Subject: [PATCH 03/18] experimenting with resource-centred layout approach --- .../your_platform/resource_nav.js.coffee | 5 + .../bootstrap_layout/footer.css.sass | 54 ++++++--- .../horizontal_structure_nav.css.sass | 6 + .../bootstrap_layout/resource_nav.css.sass | 10 ++ .../bootstrap_layout/side_bar.css.sass | 3 + .../your_platform/breadcrumbs.css.sass | 5 +- .../your_platform/group_pages.css.sass | 4 + .../horizontal_structure_nav.css.sass | 6 + app/controllers/concerns/current_layout.rb | 11 +- app/controllers/concerns/current_tab.rb | 16 ++- app/controllers/group_members_controller.rb | 2 +- app/controllers/group_news_controller.rb | 13 +++ app/controllers/group_pages_controller.rb | 13 +++ app/controllers/pages_controller.rb | 1 + .../semester_calendars_controller.rb | 3 + app/helpers/body_helper.rb | 3 +- app/helpers/resource_nav_helper.rb | 7 ++ app/models/concerns/group_posts.rb | 14 +++ app/models/concerns/page_caching.rb | 1 + app/models/group.rb | 3 +- app/models/page.rb | 15 +++ app/views/group_news/index.html.haml | 22 ++++ app/views/group_pages/index.html.haml | 6 + .../groups/_address_labels_modal.html.haml | 8 +- app/views/groups/_export_button.html.haml | 64 +++++----- app/views/groups/_tabs.html.haml | 58 ++++----- app/views/layouts/_content_area.html.haml | 3 + app/views/layouts/_horizontal_nav.html.haml | 19 +-- .../_horizontal_structure_nav.html.haml | 5 + .../_multi_column_content_area.html.haml | 24 ++-- app/views/layouts/_resource_nav.html.haml | 13 +++ app/views/layouts/resource_2017.html.haml | 110 ++++++++++++++++++ app/views/pages/_tabs.html.haml | 1 + app/views/pages/show.html.haml | 6 +- .../_horizontal_child_groups_nav.html.haml | 8 ++ .../_horizontal_child_pages_nav.html.haml | 9 ++ app/views/shared/_upcoming_events.html.haml | 11 +- config/locales/breadcrumbs/de.yml | 2 + config/locales/breadcrumbs/en.yml | 2 + .../group_member_data_summaries/en.yml | 3 + config/locales/news/de.yml | 2 + config/locales/news/en.yml | 2 + config/routes.rb | 2 + 43 files changed, 456 insertions(+), 119 deletions(-) create mode 100644 app/assets/javascripts/your_platform/resource_nav.js.coffee create mode 100644 app/assets/stylesheets/bootstrap_layout/horizontal_structure_nav.css.sass create mode 100644 app/assets/stylesheets/bootstrap_layout/resource_nav.css.sass create mode 100644 app/assets/stylesheets/bootstrap_layout/side_bar.css.sass create mode 100644 app/assets/stylesheets/your_platform/group_pages.css.sass create mode 100644 app/assets/stylesheets/your_platform/horizontal_structure_nav.css.sass create mode 100644 app/controllers/group_news_controller.rb create mode 100644 app/controllers/group_pages_controller.rb create mode 100644 app/helpers/resource_nav_helper.rb create mode 100644 app/models/concerns/group_posts.rb create mode 100644 app/views/group_news/index.html.haml create mode 100644 app/views/group_pages/index.html.haml create mode 100644 app/views/layouts/_content_area.html.haml create mode 100644 app/views/layouts/_horizontal_structure_nav.html.haml create mode 100644 app/views/layouts/_resource_nav.html.haml create mode 100644 app/views/layouts/resource_2017.html.haml create mode 100644 app/views/pages/_tabs.html.haml create mode 100644 app/views/shared/_horizontal_child_groups_nav.html.haml create mode 100644 app/views/shared/_horizontal_child_pages_nav.html.haml create mode 100644 config/locales/breadcrumbs/de.yml create mode 100644 config/locales/breadcrumbs/en.yml create mode 100644 config/locales/group_member_data_summaries/en.yml create mode 100644 config/locales/news/de.yml create mode 100644 config/locales/news/en.yml diff --git a/app/assets/javascripts/your_platform/resource_nav.js.coffee b/app/assets/javascripts/your_platform/resource_nav.js.coffee new file mode 100644 index 000000000..2c7b724fa --- /dev/null +++ b/app/assets/javascripts/your_platform/resource_nav.js.coffee @@ -0,0 +1,5 @@ +$(document).ready -> + current_tab = $('body').data('tab') + + $('#resource_nav li').removeClass 'active' + $("#resource_nav li.#{current_tab}").addClass 'active' \ No newline at end of file diff --git a/app/assets/stylesheets/bootstrap_layout/footer.css.sass b/app/assets/stylesheets/bootstrap_layout/footer.css.sass index 9e75d8843..f6ab7843f 100644 --- a/app/assets/stylesheets/bootstrap_layout/footer.css.sass +++ b/app/assets/stylesheets/bootstrap_layout/footer.css.sass @@ -1,25 +1,49 @@ +// Footer css from: https://codepen.io/cbracco/pen/zekgx + +html + height: 100% + box-sizing: border-box + +*, *:before, *:after + box-sizing: inherit + +body + padding-bottom: 200px + min-height: 100% + position: relative + .bottom_page_footer #footer - //position: absolute - //bottom: 0 - //width: 100% - - .footer text-align: center + position: absolute + bottom: 0 + right: 0 + left: 0 + background: #1a1e26 padding: 30px 0 - margin-top: 70px border-top: 1px solid #e5e5e5 - background-color: whiteSmoke - - .footer-links - margin: 1px 0 - display: block - li - display: inline - padding: 0 2px + color: #cecfcf + font-size: 80% + + a + color: #cecfcf + + ul + list-style: none + + li + display: inline + padding: 5px + + #version_footer + margin-bottom: 20px + color: #484b54 + a + color: #484b54 .side_footer li.muted - display: none \ No newline at end of file + display: none + diff --git a/app/assets/stylesheets/bootstrap_layout/horizontal_structure_nav.css.sass b/app/assets/stylesheets/bootstrap_layout/horizontal_structure_nav.css.sass new file mode 100644 index 000000000..a2b13b2a0 --- /dev/null +++ b/app/assets/stylesheets/bootstrap_layout/horizontal_structure_nav.css.sass @@ -0,0 +1,6 @@ +.horizontal_structure_nav + margin-top: -5px + margin-bottom: 5px + > ul > li > a + background: darken(#f6f8fa, 10%) + margin-bottom: 5px \ No newline at end of file diff --git a/app/assets/stylesheets/bootstrap_layout/resource_nav.css.sass b/app/assets/stylesheets/bootstrap_layout/resource_nav.css.sass new file mode 100644 index 000000000..96c06acd0 --- /dev/null +++ b/app/assets/stylesheets/bootstrap_layout/resource_nav.css.sass @@ -0,0 +1,10 @@ +@import '_colors' + +#resource_nav + ul li a + background-color: darken($headerbar-color, 10%) + ul li a:hover + background-color: lighten($headerbar-color, 10%) + ul li.active a + background-color: lighten($headerbar-color, 10%) + color: $headerbar-contrast-color \ No newline at end of file diff --git a/app/assets/stylesheets/bootstrap_layout/side_bar.css.sass b/app/assets/stylesheets/bootstrap_layout/side_bar.css.sass new file mode 100644 index 000000000..1fe90b607 --- /dev/null +++ b/app/assets/stylesheets/bootstrap_layout/side_bar.css.sass @@ -0,0 +1,3 @@ +.side_bar + h1, h2, h3, h4, h5, h6 + font-size: 14pt \ No newline at end of file diff --git a/app/assets/stylesheets/your_platform/breadcrumbs.css.sass b/app/assets/stylesheets/your_platform/breadcrumbs.css.sass index 3d3f36afa..db2010e88 100644 --- a/app/assets/stylesheets/your_platform/breadcrumbs.css.sass +++ b/app/assets/stylesheets/your_platform/breadcrumbs.css.sass @@ -16,4 +16,7 @@ ul.breadcrumbs > li.slim font-weight: normal > li:last-child a - color: black \ No newline at end of file + color: black + +.breadcrumbs_current_page + display: inline-block \ No newline at end of file diff --git a/app/assets/stylesheets/your_platform/group_pages.css.sass b/app/assets/stylesheets/your_platform/group_pages.css.sass new file mode 100644 index 000000000..c2f232835 --- /dev/null +++ b/app/assets/stylesheets/your_platform/group_pages.css.sass @@ -0,0 +1,4 @@ +body.group_pages + #content + h4 + text-align: center \ No newline at end of file diff --git a/app/assets/stylesheets/your_platform/horizontal_structure_nav.css.sass b/app/assets/stylesheets/your_platform/horizontal_structure_nav.css.sass new file mode 100644 index 000000000..2ebfee044 --- /dev/null +++ b/app/assets/stylesheets/your_platform/horizontal_structure_nav.css.sass @@ -0,0 +1,6 @@ +#horizontal_structure_nav, .horizontal_structure_nav + text-align: center + width: 100% + > ul > li + float: none + display: inline-block \ No newline at end of file diff --git a/app/controllers/concerns/current_layout.rb b/app/controllers/concerns/current_layout.rb index b417011a5..4582dd4b8 100644 --- a/app/controllers/concerns/current_layout.rb +++ b/app/controllers/concerns/current_layout.rb @@ -6,6 +6,7 @@ before_action :prepend_layout_view_path helper_method :current_layout + helper_method :resource_centred_layout? helper_method :current_logo_url helper_method :current_logo @@ -32,7 +33,7 @@ def save_layout_setting_as_cookie end def permitted_layouts - ([default_layout] + %w(bootstrap minimal compact modern iweb mobile)).uniq + ([default_layout] + %w(bootstrap minimal compact modern iweb mobile resource_2017)).uniq end def default_layout @@ -51,6 +52,14 @@ def default_logo 'logo.png' end + def resource_centred_layouts + %w(resource_2017) + end + + def resource_centred_layout? + current_layout.in? resource_centred_layouts + end + # The mobile app appends the parameter `?layout=mobile` once. # After that, the layout has to stay mobile. We use a cookie # to store that. As the mobile app has its own cookie store, diff --git a/app/controllers/concerns/current_tab.rb b/app/controllers/concerns/current_tab.rb index b07583791..6efb973a9 100644 --- a/app/controllers/concerns/current_tab.rb +++ b/app/controllers/concerns/current_tab.rb @@ -1,16 +1,21 @@ concern :CurrentTab do included do - helper_method :current_tab, :current_tab_path + helper_method :current_tab, :current_tab_path, :tab_path end # This method returns the correct path for the given object # considering the current tab the user has used last. # def current_tab_path(object) + tab_path object, current_tab(object) + end + + def tab_path(object, tab) if object.kind_of?(Group) - case current_tab(object) + case tab.to_s when "subgroups"; group_path(object) + when "news"; group_news_path(object) when "posts" if can? :index_posts, object group_posts_path(object) @@ -21,6 +26,7 @@ def current_tab_path(object) when "events"; group_events_path(object) when "members"; group_members_path(object) when "officers"; group_officers_path(object) + when "pages"; group_pages_path(object) when "settings" if can? :change_group_settings, object group_settings_path(object) @@ -40,9 +46,13 @@ def current_tab(object = nil) if object.kind_of?(Groups::GroupOfGroups) "subgroups" else - cookies[:group_tab] + cookies[:current_tab] || cookies[:group_tab] end end end + def set_current_tab(tab) + cookies[:current_tab] = tab + end + end \ No newline at end of file diff --git a/app/controllers/group_members_controller.rb b/app/controllers/group_members_controller.rb index 4fe84c6a9..585d34d12 100644 --- a/app/controllers/group_members_controller.rb +++ b/app/controllers/group_members_controller.rb @@ -21,7 +21,7 @@ def index set_current_access :signed_in set_current_access_text :all_signed_in_users_can_read_this_member_list - cookies[:group_tab] = "members" + set_current_tab :members end end \ No newline at end of file diff --git a/app/controllers/group_news_controller.rb b/app/controllers/group_news_controller.rb new file mode 100644 index 000000000..79d307987 --- /dev/null +++ b/app/controllers/group_news_controller.rb @@ -0,0 +1,13 @@ +class GroupNewsController < ApplicationController + + expose :group + + def index + authorize! :read_news, group + + set_current_navable group + set_current_title "News - #{group.name}" + set_current_tab :news + end + +end \ No newline at end of file diff --git a/app/controllers/group_pages_controller.rb b/app/controllers/group_pages_controller.rb new file mode 100644 index 000000000..11bc5c230 --- /dev/null +++ b/app/controllers/group_pages_controller.rb @@ -0,0 +1,13 @@ +class GroupPagesController < ApplicationController + + expose :group + + def index + authorize! :read_pages, group + + set_current_navable group + set_current_title group.title + set_current_tab :pages + end + +end \ No newline at end of file diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index f030f3344..ecea839d7 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -33,6 +33,7 @@ def show set_current_title @page.title set_current_navable @page set_current_activity :looks_up_information, @page + set_current_tab :pages if @page.group set_current_access :group diff --git a/app/controllers/semester_calendars_controller.rb b/app/controllers/semester_calendars_controller.rb index 7eacd4cdb..f5846ea56 100644 --- a/app/controllers/semester_calendars_controller.rb +++ b/app/controllers/semester_calendars_controller.rb @@ -23,6 +23,7 @@ def show set_current_navable @group set_current_title "#{@group.title}: #{t(:semester_calendar)}" + set_current_tab :events set_current_activity :is_looking_at_semester_calendar, @semester_calendar set_current_access :signed_in set_current_access_text :all_signed_in_users_can_read_this_content @@ -95,6 +96,7 @@ def index set_current_navable @group set_current_title "#{I18n.t(:semester_calendars)} #{@group.title}" + set_current_tab :events else authorize! :index, SemesterCalendar @@ -116,6 +118,7 @@ def index set_current_breadcrumbs [ {title: current_title} ] + set_current_tab :events set_current_activity :is_looking_at_semester_calendars set_current_access :signed_in set_current_access_text :all_signed_in_users_can_read_this_content diff --git a/app/helpers/body_helper.rb b/app/helpers/body_helper.rb index 921e5b538..eaa3f388b 100644 --- a/app/helpers/body_helper.rb +++ b/app/helpers/body_helper.rb @@ -14,7 +14,8 @@ def body_tag(options = {}) locale: I18n.locale, env: Rails.env.to_s, layout: current_layout, - navable: @navable.try(:to_global_id).try(:to_s) + navable: @navable.try(:to_global_id).try(:to_s), + tab: current_tab } do yield end diff --git a/app/helpers/resource_nav_helper.rb b/app/helpers/resource_nav_helper.rb new file mode 100644 index 000000000..8024d9b0d --- /dev/null +++ b/app/helpers/resource_nav_helper.rb @@ -0,0 +1,7 @@ +module ResourceNavHelper + + def show_resource_nav? + resource_centred_layout? && current_navable.try(:in_intranet?) + end + +end \ No newline at end of file diff --git a/app/models/concerns/group_posts.rb b/app/models/concerns/group_posts.rb new file mode 100644 index 000000000..c6e8167a1 --- /dev/null +++ b/app/models/concerns/group_posts.rb @@ -0,0 +1,14 @@ +concern :GroupPosts do + + included do + has_many :posts + end + + def descendant_post_ids + descendant_groups.map(&:post_ids).flatten + end + def descendant_posts + Post.where(id: descendant_post_ids) + end + +end \ No newline at end of file diff --git a/app/models/concerns/page_caching.rb b/app/models/concerns/page_caching.rb index e0175d496..bc2409502 100644 --- a/app/models/concerns/page_caching.rb +++ b/app/models/concerns/page_caching.rb @@ -7,6 +7,7 @@ after_save { self.delay.renew_cache } cache :group_id + cache :sub_page_ids end include StructureableRoleCaching diff --git a/app/models/group.rb b/app/models/group.rb index 7608b27f7..29742f65d 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -25,8 +25,6 @@ class Group < ApplicationRecord is_navable has_profile_fields - has_many :posts - default_scope { includes(:flags) } scope :regular, -> { not_flagged([:contact_people, :attendees, :officers_parent, :group_of_groups, :everyone, :corporations_parent]) } @@ -41,6 +39,7 @@ class Group < ApplicationRecord include GroupMixins::Developers include GroupMixins::Officers include GroupMixins::Import + include GroupPosts include GroupProfile include GroupMailingLists include GroupDummyUsers diff --git a/app/models/page.rb b/app/models/page.rb index 8c5cde15b..1409e20dc 100644 --- a/app/models/page.rb +++ b/app/models/page.rb @@ -23,6 +23,10 @@ class Page < ActiveRecord::Base :ancestor_events, :author, :parent_pages, :parent_users, :parent_groups, :parent_events) } + scope :regular, -> { + where(type: nil) + } + def not_empty? attachments.any? || (content && content.length > 5) || children.any? end @@ -107,6 +111,17 @@ def group_id next_parent.try(:id) end + # A sub_page is a descendant_page of the page + # that is of the same group, i.e. not a page of + # one of the sub groups. + # + def sub_page_ids + (child_page_ids + child_pages.map(&:child_page_ids)).flatten + end + def sub_pages + Page.regular.where(id: sub_page_ids) + end + # Url # ---------------------------------------------------------------------------------------------------- diff --git a/app/views/group_news/index.html.haml b/app/views/group_news/index.html.haml new file mode 100644 index 000000000..4f65f0a92 --- /dev/null +++ b/app/views/group_news/index.html.haml @@ -0,0 +1,22 @@ +- content_for :side_bar do + + %h1= t :contact_people + %div + %ul + %li Senior + %li Fuxmajor + %li Kneipwart + %li Philister-x + + = render partial: 'shared/upcoming_events', locals: {events: group.events_with_subgroups.upcoming.limit(3), group: group} + + %h1 Inhalte und Blog-Posts + %div + %ul + - group.descendant_pages.order('updated_at desc').limit(5).each do |page| + %li= link_to page.title, page + + %h1 Dokumente + %div + += render (([group] + group.descendant_groups) & current_user.groups).collect { |g| g.posts.order('created_at desc').limit(10) }.flatten.sort_by { |post| -post.created_at.to_i } diff --git a/app/views/group_pages/index.html.haml b/app/views/group_pages/index.html.haml new file mode 100644 index 000000000..5ce656db6 --- /dev/null +++ b/app/views/group_pages/index.html.haml @@ -0,0 +1,6 @@ += render partial: 'pages/tabs' + +- group.descendant_groups.each do |subgroup| + - if subgroup.members.include?(current_user) && subgroup.child_pages.any? + %h4= subgroup.title + = render partial: 'shared/horizontal_child_pages_nav', object: subgroup, as: :navable \ No newline at end of file diff --git a/app/views/groups/_address_labels_modal.html.haml b/app/views/groups/_address_labels_modal.html.haml index bf66eb2e9..831b5e606 100644 --- a/app/views/groups/_address_labels_modal.html.haml +++ b/app/views/groups/_address_labels_modal.html.haml @@ -1,12 +1,12 @@ %div.export_modal.modal.fade .modal-dialog .modal-content - = form_tag(group_path(@group, :format => :pdf), {:method => :get, id: 'address_label_export_form'}) do - + = form_tag(group_path(group, :format => :pdf), {:method => :get, id: 'address_label_export_form'}) do + %div.modal-header %a.close{data: {dismiss: 'modal'}, 'aria-label' => 'Close'} %span{'aria-hidden' => true} × - %h4= "#{I18n.t(:address_labels)}: #{@group.name}" + %h4= "#{I18n.t(:address_labels)}: #{group.name}" %div.modal-body %table %tr @@ -22,6 +22,6 @@ %td - sender_text = session[:address_labels_pdf_sender] || "#{current_user.name}, #{current_user.postal_address_in_one_line}" %input.address_label_sender_field{name: 'sender', value: sender_text} - + %div.modal-footer = submit_tag(I18n.t(:create_address_labels_pdf), class: 'btn btn-primary confirm_address_labels_pdf_export') \ No newline at end of file diff --git a/app/views/groups/_export_button.html.haml b/app/views/groups/_export_button.html.haml index 8b2a62b66..bb63d01d4 100644 --- a/app/views/groups/_export_button.html.haml +++ b/app/views/groups/_export_button.html.haml @@ -1,4 +1,4 @@ -- if can? :export_member_list, @group +- if can? :export_member_list, group %div.btn-group.group_export.pull-right %a.btn.btn-default.dropdown-toggle(data-toggle="dropdown" href="#") = icon 'list-alt' @@ -17,12 +17,12 @@ %li.nav-header=t :pdf_files - trigger_class = (params[:trigger_export] == 'pdf') ? 'auto_trigger' : '' %li.export_address_labels{data: {modal_body: render(partial: 'groups/address_labels_modal')}} - = link_to group_address_labels_path(@group, :format => :pdf, pdf_type: 'zweckform'), :class => "address_labels_export_button #{trigger_class}" do + = link_to group_address_labels_path(group, :format => :pdf, pdf_type: 'zweckform'), :class => "address_labels_export_button #{trigger_class}" do = icon :th =t :address_labels (Zweckform 3475) %li.export_address_labels{data: {modal_body: render(partial: 'groups/address_labels_modal')}} - = link_to group_address_labels_path(@group, :format => :pdf, pdf_type: 'zweckform', filter: 'without_email'), :class => "address_labels_export_button #{trigger_class}" do + = link_to group_address_labels_path(group, :format => :pdf, pdf_type: 'zweckform', filter: 'without_email'), :class => "address_labels_export_button #{trigger_class}" do = icon :th Etiketten (Zweckform 3475) für Mitglieder ohne E-Mail-Adresse - if current_locale.to_s == 'de' @@ -31,7 +31,7 @@ = fa_icon :amazon Passende Zweckform-3475-Etiketten 70x36 online bestellen %li.export_address_labels{data: {modal_body: render(partial: 'groups/address_labels_modal')}} - = link_to group_address_labels_path(@group, :format => :pdf, pdf_type: 'dpag'), :class => "address_labels_export_button" do + = link_to group_address_labels_path(group, :format => :pdf, pdf_type: 'dpag'), :class => "address_labels_export_button" do = icon :th =t :address_labels (DPAG 70x37) @@ -42,68 +42,68 @@ Passende Zweckform-3474-Etiketten 70x37 online bestellen %li.nav-header= "#{I18n.t(:excel_tables)} (XLS)" %li - = link_to group_path(@group, :format => :xls) do + = link_to group_path(group, :format => :xls) do = excel_icon = t :name_list %li - = link_to group_path(@group, :format => :xls, :list => :birthday_list) do + = link_to group_path(group, :format => :xls, :list => :birthday_list) do = excel_icon = t :birthday_list %li - = link_to group_path(@group, :format => :xls, :list => :special_birthdays) do + = link_to group_path(group, :format => :xls, :list => :special_birthdays) do = excel_icon = t :special_birthdays %li - = link_to group_path(@group, :format => :xls, :list => :address_list) do + = link_to group_path(group, :format => :xls, :list => :address_list) do = excel_icon = t :address_list %li - = link_to group_path(@group, :format => :xls, :list => :phone_list) do + = link_to group_path(group, :format => :xls, :list => :phone_list) do = excel_icon = t :phone_list %li - = link_to group_path(@group, :format => :xls, :list => :member_development) do + = link_to group_path(group, :format => :xls, :list => :member_development) do = excel_icon = t :member_development - - if can? :export_stammdaten_for, @group + - if can? :export_stammdaten_for, group %li - = link_to group_path(@group, :format => :xls, :list => :stammdaten) do + = link_to group_path(group, :format => :xls, :list => :stammdaten) do = excel_icon = t :stammdaten - if can? :export, :wingolfsblaetter_export_format %li - = link_to group_path(@group, :format => :xls, :list => :wingolfsblaetter) do + = link_to group_path(group, :format => :xls, :list => :wingolfsblaetter) do = excel_icon = t :wingolfsblaetter %li.nav-header= "#{I18n.t(:tables)} (CSV, UTF-8)" %li - = link_to group_path(@group, :format => :csv) do + = link_to group_path(group, :format => :csv) do = csv_icon = t :name_list %li - = link_to group_path(@group, :format => :csv, :list => :birthday_list) do + = link_to group_path(group, :format => :csv, :list => :birthday_list) do = csv_icon = t :birthday_list %li - = link_to group_path(@group, :format => :csv, :list => :special_birthdays) do + = link_to group_path(group, :format => :csv, :list => :special_birthdays) do = csv_icon = t :special_birthdays %li - = link_to group_path(@group, :format => :csv, :list => :address_list) do + = link_to group_path(group, :format => :csv, :list => :address_list) do = csv_icon = t :address_list %li - = link_to group_path(@group, :format => :csv, :list => :dpag_internetmarken) do + = link_to group_path(group, :format => :csv, :list => :dpag_internetmarken) do = csv_icon = t :address_list_for_dpag_internetmarke %small (ISO 8859-1) %li.indent - = link_to group_path(@group, :format => :csv, :list => :dpag_internetmarken_in_germany) do + = link_to group_path(group, :format => :csv, :list => :dpag_internetmarken_in_germany) do = csv_icon nur Inland (DE) %li.indent - = link_to group_path(@group, :format => :csv, :list => :dpag_internetmarken_not_in_germany) do + = link_to group_path(group, :format => :csv, :list => :dpag_internetmarken_not_in_germany) do = csv_icon nur Ausland %li.indent @@ -111,39 +111,39 @@ = awesome_icon 'question-circle' Hilfe zur DPAG-Internetmarke %li - = link_to group_path(@group, :format => :csv, :list => :phone_list) do + = link_to group_path(group, :format => :csv, :list => :phone_list) do = csv_icon = t :phone_list %li - = link_to group_path(@group, :format => :csv, :list => :email_list) do + = link_to group_path(group, :format => :csv, :list => :email_list) do = csv_icon = t :email_list - - @group.mailing_lists.each do |mailing_list| + - group.mailing_lists.each do |mailing_list| %li.indent = link_to "mailto:#{mailing_list.value}" do = icon :envelope = "#{t(:mailing_list)}: #{mailing_list.value}" - - if can? :create_post_for, @group + - if can? :create_post_for, group %li.indent - = link_to group_posts_path(@group) do + = link_to group_posts_path(group) do = icon :envelope - = t :write_new_post_to_str, str: @group.name - - if can? :manage, @group + = t :write_new_post_to_str, str: group.name + - if can? :manage, group %li.indent - = link_to group_mailing_lists_path(@group) do + = link_to group_mailing_lists_path(group) do = icon :envelope = t :install_mailing_list %li - = link_to group_path(@group, :format => :csv, :list => :member_development) do + = link_to group_path(group, :format => :csv, :list => :member_development) do = csv_icon = t :member_development - - if can? :export_stammdaten_for, @group + - if can? :export_stammdaten_for, group %li - = link_to group_path(@group, :format => :csv, :list => :stammdaten) do + = link_to group_path(group, :format => :csv, :list => :stammdaten) do = csv_icon = t :stammdaten - if can? :export, :wingolfsblaetter_export_format %li - = link_to group_path(@group, :format => :csv, :list => :wingolfsblaetter) do + = link_to group_path(group, :format => :csv, :list => :wingolfsblaetter) do = csv_icon = t :wingolfsblaetter diff --git a/app/views/groups/_tabs.html.haml b/app/views/groups/_tabs.html.haml index 8ac41da6a..e4e3a08da 100644 --- a/app/views/groups/_tabs.html.haml +++ b/app/views/groups/_tabs.html.haml @@ -2,32 +2,34 @@ - active ||= 'posts' - @group = group if defined?(group) and not @group -%ul.nav.nav-tabs.group.group_tabs - - if @group.group_of_groups? - %li{class: active == 'subgroups' ? 'active' : ''} - %a{href: group_subgroups_path(@group)}= @group.name - - unless @group.group_of_groups? - - # One can see the posts tab under one of these conditions: - - # - The user can read all posts of this group. - - # - The user can see this particular post (due to an invitation) and, therefore, the posts controller is currently used. - - if can?(:index_posts, @group) or params[:controller] == 'posts' - %li{class: active == 'posts' ? 'active' : ''} - %a{href: group_posts_path(@group)} Nachrichten - %li{class: active == 'profile' ? 'active' : ''} - %a{href: group_profile_path(@group)} Kontakt & Profil - %li{class: active == 'events' ? 'active' : ''} - - if @group.use_semester_calendars? && can?(:use, :semester_calendars) - - if params[:action] == 'show' - %a{href: group_semester_calendars_path(@group)}= t :semester_calendar +- unless show_resource_nav? + + %ul.nav.nav-tabs.group.group_tabs + - if @group.group_of_groups? + %li{class: active == 'subgroups' ? 'active' : ''} + %a{href: group_subgroups_path(@group)}= @group.name + - unless @group.group_of_groups? + - # One can see the posts tab under one of these conditions: + - # - The user can read all posts of this group. + - # - The user can see this particular post (due to an invitation) and, therefore, the posts controller is currently used. + - if can?(:index_posts, @group) or params[:controller] == 'posts' + %li{class: active == 'posts' ? 'active' : ''} + %a{href: group_posts_path(@group)} Nachrichten + %li{class: active == 'profile' ? 'active' : ''} + %a{href: group_profile_path(@group)} Kontakt & Profil + %li{class: active == 'events' ? 'active' : ''} + - if @group.use_semester_calendars? && can?(:use, :semester_calendars) + - if params[:action] == 'show' + %a{href: group_semester_calendars_path(@group)}= t :semester_calendar + - else + %a{href: group_current_semester_calendar_path(@group)}= t :semester_calendar - else - %a{href: group_current_semester_calendar_path(@group)}= t :semester_calendar - - else - %a{href: group_events_path(@group)}= t :events - - unless @group.group_of_groups? - %li{class: active == 'members' ? 'active' : ''} - %a{href: group_members_path(@group)} Mitglieder - %li{class: active == 'officers' ? 'active' : ''} - %a{href: group_officers_path(@group)} Amtsträger - - if can? :update, @group - %li{class: active == 'settings' ? 'active' : ''} - %a{href: group_settings_path(@group)}=t :settings + %a{href: group_events_path(@group)}= t :events + - unless @group.group_of_groups? + %li{class: active == 'members' ? 'active' : ''} + %a{href: group_members_path(@group)} Mitglieder + %li{class: active == 'officers' ? 'active' : ''} + %a{href: group_officers_path(@group)} Amtsträger + - if can? :update, @group + %li{class: active == 'settings' ? 'active' : ''} + %a{href: group_settings_path(@group)}=t :settings diff --git a/app/views/layouts/_content_area.html.haml b/app/views/layouts/_content_area.html.haml new file mode 100644 index 000000000..f51f24cef --- /dev/null +++ b/app/views/layouts/_content_area.html.haml @@ -0,0 +1,3 @@ +#content_area + = render partial: 'shared/flashes' + = convert_to_content_box { yield } \ No newline at end of file diff --git a/app/views/layouts/_horizontal_nav.html.haml b/app/views/layouts/_horizontal_nav.html.haml index a9a8cb65e..a295eb2d1 100644 --- a/app/views/layouts/_horizontal_nav.html.haml +++ b/app/views/layouts/_horizontal_nav.html.haml @@ -1,9 +1,12 @@ #horizontal_nav - %ul.horizontal_nav.nav.navbar-nav.nav-pills - - horizontal_nav.link_objects.each do |object| - - if object.kind_of? Hash - %li - = link_to object[:title], (object[:path] || object.except(:title)) - - else - %li{class: horizontal_nav_li_css_class(object), data: {short: ((object.internal_token || object.token) if object.respond_to?(:token))}} - = link_to_navable (object.nav_title), object \ No newline at end of file + - if show_resource_nav? + = render partial: 'layouts/resource_nav' + - else + %ul.horizontal_nav.nav.navbar-nav.nav-pills + - horizontal_nav.link_objects.each do |object| + - if object.kind_of? Hash + %li + = link_to object[:title], (object[:path] || object.except(:title)) + - else + %li{class: horizontal_nav_li_css_class(object), data: {short: ((object.internal_token || object.token) if object.respond_to?(:token))}} + = link_to_navable (object.nav_title), object \ No newline at end of file diff --git a/app/views/layouts/_horizontal_structure_nav.html.haml b/app/views/layouts/_horizontal_structure_nav.html.haml new file mode 100644 index 000000000..2836e8a87 --- /dev/null +++ b/app/views/layouts/_horizontal_structure_nav.html.haml @@ -0,0 +1,5 @@ +#horizontal_structure_nav + - if current_tab.to_s.in? %w(members) + = render partial: 'shared/horizontal_child_groups_nav', object: current_navable, as: :navable + - elsif current_tab.to_s.in? %w(pages) + = render partial: 'shared/horizontal_child_pages_nav', object: current_navable, as: :navable \ No newline at end of file diff --git a/app/views/layouts/_multi_column_content_area.html.haml b/app/views/layouts/_multi_column_content_area.html.haml index 3033b7b36..d46a33fbb 100644 --- a/app/views/layouts/_multi_column_content_area.html.haml +++ b/app/views/layouts/_multi_column_content_area.html.haml @@ -1,22 +1,14 @@ - if show_vertical_nav? and content_for?(:side_bar) .col-sm-3#vertical_nav_area.hidden-print= render partial: 'layouts/vertical_nav' - .col-sm-6#content_area - = render partial: 'shared/flashes' - = convert_to_content_box { yield } - .col-sm-3 - = yield :side_bar + .col-sm-6= render partial: 'layouts/content_area' + .col-sm-3.side_bar + = convert_to_content_box { yield :side_bar } - elsif show_vertical_nav? and not content_for?(:side_bar) .col-sm-3#vertical_nav_area.hidden-print= render partial: 'layouts/vertical_nav' - .col-sm-9#content_area - = render partial: 'shared/flashes' - = convert_to_content_box { yield } + .col-sm-9= render partial: 'layouts/content_area' - elsif not show_vertical_nav? and content_for(:side_bar) - .col-sm-9#content_area - = render partial: 'shared/flashes' - = convert_to_content_box { yield } - .col-sm-3 - = yield :side_bar + .col-sm-9= render partial: 'layouts/content_area' + .col-sm-3.side_bar + = convert_to_content_box { yield :side_bar } - else - #content_area - = render partial: 'shared/flashes' - = convert_to_content_box { yield } + = render partial: 'layouts/content_area' diff --git a/app/views/layouts/_resource_nav.html.haml b/app/views/layouts/_resource_nav.html.haml new file mode 100644 index 000000000..308035c98 --- /dev/null +++ b/app/views/layouts/_resource_nav.html.haml @@ -0,0 +1,13 @@ +#resource_nav + %ul.horizontal_nav.resource_nav.nav.navbar-nav.nav-pills + %li.news + = link_to t(:news), tab_path(current_navable, :news) + %li.contact + = link_to t(:contact_people), tab_path(current_navable, :contact) + %li.events + = link_to t(:events), tab_path(current_navable, :events) + %li.pages + = link_to t(:documents), tab_path(current_navable, :pages) + %li.members + = link_to t(:members), tab_path(current_navable, :members) + diff --git a/app/views/layouts/resource_2017.html.haml b/app/views/layouts/resource_2017.html.haml new file mode 100644 index 000000000..b43666daa --- /dev/null +++ b/app/views/layouts/resource_2017.html.haml @@ -0,0 +1,110 @@ +!!! + +- @hide_vertical_nav = true + +%html{:lang => 'en'} + %head + %meta{:charset => 'utf-8'}/ + %meta{:content => 'IE=Edge,chrome=1', 'http-equiv' => 'X-UA-Compatible'}/ + %meta{:content => 'width=device-width, initial-scale=1.0', :name => 'viewport'}/ + %title= website_title_with_app_name + = csrf_meta_tags + / Le HTML5 shim, for IE6-8 support of HTML elements + /[if lt IE 9] + + + + = stylesheet_link_tag 'bootstrap_setup', :media => 'all' + = stylesheet_link_tag 'bootstrap_layout', :media => 'all' + = stylesheet_link_tag 'application', :media => 'all' + + / For third-generation iPad with high-resolution Retina display: + / Size should be 144 x 144 pixels + = favicon_link_tag 'apple-touch-icon-144x144-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png', :sizes => '144x144' + / For iPhone with high-resolution Retina display: + / Size should be 114 x 114 pixels + = favicon_link_tag 'apple-touch-icon-114x114-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png', :sizes => '114x114' + / For first- and second-generation iPad: + / Size should be 72 x 72 pixels + = favicon_link_tag 'apple-touch-icon-72x72-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png', :sizes => '72x72' + / For non-Retina iPhone, iPod Touch, and Android 2.1+ devices: + / Size should be 57 x 57 pixels + = favicon_link_tag 'apple-touch-icon-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png' + / For all other devices + / Size should be 32 x 32 pixels + = favicon_link_tag 'favicon.ico', :rel => 'shortcut icon' + + %link{rel: 'search', href: opensearch_path, title: "#{app_name} Search", type: 'application/opensearchdescription+xml'} + + = javascript_include_tag 'application' + = javascript_include_tag "//cdn.jsdelivr.net/afterglow/latest/afterglow.min.js" + = gmaps4rails_api_script_tags + = yield :scripts + = yield :head + + = body_tag do + - if user_account_signed_in? + %nav#logged-in-bar.navbar.navbar-default.navbar-fixed-top + .container-fluid + .navbar-header + %button.navbar-toggle.collapsed{data: {toggle: 'collapse', target: '#logged-in-bar-collapse'}} + %span.sr-only Toggle Navigation + %span.icon-bar + %span.icon-bar + %span.icon-bar + %a.navbar-brand{:href => '#'}= app_name + + .collapse.navbar-collapse#logged-in-bar-collapse + %ul.nav.navbar-nav + - if not show_role_preview_menu? + %li + = link_to t(:my_profile), current_user, :class => 'my_profile' + %li.dropdown.my_groups + %a.dropdown-toggle{href: my_groups_path, data: {toggle: 'dropdown'}} + = t :my_groups + %b.caret= '' + %ul.dropdown-menu + = render partial: 'users/groups', object: current_user, as: :user + + - # role indicator and preview menu + = render partial: 'layouts/role_preview_switcher' + + %ul.nav.navbar-nav.navbar-right + %li.last.dropdown + %a.dropdown-toggle.current_user_dropdown{'data-toggle' => 'dropdown', :href => '#'} + = render 'layouts/session_bar_avatar' + %b.caret + = render partial: 'layouts/current_user_dropdown' + + .row#header-bar + .col-sm-7.col-xs-12 + %span#logo + = link_to image_tag(logo_url), root_path, class: 'navbar-brand' + + .col-sm-5.col-xs-12 + #header_help= render partial: 'support_requests/help_button' + #header_search + %span#search_box= render partial: 'shared/search_box' + + .row#horizontal-nav-bar.hidden-xs + -#.col-md-6.col-sm-5.col-xs-12.hidden-xs + %span#category_indicator.right + = render partial: 'layouts/horizontal_nav' + + .row#breadcrumb-bar + %nav#breadcrumb.navbar + .container-fluid + .breadcrumbs_current_page= "#{t(:current_page)}:" + = render partial: 'layouts/breadcrumbs' + + %span#access_indicator + = access_indicator if current_user + + .container-fluid + .row + = render partial: 'layouts/horizontal_structure_nav' + .row + #content + = render partial: 'layouts/multi_column_content_area' + + .bottom_page_footer.hidden-print= render partial: 'layouts/footer' unless @hide_footer diff --git a/app/views/pages/_tabs.html.haml b/app/views/pages/_tabs.html.haml new file mode 100644 index 000000000..998c9438e --- /dev/null +++ b/app/views/pages/_tabs.html.haml @@ -0,0 +1 @@ +- # Nothing here, yet. \ No newline at end of file diff --git a/app/views/pages/show.html.haml b/app/views/pages/show.html.haml index b3dca130a..459622129 100644 --- a/app/views/pages/show.html.haml +++ b/app/views/pages/show.html.haml @@ -1,3 +1,5 @@ += render partial: 'pages/tabs' + %div.col-md-12 = render @page @@ -15,12 +17,12 @@ - # The user might suspect to create a sibling, but really would create a nested blog post. - # Note: `@page.type` could be 'Page' for the PagesController. But `Page.find(@page.id)` finds the type in the database. - # - - if (Page.find(@page.id).type != 'BlogPost') + - if (Page.find(@page.id).type != 'BlogPost') %div.blog_tools.box = link_to blog_posts_path(parent_id: @page.id), :class => "btn btn-success add_blog_post", :method => :post, :remote => :true do = icon :plus = I18n.t(:add_blog_entry) - + #blog_entries - if @blog_entries.count > 0 - for blog_entry_page in @blog_entries diff --git a/app/views/shared/_horizontal_child_groups_nav.html.haml b/app/views/shared/_horizontal_child_groups_nav.html.haml new file mode 100644 index 000000000..2b8970a3e --- /dev/null +++ b/app/views/shared/_horizontal_child_groups_nav.html.haml @@ -0,0 +1,8 @@ +#horizontal_child_group_nav.horizontal_structure_nav + %ul.nav.nav-pills.groups + - navable.nav_child_groups.each do |group| + %li.child.group + -#- if show_corporation_names_in_vertical_nav?(navable) + -# = link_to_navable group.name_with_corporation, group + -#- else + = link_to_navable group.nav_title, group \ No newline at end of file diff --git a/app/views/shared/_horizontal_child_pages_nav.html.haml b/app/views/shared/_horizontal_child_pages_nav.html.haml new file mode 100644 index 000000000..f2c4ff1c7 --- /dev/null +++ b/app/views/shared/_horizontal_child_pages_nav.html.haml @@ -0,0 +1,9 @@ +#horizontal_child_pages_nav.horizontal_structure_nav + %ul.nav.nav-pills.pages + - navable.nav_child_pages.each do |page| + - if can? :read, page + %li.child.page + = link_to_navable page.nav_node.nav_title, page + - page.sub_pages.each do |sub_page| + %li.child.page.sub_page + = link_to_navable sub_page.nav_node.nav_title, sub_page diff --git a/app/views/shared/_upcoming_events.html.haml b/app/views/shared/_upcoming_events.html.haml index eade77be1..be9133eb3 100644 --- a/app/views/shared/_upcoming_events.html.haml +++ b/app/views/shared/_upcoming_events.html.haml @@ -1,6 +1,7 @@ - # locals: - events ||= [] - force_show ||= false +- group ||= group - # - # helper methods: - # EventsHelper#group_to_create_the_event_in @@ -9,8 +10,8 @@ %h1.upcoming_events =t :events .ics_abo_buttons.tool - - if @group - %a#ics_abo{href: group_events_url(group_id: @group.id, format: 'ics', protocol: 'webcal', token: current_user.account.auth_token), title: "Kalender-Abo (ICS, iCal): Veranstaltungen von '#{@group.name}' im Kalender auf dem eigenen Rechner abonnieren.", data: {placement: 'top'}} + - if group + %a#ics_abo{href: group_events_url(group_id: group.id, format: 'ics', protocol: 'webcal', token: current_user.account.auth_token), title: "Kalender-Abo (ICS, iCal): Veranstaltungen von '#{group.name}' im Kalender auf dem eigenen Rechner abonnieren.", data: {placement: 'top'}} = icon :calendar - elsif current_user %a.btn.btn-default#ics_abo{href: events_url(format: 'ics', protocol: 'webcal', token: current_user.account.auth_token), title: "Veranstaltungen, die mich betreffen, im Kalender auf dem eigenen Rechner abonnieren. Der Kalender wird dann automatisch auf dem Laufenden gehalten. (Empfohlen.)", data: {placement: 'top'}} @@ -28,11 +29,11 @@ = surround "'", "'" do = group_to_create_the_event_for.name .show_all - - if @group - = link_to t(:show_all_events), group_events_path(group_id: @group.id, all: true) + - if group + = link_to t(:show_all_events), group_events_path(group_id: group.id, all: true) - else = link_to t(:show_all_events), events_path - - if can?(:use, :semester_calendars) && can?(:index, SemesterCalendar) and not @group + - if can?(:use, :semester_calendars) && can?(:index, SemesterCalendar) and not group .show_semester_calendars = link_to t(:show_semester_calendars), semester_calendars_path - if current_user.primarily_administrated_corporation && can?(:create, SemesterCalendar) diff --git a/config/locales/breadcrumbs/de.yml b/config/locales/breadcrumbs/de.yml new file mode 100644 index 000000000..57b240fac --- /dev/null +++ b/config/locales/breadcrumbs/de.yml @@ -0,0 +1,2 @@ +de: + current_page: Aktuelle Seite \ No newline at end of file diff --git a/config/locales/breadcrumbs/en.yml b/config/locales/breadcrumbs/en.yml new file mode 100644 index 000000000..2a51c98d7 --- /dev/null +++ b/config/locales/breadcrumbs/en.yml @@ -0,0 +1,2 @@ +en: + current_page: Current page \ No newline at end of file diff --git a/config/locales/group_member_data_summaries/en.yml b/config/locales/group_member_data_summaries/en.yml new file mode 100644 index 000000000..393176f8b --- /dev/null +++ b/config/locales/group_member_data_summaries/en.yml @@ -0,0 +1,3 @@ +en: + data_administration: Data administration + sort_members_by: Sort members by \ No newline at end of file diff --git a/config/locales/news/de.yml b/config/locales/news/de.yml new file mode 100644 index 000000000..240df083e --- /dev/null +++ b/config/locales/news/de.yml @@ -0,0 +1,2 @@ +de: + news: Neuigkeiten \ No newline at end of file diff --git a/config/locales/news/en.yml b/config/locales/news/en.yml new file mode 100644 index 000000000..3fc5bc1ef --- /dev/null +++ b/config/locales/news/en.yml @@ -0,0 +1,2 @@ +en: + news: News \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index 5a78e2d44..c4ac6244f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -69,6 +69,7 @@ get 'groups/:id/address_labels/(:filter)/:pdf_type.:format', to: 'groups#show', as: 'group_address_labels' #get 'groups/:parent_group_id/subgroups(.:format)', to: 'groups#index', as: 'subgroups' resources :groups do + get :news, to: 'group_news#index' get :subgroups, to: 'groups#index' get :mine, on: :collection, to: 'groups#index_mine' get 'events/public', to: 'events#index', published_on_local_website: true @@ -76,6 +77,7 @@ resources :semester_calendars get :semester_calendar, to: 'semester_calendars#show_current', as: 'current_semester_calendar' resources :posts + get :pages, to: 'group_pages#index' get :profile, to: 'profiles#show' get :profile_fields, to: 'profile_fields#index' get :members, to: 'group_members#index' From 0d7004e34415668c6c96d077022986e6a0beafc3 Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Wed, 15 Mar 2017 23:12:24 +0100 Subject: [PATCH 04/18] deactivating the slim-breadcrumb behaviour MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Users did not use this. Let’s try to skip this feature for now. --- .../your_platform/breadcrumbs.js.coffee | 144 +++++++++--------- 1 file changed, 72 insertions(+), 72 deletions(-) diff --git a/app/assets/javascripts/your_platform/breadcrumbs.js.coffee b/app/assets/javascripts/your_platform/breadcrumbs.js.coffee index f4b86d586..d0a11ed54 100644 --- a/app/assets/javascripts/your_platform/breadcrumbs.js.coffee +++ b/app/assets/javascripts/your_platform/breadcrumbs.js.coffee @@ -1,79 +1,79 @@ -# This breadcrumb behaviour has been extracted from: -# https://github.com/fiedl/slim_breadcrumb - -# Define some timers: The slim elements are not to be shown immediately after -# mouseover(), but a while after, that is if the user stays over the element. -breadcrumb_slim_in_timer = 0 -breadcrumb_slim_out_timer = 0 - -# status variable that knows whether an animation is currently running. -animating = false - -# Time required to dwell. -time_to_dwell = 1000 # milliseconds - - -# show animation +# # This breadcrumb behaviour has been extracted from: +# # https://github.com/fiedl/slim_breadcrumb # -breadcrumb_slim_effect = "drop" -show_slim_breadcrumbs = -> - elements_to_show = $('ul.breadcrumbs li.slim a') - for elem in elements_to_show - unless $(elem).is(":visible") - animating = true - $(elem).show(breadcrumb_slim_effect, -> - animating = false - ) - - -# hide animation +# # Define some timers: The slim elements are not to be shown immediately after +# # mouseover(), but a while after, that is if the user stays over the element. +# breadcrumb_slim_in_timer = 0 +# breadcrumb_slim_out_timer = 0 # -hide_slim_breadcrumbs = -> - if $("ul.breadcrumbs li.slim a:visible").html() - animating = true - $('ul.breadcrumbs li.slim a:visible').hide('fade', 'fast', -> - animating = false - ) - - -# Show all elements on dblclick. +# # status variable that knows whether an animation is currently running. +# animating = false # -$(document).on 'dblclick', 'ul.breadcrumbs', -> - delay_time = 0 - delay_time = 600 if animating # because then, a click event is performing an animation - animating = true - $("ul.breadcrumbs li.slim a:not(:visible)").delay(delay_time).show("drop", -> - animating = false - ) - - -# Show the slim element on click as well. +# # Time required to dwell. +# time_to_dwell = 1000 # milliseconds # -$(document).on 'click', 'ul.breadcrumbs li.slim', -> - if not animating - show_slim_breadcrumbs($(this)) - - -# If the mouse leaves the breadcrumb, hide the slim elements. # -breadcrumb_slim_out_timer = null -$(document).on 'mouseout', 'ul.breadcrumbs', -> - breadcrumb_slim_out_timer = setTimeout(-> - hide_slim_breadcrumbs() - , time_to_dwell) -$(document).on 'mouseover', 'ul.breadcrumbs', -> - clearTimeout(breadcrumb_slim_out_timer) - - -# Show the slim elements if the mouse stays over the separator. +# # show animation +# # +# breadcrumb_slim_effect = "drop" +# show_slim_breadcrumbs = -> +# elements_to_show = $('ul.breadcrumbs li.slim a') +# for elem in elements_to_show +# unless $(elem).is(":visible") +# animating = true +# $(elem).show(breadcrumb_slim_effect, -> +# animating = false +# ) +# +# +# # hide animation +# # +# hide_slim_breadcrumbs = -> +# if $("ul.breadcrumbs li.slim a:visible").html() +# animating = true +# $('ul.breadcrumbs li.slim a:visible').hide('fade', 'fast', -> +# animating = false +# ) +# +# +# # Show all elements on dblclick. +# # +# $(document).on 'dblclick', 'ul.breadcrumbs', -> +# delay_time = 0 +# delay_time = 600 if animating # because then, a click event is performing an animation +# animating = true +# $("ul.breadcrumbs li.slim a:not(:visible)").delay(delay_time).show("drop", -> +# animating = false +# ) +# +# +# # Show the slim element on click as well. +# # +# $(document).on 'click', 'ul.breadcrumbs li.slim', -> +# if not animating +# show_slim_breadcrumbs($(this)) +# +# +# # If the mouse leaves the breadcrumb, hide the slim elements. +# # +# breadcrumb_slim_out_timer = null +# $(document).on 'mouseout', 'ul.breadcrumbs', -> +# breadcrumb_slim_out_timer = setTimeout(-> +# hide_slim_breadcrumbs() +# , time_to_dwell) +# $(document).on 'mouseover', 'ul.breadcrumbs', -> +# clearTimeout(breadcrumb_slim_out_timer) +# # -breadcrumb_slim_in_timer = null -$(document).on 'mouseover', 'ul.breadcrumbs li.slim', -> - breadcrumb_slim_in_timer = setTimeout(-> - show_slim_breadcrumbs() - , time_to_dwell) -$(document).on 'mouseout', 'ul.breadcrumbs li.slim', -> - clearTimeout(breadcrumb_slim_in_timer) +# # Show the slim elements if the mouse stays over the separator. +# # +# breadcrumb_slim_in_timer = null +# $(document).on 'mouseover', 'ul.breadcrumbs li.slim', -> +# breadcrumb_slim_in_timer = setTimeout(-> +# show_slim_breadcrumbs() +# , time_to_dwell) +# $(document).on 'mouseout', 'ul.breadcrumbs li.slim', -> +# clearTimeout(breadcrumb_slim_in_timer) $(document).ready -> @@ -82,8 +82,8 @@ $(document).ready -> # in order to not have an open end (like " A >> C > D > " if E is slim). $("ul.breadcrumbs li").last().removeClass("slim") - # Initially hide all slim elements. - $("ul.breadcrumbs li.slim a").hide() + # # Initially hide all slim elements. + # $("ul.breadcrumbs li.slim a").hide() # The first breadcrumb should not use turbolinks as it may refer to an # external site. This would cause a silent redirect error. From 98b86f6d2dd2e69ac1f9722f3b0ef9f5bf5d74e9 Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Wed, 15 Mar 2017 23:13:20 +0100 Subject: [PATCH 05/18] I think, we do not need the corporation names in the horizontal structure nav. If this is a super group, we just need the members not the child groups. --- app/views/layouts/_vertical_nav_lis.html.haml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/views/layouts/_vertical_nav_lis.html.haml b/app/views/layouts/_vertical_nav_lis.html.haml index 0be9a6cf3..d96627b1b 100644 --- a/app/views/layouts/_vertical_nav_lis.html.haml +++ b/app/views/layouts/_vertical_nav_lis.html.haml @@ -13,7 +13,7 @@ - navable.nav_child_groups.each do |group| %li.child.group - - if show_corporation_names_in_vertical_nav?(navable) - = link_to_navable group.name_with_corporation, group - - else - = link_to_navable group.nav_title, group \ No newline at end of file + -#- if show_corporation_names_in_vertical_nav?(navable) + -# = link_to_navable group.name_with_corporation, group + -#- else + = link_to_navable group.nav_title, group \ No newline at end of file From 8566784f796c6dc73a2a7ef59aa275c5aad37b7d Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Fri, 24 Mar 2017 14:30:48 +0100 Subject: [PATCH 06/18] active job: retry if record is not ready, yet. --- Gemfile.lock | 17 +++++++++-------- app/jobs/application_job.rb | 17 +++++++++++++++++ 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a1b51bb72..79943506f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -62,7 +62,7 @@ PATH prawn (= 2.0.2) public_activity (~> 1.4.1) rack (>= 1.6.2) - rack-mini-profiler (>= 0.9.0.pre) + rack-mini-profiler rack-ssl (>= 1.3.4) rails (>= 4.2.5.1) rails-assets-bootstrap-social @@ -85,7 +85,6 @@ PATH sidekiq (>= 3.4.2) sidekiq-limit_fetch simple_form - slim_breadcrumb (>= 0.0.3) sprockets-rails (~> 2.3) sugar-rails table-formatter @@ -400,6 +399,9 @@ GEM omniauth-oauth (~> 1.1) rack orm_adapter (0.5.0) + parallel (1.10.0) + parallel_tests (2.13.0) + parallel passgen (1.0.2) pdf-core (0.6.1) phony (2.15.41) @@ -526,6 +528,8 @@ GEM rspec-core (2.14.8) rspec-expectations (2.14.5) diff-lcs (>= 1.1.3, < 2.0) + rspec-instafail (1.0.0) + rspec rspec-mocks (2.14.6) rspec-rails (2.14.1) actionpack (>= 3.0) @@ -583,11 +587,6 @@ GEM slim (3.0.6) temple (~> 0.7.3) tilt (>= 1.3.3, < 2.1) - slim_breadcrumb (0.0.3) - coffee-rails - jquery-rails - rails (>= 3.2) - sass-rails slop (3.6.0) spork (0.9.2) spreadsheet (1.1.4) @@ -685,11 +684,13 @@ DEPENDENCIES json! letter_opener! mysql2! + parallel_tests! poltergeist! protected_attributes! pry! rails (~> 4.2.1)! redcarpet! + rspec-instafail! rspec-rails (= 2.14.1)! rspec-rerun! sass-rails (~> 4.0.3)! @@ -711,4 +712,4 @@ RUBY VERSION ruby 2.3.1p112 BUNDLED WITH - 1.13.7 + 1.14.6 diff --git a/app/jobs/application_job.rb b/app/jobs/application_job.rb index 40350c719..0e270d744 100644 --- a/app/jobs/application_job.rb +++ b/app/jobs/application_job.rb @@ -1,4 +1,21 @@ class ApplicationJob < ActiveJob::Base self.queue_adapter = :sidekiq + def serialize + # http://stackoverflow.com/a/38592564/2066546 + super.merge('attempt_number' => (@attempt_number || 0) + 1) + end + + def deserialize(job_data) + super + @attempt_number = job_data['attempt_number'] + end + + rescue_from ActiveJob::DeserializationError do |exception| + # There are cases where sidekiq is too fast, i.e. the background worker + # begins to process before the record is accessible through the database. + # Just retry in a couple of seconds. + retry_job(wait: 30) if @attempt_number < 5 + end + end \ No newline at end of file From f2d411073f4d239696b24c19a9caa89b9131a836 Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Fri, 24 Mar 2017 14:39:48 +0100 Subject: [PATCH 07/18] try not to initialize datatables twice --- .../javascripts/your_platform/datatables.coffee | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/app/assets/javascripts/your_platform/datatables.coffee b/app/assets/javascripts/your_platform/datatables.coffee index 2f66fdf8e..7edb15f0b 100644 --- a/app/assets/javascripts/your_platform/datatables.coffee +++ b/app/assets/javascripts/your_platform/datatables.coffee @@ -92,11 +92,12 @@ App.datatables = { create: (selector, options)-> if $(selector).size() > 0 unless $.fn.dataTable.isDataTable(selector) - configuration = {} - $.extend configuration, App.datatables.common_configuration() - $.extend configuration, options - $(selector).dataTable(configuration) - App.datatables.adjust_css() + unless $(selector).parents('.dataTables_wrapper').size() == 0 + configuration = {} + $.extend configuration, App.datatables.common_configuration() + $.extend configuration, options + $(selector).dataTable(configuration) + App.datatables.adjust_css() } $(document).ready -> From 64ac50d62dc5822e90378e8ed1b0f578323fc6ec Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Fri, 24 Mar 2017 17:31:53 +0100 Subject: [PATCH 08/18] datatables: finxing js --- app/assets/javascripts/your_platform/datatables.coffee | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/assets/javascripts/your_platform/datatables.coffee b/app/assets/javascripts/your_platform/datatables.coffee index 7edb15f0b..00adeca07 100644 --- a/app/assets/javascripts/your_platform/datatables.coffee +++ b/app/assets/javascripts/your_platform/datatables.coffee @@ -92,7 +92,7 @@ App.datatables = { create: (selector, options)-> if $(selector).size() > 0 unless $.fn.dataTable.isDataTable(selector) - unless $(selector).parents('.dataTables_wrapper').size() == 0 + if $(selector).parents('.dataTables_wrapper').size() == 0 configuration = {} $.extend configuration, App.datatables.common_configuration() $.extend configuration, options From 202e4bb203bb836c6af056f9af483a269d506dcc Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Fri, 24 Mar 2017 18:17:21 +0100 Subject: [PATCH 09/18] fixing `DagLink.repair` by re-arranging the sub tasks. --- app/models/concerns/dag_link_repair.rb | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/app/models/concerns/dag_link_repair.rb b/app/models/concerns/dag_link_repair.rb index eebf6fa8a..dea1a9d23 100644 --- a/app/models/concerns/dag_link_repair.rb +++ b/app/models/concerns/dag_link_repair.rb @@ -16,8 +16,8 @@ def repair delete_links_without_edges delete_redundant_indirect_links - recalculate_indirect_counts fix_types + recalculate_indirect_counts end def fix_types @@ -51,7 +51,6 @@ def scan_and_repair mute_sql_log scan delete_redundant_links - recalculate_links print "\n\nFinished.\n".blue unmute_sql_log end @@ -106,16 +105,6 @@ def delete_redundant_links end end end - - def recalculate_links - print "\n\nRecalculating affected indirect validity ranges.\n".blue - @occurances.each do |redundant_links| - original_link = redundant_links[0].becomes Membership - original_link.recalculate_validity_range_from_direct_memberships - original_link.save - print ".".blue - end - end end class LinkCountRepairer From 0ead9d7a8807feeca8bfe39ebfb5f262d293093f Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Fri, 24 Mar 2017 22:02:51 +0100 Subject: [PATCH 10/18] updating nokogiri to fix CVE-2016-4658 --- Gemfile.lock | 190 +++++++++++++++++++----------------------- your_platform.gemspec | 2 +- 2 files changed, 86 insertions(+), 106 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 79943506f..433eec4f6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -52,7 +52,7 @@ PATH mail_form merit mini_magick - nokogiri (>= 1.6.8) + nokogiri (>= 1.7.1) omniauth-facebook (~> 3.0.0) omniauth-github omniauth-google-oauth2 @@ -144,13 +144,14 @@ GEM activerecord (>= 4.0) acts_as_tree (2.6.1) activerecord (>= 3.0.0) - addressable (2.4.0) + addressable (2.5.0) + public_suffix (~> 2.0, >= 2.0.2) ambry (1.0.0) - arel (6.0.3) + arel (6.0.4) auto_html (1.6.4) redcarpet (~> 3.1) rinku (~> 1.5.0) - autoprefixer-rails (6.7.6) + autoprefixer-rails (6.7.7.1) execjs autosize-rails (1.18.17) rails (>= 3.1) @@ -166,22 +167,11 @@ GEM autoprefixer-rails (>= 5.0.0.1) sass (>= 3.2.19) bootstrap_tokenfield_rails (0.12.1) - brakeman (3.1.3) - erubis (~> 2.6) - fastercsv (~> 1.5) - haml (>= 3.0, < 5.0) - highline (>= 1.6.20, < 2.0) - multi_json (~> 1.2) - ruby2ruby (>= 2.1.1, < 2.3.0) - ruby_parser (~> 3.7.0) - safe_yaml (>= 1.0) - sass (~> 3.0) - slim (>= 1.3.6, < 4.0) - terminal-table (~> 1.4) + brakeman (3.6.1) browser (2.3.0) - builder (3.2.2) + builder (3.2.3) cancan (1.6.10) - capybara (2.10.1) + capybara (2.13.0) addressable mime-types (>= 1.16) nokogiri (>= 1.3.3) @@ -198,39 +188,38 @@ GEM childprocess (0.6.2) ffi (~> 1.0, >= 1.0.11) cliver (0.3.2) - codeclimate-test-reporter (0.4.8) - simplecov (>= 0.7.1, < 1.0.0) - coderay (1.1.0) + codeclimate-test-reporter (1.0.8) + simplecov (<= 0.13) + coderay (1.1.1) coffee-rails (4.2.1) coffee-script (>= 2.2.0) railties (>= 4.0.0, < 5.2.x) coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.10.0) + coffee-script-source (1.12.2) colored (1.2) concurrent-ruby (1.0.5) connection_pool (2.2.1) - coveralls (0.8.10) - json (~> 1.8) - rest-client (>= 1.6.8, < 2) - simplecov (~> 0.11.0) + coveralls (0.8.19) + json (>= 1.8, < 3) + simplecov (~> 0.12.0) term-ansicolor (~> 1.3) thor (~> 0.19.1) - tins (~> 1.6.0) - database_cleaner (1.5.1) + tins (~> 1.6) + database_cleaner (1.5.3) debug_inspector (0.0.2) decent_exposure (3.0.2) activesupport (>= 4.0) - devise (4.2.0) + devise (4.2.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) responders warden (~> 1.2.3) - diff-lcs (1.2.5) + diff-lcs (1.3) docile (1.1.5) - domain_name (0.5.20160310) + domain_name (0.5.20170223) unf (>= 0.0.5, < 1.0.0) edit_mode (1.0.2) jquery-rails @@ -248,22 +237,22 @@ GEM elasticsearch-transport (5.0.3) faraday multi_json - email_spec (1.6.0) + email_spec (2.1.0) + htmlentities (~> 4.3.3) launchy (~> 2.1) - mail (~> 2.2) + mail (~> 2.6.3) erubis (2.7.0) eventmachine (1.2.3) execjs (2.7.0) - factory_girl (4.5.0) + factory_girl (4.8.0) activesupport (>= 3.0.0) - factory_girl_rails (4.5.0) - factory_girl (~> 4.5.0) + factory_girl_rails (4.8.0) + factory_girl (~> 4.8.0) railties (>= 3.0.0) faker (1.7.3) i18n (~> 0.5) faraday (0.11.0) multipart-post (>= 1.2, < 3) - fastercsv (1.5.5) ffi (1.9.18) font-awesome-rails (4.7.0.1) railties (>= 3.2, < 5.1) @@ -283,9 +272,9 @@ GEM gravatar_image_tag (1.2.0) groupdate (3.2.0) activesupport (>= 3) - guard (2.13.0) + guard (2.14.1) formatador (>= 0.2.4) - listen (>= 2.7, <= 4.0) + listen (>= 2.7, < 4.0) lumberjack (~> 1.0) nenv (~> 0.1) notiffany (~> 0.0) @@ -306,45 +295,46 @@ GEM has_secure_token (1.0.0) activerecord (>= 3.0) hashie (3.5.5) - highline (1.7.8) hike (1.2.3) - http-cookie (1.0.2) + htmlentities (4.3.4) + http-cookie (1.0.3) domain_name (~> 0.5) - i18n (0.7.0) - i18n-js (3.0.0.rc15) + i18n (0.8.1) + i18n-js (3.0.0.rc16) i18n (~> 0.6, >= 0.6.6) icalendar (2.4.1) - jbuilder (2.3.2) - activesupport (>= 3.0.0, < 5) + jbuilder (2.6.3) + activesupport (>= 3.0.0, < 5.2) multi_json (~> 1.2) jquery-atwho-rails (1.3.2) jquery-fileupload-rails (0.4.7) actionpack (>= 3.1) railties (>= 3.1) sass (>= 3.2) - jquery-rails (4.2.2) + jquery-rails (4.3.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) jquery-turbolinks (2.1.0) railties (>= 3.1.0) turbolinks - json (1.8.3) + json (1.8.6) judge (2.1.1) rails (>= 3.1) jwt (1.5.6) - kgio (2.10.0) + kgio (2.11.0) launchy (2.4.3) addressable (~> 2.3) letter_opener (1.4.1) launchy (~> 2.2) - libv8 (3.16.14.13) - listen (3.0.5) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) + libv8 (3.16.14.19) + listen (3.1.5) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + ruby_dep (~> 1.2) loofah (2.0.3) nokogiri (>= 1.5.9) - lumberjack (1.0.9) + lumberjack (1.0.11) mail (2.6.4) mime-types (>= 1.16, < 4) mail_form (1.6.0) @@ -357,16 +347,16 @@ GEM mimemagic (0.3.2) mini_magick (4.6.1) mini_portile2 (2.1.0) - minitest (5.9.1) + minitest (5.10.1) multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) - mysql2 (0.4.2) - nenv (0.2.0) + mysql2 (0.4.5) + nenv (0.3.0) netrc (0.11.0) - nokogiri (1.6.8.1) + nokogiri (1.7.1) mini_portile2 (~> 2.1.0) - notiffany (0.0.8) + notiffany (0.1.1) nenv (~> 0.1) shellany (~> 0.0) oauth (0.5.1) @@ -399,13 +389,13 @@ GEM omniauth-oauth (~> 1.1) rack orm_adapter (0.5.0) - parallel (1.10.0) - parallel_tests (2.13.0) + parallel (1.11.1) + parallel_tests (2.14.0) parallel passgen (1.0.2) pdf-core (0.6.1) - phony (2.15.41) - poltergeist (1.11.0) + phony (2.15.42) + poltergeist (1.14.0) capybara (~> 2.1) cliver (~> 0.3.1) websocket-driver (>= 0.2.0) @@ -414,7 +404,7 @@ GEM ttfunk (~> 1.4.0) protected_attributes (1.1.3) activemodel (>= 4.0.1, < 5.0) - pry (0.10.3) + pry (0.10.4) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) @@ -423,6 +413,7 @@ GEM activerecord (>= 3.0) i18n (>= 0.5.0) railties (>= 3.0.0) + public_suffix (2.0.5) rack (1.6.5) rack-mini-profiler (0.10.2) rack (>= 1.2.0) @@ -452,7 +443,7 @@ GEM rails-assets-jquery (>= 1.7.0) rails-assets-font-awesome (4.7.0) rails-assets-inline-attachment (2.0.3) - rails-assets-jquery (3.1.1) + rails-assets-jquery (3.2.1) rails-assets-jquery-ui (1.12.1) rails-assets-jquery (>= 1.6) rails-assets-jquery-ujs (1.2.2) @@ -460,9 +451,9 @@ GEM rails-assets-trentrichardson--jQuery-Timepicker-Addon (1.6.3) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) + rails-dom-testing (1.0.8) activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) + nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) @@ -476,13 +467,13 @@ GEM activesupport (= 4.2.7.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - raindrops (0.15.0) - rake (11.3.0) - rb-fsevent (0.9.6) - rb-inotify (0.9.5) + raindrops (0.18.0) + rake (12.0.0) + rb-fsevent (0.9.8) + rb-inotify (0.9.8) ffi (>= 0.5.0) - rdoc (4.2.0) - redcarpet (3.3.4) + rdoc (4.3.0) + redcarpet (3.4.0) redis (3.3.3) redis-actionpack (5.0.1) actionpack (>= 4.0, < 6) @@ -541,31 +532,25 @@ GEM rspec-mocks (~> 2.14.0) rspec-rerun (0.3.1) rspec - ruby-ole (1.2.12) - ruby-progressbar (1.7.5) - ruby2ruby (2.2.0) - ruby_parser (~> 3.1) - sexp_processor (~> 4.0) - ruby_parser (3.7.2) - sexp_processor (~> 4.1) + ruby-ole (1.2.12.1) + ruby-progressbar (1.8.1) + ruby_dep (1.5.0) rubyzip (1.2.1) - safe_yaml (1.0.4) sass (3.2.19) sass-rails (4.0.5) railties (>= 4.0.0, < 5.0) sass (~> 3.2.2) sprockets (~> 2.8, < 3.0) sprockets-rails (~> 2.0) - sdoc (0.4.1) + sdoc (0.4.2) json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) - selenium-webdriver (3.2.2) + selenium-webdriver (3.3.0) childprocess (~> 0.5) rubyzip (~> 1.0) websocket (~> 1.0) - sexp_processor (4.6.0) shellany (0.0.1) - sidekiq (4.2.9) + sidekiq (4.2.10) concurrent-ruby (~> 1.0) connection_pool (~> 2.2, >= 2.2.0) rack-protection (>= 1.5.0) @@ -575,23 +560,21 @@ GEM simple_form (3.4.0) actionpack (> 4, < 5.1) activemodel (> 4, < 5.1) - simplecov (0.11.1) + simplecov (0.12.0) docile (~> 1.1.0) - json (~> 1.8) + json (>= 1.8, < 3) simplecov-html (~> 0.10.0) simplecov-html (0.10.0) sinatra (1.4.8) rack (~> 1.5) rack-protection (~> 1.4) tilt (>= 1.3, < 3) - slim (3.0.6) - temple (~> 0.7.3) - tilt (>= 1.3.3, < 2.1) slop (3.6.0) spork (0.9.2) spreadsheet (1.1.4) ruby-ole (>= 1.0) - spring (1.6.0) + spring (2.0.1) + activesupport (>= 4.2) sprockets (2.12.4) hike (~> 1.2) multi_json (~> 1.0) @@ -604,18 +587,16 @@ GEM sugar-rails (1.4.1) railties (>= 3.0.0) table-formatter (0.4.1) - temple (0.7.6) - term-ansicolor (1.3.2) + term-ansicolor (1.4.1) tins (~> 1.0) - terminal-table (1.5.2) - therubyracer (0.12.2) - libv8 (~> 3.16.14.0) + therubyracer (0.12.3) + libv8 (~> 3.16.14.15) ref - thor (0.19.1) - thread_safe (0.3.5) + thor (0.19.4) + thread_safe (0.3.6) tilt (1.4.1) - timecop (0.8.0) - tins (1.6.0) + timecop (0.8.1) + tins (1.13.2) to_xls (1.5.3) spreadsheet transaction_isolation (1.0.3) @@ -634,31 +615,30 @@ GEM turbolinks-source (5.0.0) tzinfo (1.2.2) thread_safe (~> 0.1) - uglifier (3.0.0) + uglifier (3.1.9) execjs (>= 0.3.0, < 3) unf (0.1.4) unf_ext unf_ext (0.0.7.2) - unicorn (5.0.1) + unicorn (5.2.0) kgio (~> 2.6) - rack raindrops (~> 0.7) vcardigan (0.0.9) wannabe_bool (0.6.0) warden (1.2.7) rack (>= 1.0) - web-console (3.1.1) + web-console (3.3.0) activemodel (>= 4.2) debug_inspector railties (>= 4.2) websocket (1.2.4) - websocket-driver (0.6.4) + websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.2) will_paginate (3.1.5) xpath (2.0.0) nokogiri (~> 1.3) - yard (0.8.7.6) + yard (0.9.8) PLATFORMS ruby diff --git a/your_platform.gemspec b/your_platform.gemspec index b1f2e695b..d10372838 100644 --- a/your_platform.gemspec +++ b/your_platform.gemspec @@ -179,7 +179,7 @@ Gem::Specification.new do |s| # https://github.com/lautis/uglifier/pull/86 s.add_dependency 'uglifier', '>= 2.7.2' s.add_dependency 'mail', '>= 2.6.0' # https://gemnasium.com/fiedl/your_platform/alerts#advisory_309 - s.add_dependency 'nokogiri', '>= 1.6.8' # CVE-2015-8806, https://gemnasium.com/github.com/fiedl/your_platform/alerts#advisory_392 + s.add_dependency 'nokogiri', '>= 1.7.1' # CVE-2016-4658, CVE-2016-5131, https://hakiri.io/github/fiedl/wingolfsplattform/master/6541cea428e4b4e6d94ef8070ed9b5da8eedb770/warnings/0991529a69e93e s.add_dependency 'actionpack', '>= 4.2.5.2' # CVE-2016-2098, https://gemnasium.com/fiedl/your_platform/alerts#advisory_342 s.add_dependency 'activerecord', '>= 4.2.7.1' # CVE-2016-6317, https://gemnasium.com/github.com/fiedl/your_platform/alerts#advisory_426 s.add_dependency 'rubyzip', '>= 1.2.1' # CVE-2017-5946, https://gemnasium.com/github.com/fiedl/wingolfsplattform/alerts#advisory_658 From 36bc2db3e2252090132d83dd0906c6a6b616ba6c Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Fri, 24 Mar 2017 22:33:07 +0100 Subject: [PATCH 11/18] brakeman security fixes --- .../compact_nav_search_controller.rb | 20 +++++++++---------- app/controllers/corporations_controller.rb | 12 +++++------ app/controllers/mobile/partials_controller.rb | 2 +- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/app/controllers/compact_nav_search_controller.rb b/app/controllers/compact_nav_search_controller.rb index f41dfac3a..ede2377db 100644 --- a/app/controllers/compact_nav_search_controller.rb +++ b/app/controllers/compact_nav_search_controller.rb @@ -2,13 +2,13 @@ # which is used by the "compact" layout. # class CompactNavSearchController < ApplicationController - + before_action :find_object - + def show find_object authorize! :read, @object - + respond_to do |format| format.json do if @object @@ -30,22 +30,22 @@ def show end end end - + def index @query = query @base_object = find_base_object @results = find_objects.select { |obj| can? :read, obj } end - + private - + def query params[:query] end def like_query "%#{query}%" end - + def find_object @object = base.descendant_groups.find_by token: query if base.respond_to? :descendant_groups @object ||= NavNode.where('url_component like ?', like_query).limit(1).first.try(:navable) if not params[:search_base].present? # for example "erlangen/" -- as entry point for navigation @@ -55,7 +55,7 @@ def find_object @object ||= base.descendant_events.where('name like ?', like_query).limit(1).first if base.respond_to? :descendant_events return @object end - + def find_objects @objects = [] @objects += base.descendant_groups.where('name like ?', like_query) if base.respond_to? :descendant_groups @@ -65,7 +65,7 @@ def find_objects return @objects end - + def base find_base_object end @@ -79,5 +79,5 @@ def find_base_object def secure_base_object_class (%w(Group Corporation Page User Event) & [params[:search_base][:type]]).first.constantize end - + end \ No newline at end of file diff --git a/app/controllers/corporations_controller.rb b/app/controllers/corporations_controller.rb index 1e4c0055b..578caa938 100644 --- a/app/controllers/corporations_controller.rb +++ b/app/controllers/corporations_controller.rb @@ -1,22 +1,22 @@ class CorporationsController < ApplicationController respond_to :html, :json - + before_action :find_corporations authorize_resource def index respond_to do |format| - format.html { redirect_to Corporation.corporations_parent } + format.html { redirect_to group_path(Corporation.corporations_parent) } format.json { respond_with @corporations.pluck(:name) } end end - - + + private - + def find_corporations query = params[:term] || params[:query] || "" @corporations = Corporation.where('name LIKE ?', "%#{query}%") end - + end \ No newline at end of file diff --git a/app/controllers/mobile/partials_controller.rb b/app/controllers/mobile/partials_controller.rb index 8f5cd893e..41bb3fc21 100644 --- a/app/controllers/mobile/partials_controller.rb +++ b/app/controllers/mobile/partials_controller.rb @@ -6,7 +6,7 @@ class Mobile::PartialsController < ApplicationController # def show authorize! :read, :mobile_dashboard - @partial_key = params[:partial_key] + @partial_key = (%w(documents events people_search_results recent_contacts) & [params[:partial_key]]).first load_resources end From f6851c560b8965a5aebc3fe208f9c4cfa43e4df9 Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Sat, 25 Mar 2017 01:11:57 +0100 Subject: [PATCH 12/18] dag link repair: adding task to recalc indirect validity ranges https://trello.com/c/D3onnCh1/4-refactoring-memberships --- app/models/concerns/dag_link_repair.rb | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/app/models/concerns/dag_link_repair.rb b/app/models/concerns/dag_link_repair.rb index dea1a9d23..89dd1a4bc 100644 --- a/app/models/concerns/dag_link_repair.rb +++ b/app/models/concerns/dag_link_repair.rb @@ -18,6 +18,7 @@ def repair delete_redundant_indirect_links fix_types recalculate_indirect_counts + recalculate_indirect_validity_ranges end def fix_types @@ -41,6 +42,18 @@ def recalculate_indirect_counts LinkCountRepairer.repair end + def recalculate_indirect_validity_ranges + print "\n\nRecalculate validity ranges of indirect memberships.\n".blue + DagLink.where(anestor_type: "Group", descendant_type: "User", direct: false).each do |membership| + membership.recalculate_validity_range_from_direct_memberships + if membership.save + print "*".blue + else + print ".".green + end + end + end + class RedundantLinkRepairer def self.scan_and_repair From 4f212515a38df4b4b113c4365af2def58dde2f3f Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Sat, 25 Mar 2017 01:25:06 +0100 Subject: [PATCH 13/18] beginning migration from `attr_accessible` to Strong Parameters Have a look at this railscast: http://railscasts.com/episodes/371-strong-parameters https://trello.com/c/fp08dMhE/5-migrating-from-attr-accessible-to-strong -parameters --- .rspec | 1 + Gemfile.lock | 152 ++++++++++-------- app/controllers/attachments_controller.rb | 9 +- app/controllers/blog_posts_controller.rb | 9 +- app/controllers/bookmarks_controller.rb | 6 +- app/controllers/comments_controller.rb | 4 +- .../contact_messages_controller.rb | 8 +- app/controllers/events_controller.rb | 8 +- app/controllers/pages_controller.rb | 6 +- app/controllers/posts_controller.rb | 64 ++++---- app/controllers/profile_fields_controller.rb | 9 +- app/controllers/projects_controller.rb | 26 +-- .../status_memberships_controller.rb | 4 + app/controllers/workflows_controller.rb | 10 +- ..._record_update_attributes_bip_extension.rb | 2 +- app/models/attachment.rb | 1 - app/models/bookmark.rb | 3 +- app/models/comment.rb | 7 +- app/models/concerns/archivable.rb | 7 +- app/models/concerns/group_mailing_lists.rb | 14 +- app/models/concerns/group_welcome_message.rb | 1 - app/models/concerns/has_permalinks.rb | 2 - app/models/concerns/user_avatar.rb | 1 - app/models/concerns/user_corporations.rb | 4 - app/models/dag_link.rb | 1 - app/models/event.rb | 1 - app/models/flag.rb | 1 - app/models/geo_location.rb | 2 - app/models/group.rb | 17 -- app/models/issue.rb | 1 - app/models/last_seen_activity.rb | 5 +- app/models/membership.rb | 5 - .../membership_mixins/validity_range.rb | 1 - app/models/nav_node.rb | 4 - app/models/notification.rb | 1 - app/models/page.rb | 2 - app/models/post.rb | 2 - app/models/profile_field.rb | 2 - .../has_child_profile_fields.rb | 10 +- app/models/profile_fields/address.rb | 1 - app/models/project.rb | 3 +- app/models/relationship.rb | 10 +- app/models/setting.rb | 4 - app/models/user.rb | 6 - app/models/user_account.rb | 1 - app/models/workflow_kit/parameter.rb | 2 - app/models/workflow_kit/step.rb | 6 +- app/models/workflow_kit/workflow.rb | 2 - config/initializers/strong_parameters.rb | 3 + demo_app/my_platform/Gemfile | 4 +- demo_app/my_platform/Gemfile.lock | 60 +++---- .../app/controllers/application_controller.rb | 3 +- demo_app/my_platform/config/application.rb | 3 - .../my_platform/config/environments/test.rb | 2 + spec/models/profile_section_spec.rb | 1 - spec/models/profile_spec.rb | 19 ++- spec/models/profileable_spec.rb | 21 ++- .../has_special_groups_spec.rb | 3 - .../models/structureable_mixins/roles_spec.rb | 1 - 59 files changed, 277 insertions(+), 291 deletions(-) create mode 100644 config/initializers/strong_parameters.rb diff --git a/.rspec b/.rspec index c99b4baf5..8fc91f294 100644 --- a/.rspec +++ b/.rspec @@ -1,3 +1,4 @@ --colour +--format progress --require rspec/instafail --format RSpec::Instafail diff --git a/Gemfile.lock b/Gemfile.lock index 433eec4f6..42684571a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -147,7 +147,7 @@ GEM addressable (2.5.0) public_suffix (~> 2.0, >= 2.0.2) ambry (1.0.0) - arel (6.0.4) + arel (6.0.3) auto_html (1.6.4) redcarpet (~> 3.1) rinku (~> 1.5.0) @@ -167,7 +167,18 @@ GEM autoprefixer-rails (>= 5.0.0.1) sass (>= 3.2.19) bootstrap_tokenfield_rails (0.12.1) - brakeman (3.6.1) + brakeman (3.1.3) + erubis (~> 2.6) + fastercsv (~> 1.5) + haml (>= 3.0, < 5.0) + highline (>= 1.6.20, < 2.0) + multi_json (~> 1.2) + ruby2ruby (>= 2.1.1, < 2.3.0) + ruby_parser (~> 3.7.0) + safe_yaml (>= 1.0) + sass (~> 3.0) + slim (>= 1.3.6, < 4.0) + terminal-table (~> 1.4) browser (2.3.0) builder (3.2.3) cancan (1.6.10) @@ -188,26 +199,27 @@ GEM childprocess (0.6.2) ffi (~> 1.0, >= 1.0.11) cliver (0.3.2) - codeclimate-test-reporter (1.0.8) - simplecov (<= 0.13) - coderay (1.1.1) + codeclimate-test-reporter (0.4.8) + simplecov (>= 0.7.1, < 1.0.0) + coderay (1.1.0) coffee-rails (4.2.1) coffee-script (>= 2.2.0) railties (>= 4.0.0, < 5.2.x) coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.12.2) + coffee-script-source (1.10.0) colored (1.2) concurrent-ruby (1.0.5) connection_pool (2.2.1) - coveralls (0.8.19) - json (>= 1.8, < 3) - simplecov (~> 0.12.0) + coveralls (0.8.10) + json (~> 1.8) + rest-client (>= 1.6.8, < 2) + simplecov (~> 0.11.0) term-ansicolor (~> 1.3) thor (~> 0.19.1) - tins (~> 1.6) - database_cleaner (1.5.3) + tins (~> 1.6.0) + database_cleaner (1.5.1) debug_inspector (0.0.2) decent_exposure (3.0.2) activesupport (>= 4.0) @@ -217,9 +229,9 @@ GEM railties (>= 4.1.0, < 5.1) responders warden (~> 1.2.3) - diff-lcs (1.3) + diff-lcs (1.2.5) docile (1.1.5) - domain_name (0.5.20170223) + domain_name (0.5.20160310) unf (>= 0.0.5, < 1.0.0) edit_mode (1.0.2) jquery-rails @@ -237,22 +249,22 @@ GEM elasticsearch-transport (5.0.3) faraday multi_json - email_spec (2.1.0) - htmlentities (~> 4.3.3) + email_spec (1.6.0) launchy (~> 2.1) - mail (~> 2.6.3) + mail (~> 2.2) erubis (2.7.0) eventmachine (1.2.3) execjs (2.7.0) - factory_girl (4.8.0) + factory_girl (4.5.0) activesupport (>= 3.0.0) - factory_girl_rails (4.8.0) - factory_girl (~> 4.8.0) + factory_girl_rails (4.5.0) + factory_girl (~> 4.5.0) railties (>= 3.0.0) faker (1.7.3) i18n (~> 0.5) faraday (0.11.0) multipart-post (>= 1.2, < 3) + fastercsv (1.5.5) ffi (1.9.18) font-awesome-rails (4.7.0.1) railties (>= 3.2, < 5.1) @@ -272,9 +284,9 @@ GEM gravatar_image_tag (1.2.0) groupdate (3.2.0) activesupport (>= 3) - guard (2.14.1) + guard (2.13.0) formatador (>= 0.2.4) - listen (>= 2.7, < 4.0) + listen (>= 2.7, <= 4.0) lumberjack (~> 1.0) nenv (~> 0.1) notiffany (~> 0.0) @@ -295,16 +307,16 @@ GEM has_secure_token (1.0.0) activerecord (>= 3.0) hashie (3.5.5) + highline (1.7.8) hike (1.2.3) - htmlentities (4.3.4) - http-cookie (1.0.3) + http-cookie (1.0.2) domain_name (~> 0.5) i18n (0.8.1) i18n-js (3.0.0.rc16) i18n (~> 0.6, >= 0.6.6) icalendar (2.4.1) - jbuilder (2.6.3) - activesupport (>= 3.0.0, < 5.2) + jbuilder (2.3.2) + activesupport (>= 3.0.0, < 5) multi_json (~> 1.2) jquery-atwho-rails (1.3.2) jquery-fileupload-rails (0.4.7) @@ -322,19 +334,18 @@ GEM judge (2.1.1) rails (>= 3.1) jwt (1.5.6) - kgio (2.11.0) + kgio (2.10.0) launchy (2.4.3) addressable (~> 2.3) letter_opener (1.4.1) launchy (~> 2.2) - libv8 (3.16.14.19) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) + libv8 (3.16.14.13) + listen (3.0.5) + rb-fsevent (>= 0.9.3) + rb-inotify (>= 0.9) loofah (2.0.3) nokogiri (>= 1.5.9) - lumberjack (1.0.11) + lumberjack (1.0.9) mail (2.6.4) mime-types (>= 1.16, < 4) mail_form (1.6.0) @@ -351,12 +362,12 @@ GEM multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) - mysql2 (0.4.5) - nenv (0.3.0) + mysql2 (0.4.2) + nenv (0.2.0) netrc (0.11.0) nokogiri (1.7.1) mini_portile2 (~> 2.1.0) - notiffany (0.1.1) + notiffany (0.0.8) nenv (~> 0.1) shellany (~> 0.0) oauth (0.5.1) @@ -389,22 +400,20 @@ GEM omniauth-oauth (~> 1.1) rack orm_adapter (0.5.0) - parallel (1.11.1) - parallel_tests (2.14.0) + parallel (1.10.0) + parallel_tests (2.13.0) parallel passgen (1.0.2) pdf-core (0.6.1) phony (2.15.42) - poltergeist (1.14.0) + poltergeist (1.11.0) capybara (~> 2.1) cliver (~> 0.3.1) websocket-driver (>= 0.2.0) prawn (2.0.2) pdf-core (~> 0.6.0) ttfunk (~> 1.4.0) - protected_attributes (1.1.3) - activemodel (>= 4.0.1, < 5.0) - pry (0.10.4) + pry (0.10.3) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) @@ -467,13 +476,13 @@ GEM activesupport (= 4.2.7.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - raindrops (0.18.0) - rake (12.0.0) - rb-fsevent (0.9.8) - rb-inotify (0.9.8) + raindrops (0.15.0) + rake (10.5.0) + rb-fsevent (0.9.6) + rb-inotify (0.9.5) ffi (>= 0.5.0) - rdoc (4.3.0) - redcarpet (3.4.0) + rdoc (4.2.0) + redcarpet (3.3.4) redis (3.3.3) redis-actionpack (5.0.1) actionpack (>= 4.0, < 6) @@ -533,22 +542,28 @@ GEM rspec-rerun (0.3.1) rspec ruby-ole (1.2.12.1) - ruby-progressbar (1.8.1) - ruby_dep (1.5.0) + ruby-progressbar (1.7.5) + ruby2ruby (2.2.0) + ruby_parser (~> 3.1) + sexp_processor (~> 4.0) + ruby_parser (3.7.2) + sexp_processor (~> 4.1) rubyzip (1.2.1) + safe_yaml (1.0.4) sass (3.2.19) sass-rails (4.0.5) railties (>= 4.0.0, < 5.0) sass (~> 3.2.2) sprockets (~> 2.8, < 3.0) sprockets-rails (~> 2.0) - sdoc (0.4.2) + sdoc (0.4.1) json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) - selenium-webdriver (3.3.0) + selenium-webdriver (3.2.2) childprocess (~> 0.5) rubyzip (~> 1.0) websocket (~> 1.0) + sexp_processor (4.6.0) shellany (0.0.1) sidekiq (4.2.10) concurrent-ruby (~> 1.0) @@ -560,21 +575,23 @@ GEM simple_form (3.4.0) actionpack (> 4, < 5.1) activemodel (> 4, < 5.1) - simplecov (0.12.0) + simplecov (0.11.1) docile (~> 1.1.0) - json (>= 1.8, < 3) + json (~> 1.8) simplecov-html (~> 0.10.0) simplecov-html (0.10.0) sinatra (1.4.8) rack (~> 1.5) rack-protection (~> 1.4) tilt (>= 1.3, < 3) + slim (3.0.6) + temple (~> 0.7.3) + tilt (>= 1.3.3, < 2.1) slop (3.6.0) spork (0.9.2) spreadsheet (1.1.4) ruby-ole (>= 1.0) - spring (2.0.1) - activesupport (>= 4.2) + spring (1.6.0) sprockets (2.12.4) hike (~> 1.2) multi_json (~> 1.0) @@ -587,16 +604,18 @@ GEM sugar-rails (1.4.1) railties (>= 3.0.0) table-formatter (0.4.1) - term-ansicolor (1.4.1) + temple (0.7.6) + term-ansicolor (1.3.2) tins (~> 1.0) - therubyracer (0.12.3) - libv8 (~> 3.16.14.15) + terminal-table (1.5.2) + therubyracer (0.12.2) + libv8 (~> 3.16.14.0) ref thor (0.19.4) thread_safe (0.3.6) tilt (1.4.1) - timecop (0.8.1) - tins (1.13.2) + timecop (0.8.0) + tins (1.6.0) to_xls (1.5.3) spreadsheet transaction_isolation (1.0.3) @@ -615,30 +634,31 @@ GEM turbolinks-source (5.0.0) tzinfo (1.2.2) thread_safe (~> 0.1) - uglifier (3.1.9) + uglifier (3.0.0) execjs (>= 0.3.0, < 3) unf (0.1.4) unf_ext unf_ext (0.0.7.2) - unicorn (5.2.0) + unicorn (5.0.1) kgio (~> 2.6) + rack raindrops (~> 0.7) vcardigan (0.0.9) wannabe_bool (0.6.0) warden (1.2.7) rack (>= 1.0) - web-console (3.3.0) + web-console (3.1.1) activemodel (>= 4.2) debug_inspector railties (>= 4.2) websocket (1.2.4) - websocket-driver (0.6.5) + websocket-driver (0.6.4) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.2) will_paginate (3.1.5) xpath (2.0.0) nokogiri (~> 1.3) - yard (0.9.8) + yard (0.8.7.6) PLATFORMS ruby @@ -666,9 +686,9 @@ DEPENDENCIES mysql2! parallel_tests! poltergeist! - protected_attributes! pry! rails (~> 4.2.1)! + rake (< 11.0)! redcarpet! rspec-instafail! rspec-rails (= 2.14.1)! diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index deec5ba4a..bf3c9d19b 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -35,7 +35,7 @@ def create end @attachment = Attachment.create! author: current_user - @attachment.update_attributes(params[:attachment]) + @attachment.update_attributes(attachment_params) respond_to do |format| format.json { render json: Attachment.find(@attachment.id) } # reload does not reload the filename, thus use `find`. @@ -47,9 +47,10 @@ def create # PUT /attachments/1.json def update @attachment = Attachment.find(params[:id]) + authorize! :update, @attachment respond_to do |format| - if @attachment.update_attributes(params[:attachment]) + if @attachment.update_attributes(attachment_params) format.html { redirect_to @attachment, notice: 'Attachment was successfully updated.' } format.json { head :no_content } else @@ -108,6 +109,10 @@ def description private + def attachment_params + params.require(:attachment).permit(:description, :file, :parent_id, :parent_type, :title, :author, :type) + end + # This method secures the version parameter from a DoS attack. # See: http://brakemanscanner.org/docs/warning_types/denial_of_service/ # diff --git a/app/controllers/blog_posts_controller.rb b/app/controllers/blog_posts_controller.rb index 77db18213..27c2da7ff 100644 --- a/app/controllers/blog_posts_controller.rb +++ b/app/controllers/blog_posts_controller.rb @@ -37,15 +37,22 @@ def create def update @blog_post ||= @page + authorize! :update, @blog_post + params[:blog_post] ||= {} params[:blog_post][:archived] ||= params[:archived] # required for archivable.js.coffee to work properly. set_inheritance_instance_variable - @blog_post.update_attributes params[ :blog_post ].select { |k,v| v.present? && (v != "—")} + + @blog_post.update_attributes(blog_post_params) respond_with_bip(@blog_post) end private + def blog_post_params + params.require(:blog_post).permit(:content, :title, :teaser_text, :author, :tag_list, :teaser_image_url, :archived) + end + def set_inheritance_instance_variable @page = @blog_post @pages = @blog_posts diff --git a/app/controllers/bookmarks_controller.rb b/app/controllers/bookmarks_controller.rb index c30095e7c..f3d020fc4 100644 --- a/app/controllers/bookmarks_controller.rb +++ b/app/controllers/bookmarks_controller.rb @@ -23,7 +23,11 @@ def destroy respond_with Bookmark.find( params[ :id ] ).destroy end - private + private + + def bookmark_params + params.require(:bookmark).permit(:bookmarkable_id, :bookmarkable_type, :user_id, :user, :bookmarkable) + end def find_bookmarks user = User.find params[ :user_id ] if params[ :user_id ].present? diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index 7a39877d4..be9037756 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -5,7 +5,7 @@ class CommentsController < ApplicationController def create authorize! :create_comment_for, @commentable - @comment = @commentable.comments.build(comment_params) + @comment = @commentable.comments.build(text: comment_params[:text]) @comment.author = current_user @comment.save! @@ -30,7 +30,7 @@ def show private def comment_params - params.require(:comment).permit(:text) + params.require(:comment).permit(:text, :commentable_id, :commentable_type) end def find_secure_commentable diff --git a/app/controllers/contact_messages_controller.rb b/app/controllers/contact_messages_controller.rb index 775aa8b99..81d490ff8 100644 --- a/app/controllers/contact_messages_controller.rb +++ b/app/controllers/contact_messages_controller.rb @@ -16,9 +16,15 @@ def new def create authorize! :create, ContactMessage - ContactMessage.new(params[:contact_message]).deliver + ContactMessage.new(contact_message_params).deliver redirect_to public_root_path, notice: t(:contact_message_has_been_sent) end + private + + def contact_message_params + params.require(:contact_message).permit(:subject, :name, :email, :message, :nickname) + end + end \ No newline at end of file diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb index 0bfdba6dc..88a9846a4 100644 --- a/app/controllers/events_controller.rb +++ b/app/controllers/events_controller.rb @@ -128,7 +128,7 @@ def create @group = Group.find(params[:group_id]) authorize! :create_event, @group - @event = Event.new(params[:event]) + @event = Event.new(event_params) @event.name ||= I18n.t(:enter_name_of_event_here) @event.start_at ||= Time.zone.now.change(hour: 20, min: 15) @event.group = @group @@ -166,7 +166,7 @@ def create # PUT /events/1.json def update respond_to do |format| - if @event.update_attributes!(params[:event]) + if @event.update_attributes!(event_params) format.html { redirect_to @event, notice: 'Event was successfully updated.' } format.json { respond_with_bip(@event) } else @@ -267,6 +267,10 @@ def invite private + def event_params + params[:event].try(:permit, :description, :location, :end_at, :name, :start_at, :localized_start_at, :localized_end_at, :publish_on_local_website, :publish_on_global_website, :group_id, :contact_person_id) || {} + end + # For some strange reason, some ajax calls fail since the object is not yet # available to the other server instance. So, try a few times before giving up. # diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index f030f3344..d5cd11fc7 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -55,7 +55,7 @@ def update params[:page] ||= {} params[:page][:archived] ||= params[:archived] # required for archivable.js.coffee to work properly. params[:blog_post] ||= params[:page] # required for blog posts in respond_with_bip - @page.update_attributes params[ :page ] + @page.update_attributes!(page_params) respond_with_bip(@page) end @@ -86,6 +86,10 @@ def destroy private + def page_params + params.require(:page).permit(:content, :title, :teaser_text, :redirect_to, :author, :tag_list, :teaser_image_url, :archived) + end + def find_resource_by_permalink page_id = Permalink.find_by(path: params[:permalink], reference_type: 'Page').try(:reference_id) @page ||= Page.find(page_id) if page_id diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index eadedd7d6..0a9f8eff3 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -1,9 +1,9 @@ class PostsController < ApplicationController - + authorize_resource skip_authorize_resource only: [:new, :create, :preview, :deliver, :index] skip_authorization_check only: [:preview] - + # This will skip the cross-site-forgery protection for POST /posts.json, # since incoming emails are not sent via a form in this web app, # nor is the incoming email signed in. @@ -14,29 +14,29 @@ class PostsController < ApplicationController # TODO: Is there a better way to do this? # skip_before_action :verify_authenticity_token, only: :create, if: 'request.format.json?' - + def index if params[:group_id].present? @group = Group.find(params[:group_id]) @posts = @group.posts.order('sent_at DESC') if @group - + authorize! :index_posts, @group - + @new_post = Post.new @new_post.group = @group @new_post.author = current_user - + set_current_title "#{t(:posts)} - #{@group.name}" set_current_navable @group set_current_activity :looks_at_posts, @group set_current_access :group set_current_access_text I18n.t(:all_members_of_group_name_can_read_these_posts, group_name: @group.name) - + cookies[:group_tab] = "posts" else @posts = Post.from_or_to_user(current_user).select { |post| can? :read, post }.reverse @posts.each { |post| authorize! :read, post } - + set_current_title t(:my_posts) end end @@ -44,42 +44,42 @@ def index def show @post = Post.find(params[:id]) @group = @post.group - + @show_all_comments = true @keep_polling_delivery_counters = (@post.created_at >= 5.minutes.ago) @show_delivery_report = params[:show_delivery_report].present? - + set_current_title @post.subject set_current_navable @group set_current_activity :looks_at_posts, @group set_current_access :group set_current_access_text I18n.t(:author_of_post_members_of_group_name_and_mentioned_users_can_read_and_comment_this_post, group_name: @group.name) end - + def new @group = Group.find params[:group_id] if params[:group_id].present? authorize! :create_post_for, @group - + @new_post = Post.new @new_post.group = @group @new_post.author = current_user - + set_current_navable @group set_current_activity :writes_a_message_to_group, @group set_current_access :group set_current_access_text I18n.t(:members_of_group_and_global_officers_can_write_posts, group_name: @group.name) end - + def create return create_via_email if params[:message].present? - + @group = Group.find(params[:group_id] || params[:post][:group_id] || raise('no group given')) authorize! :create_post_for, @group @text = params[:text] || params[:post][:text] @subject = params[:subject] || params[:post][:text].split("\n").first.first(100) @attachments_attributes = params[:attachments_attributes] || params[:post].try(:[], :attachments_attributes) || [] - + if params[:recipient] == 'me' @recipients = [current_user] else @@ -91,10 +91,10 @@ def create @recipients = @group.members end end - + @post = Post.new subject: @subject, text: @text, group_id: @group.id, author_user_id: current_user.id, sent_at: Time.zone.now, attachments_attributes: @attachments_attributes @post.save! - + if params[:notification] == "instantly" @send_counter = @post.send_as_email_to_recipients @recipients Notification.create_from_post(@post, sent_at: Time.zone.now) unless params[:recipient] == 'me' @@ -103,11 +103,11 @@ def create Notification.create_from_post(@post) unless params[:recipient] == 'me' flash[:notice] = "Nachricht wurde gespeichert. #{@recipients.count} Empfänger werden gemäß ihrer eigenen Benachrichtigungs-Einstellungen informiert, spätestens jedoch nach einem Tag." end - + Mention.create_multiple_and_notify_instantly(current_user, @post, @post.text) unless params[:recipient] == 'me' - + @post.destroy if params[:recipient] == 'me' - + respond_to do |format| format.html do if params[:post][:sent_from_root_page] @@ -118,9 +118,9 @@ def create end format.json { render json: {recipients_count: @send_counter, post_url: @post.url} } end - + end - + def preview respond_to do |format| format.json do @@ -134,7 +134,7 @@ def preview end end end - + # PUT posts/123/deliver # # This forces a post delivery, which is useful when the user decides @@ -148,11 +148,15 @@ def deliver @post.notify_recipients respond_to do |format| format.json { render json: @post } - end + end end - + private - + + def post_params + params.require(:post).permit(:author_user_id, :external_author, :group_id, :sent_at, :sticky, :subject, :text, :sent_via, :attachments => [:description, :file, :parent_id, :parent_type, :title, :author]) + end + # This methods processes incoming email messages that can be sent through # # POST /posts.json @@ -168,7 +172,7 @@ def deliver def create_via_email # # ## Authorization - # + # # In case of comments, the user is authenticated by his user token that is included in the # reply-to email address, e.g. user-aeng9iLe...oi2iSh7Hahr.post-345.create-comment.plattform@example.com. # We do not check authorization for comments at the moment. TODO @@ -182,7 +186,7 @@ def create_via_email # should be used. This way, the mailgate can be switched off in the Ability class. # authorize! :use, :platform_mailgate - + if params[:message] if ReceivedMail.new(params[:message]).recipient_email.include?('.create-comment.plattform@') # Then this responds to a conversation and should not create a new post but a comment instead. @@ -205,5 +209,5 @@ def create_via_email end render json: (@posts || []) end - + end diff --git a/app/controllers/profile_fields_controller.rb b/app/controllers/profile_fields_controller.rb index f8ff9425a..11ef7ce72 100644 --- a/app/controllers/profile_fields_controller.rb +++ b/app/controllers/profile_fields_controller.rb @@ -45,7 +45,7 @@ def update raise "security interrupt: '#{@profile_field.type}' is no permitted profileable object type." end @profile_field = @profile_field.becomes(profile_field_class) - updated = @profile_field.update_attributes(params[:profile_field]) + updated = @profile_field.update_attributes(profile_field_params) # Mark issues to be resolved. Then, they will be rechecked later. @profile_field.issues.update_all resolved_at: Time.zone.now @@ -68,6 +68,13 @@ def destroy private + def profile_field_params + params + .require(:profile_field) + .permit(:label, :type, :value, :key, :profileable_id, :profileable_type, :needs_review) + .permit(:postal_address) + end + def load_profileable @profileable ||= @group = Group.find(params[:group_id]) if params[:group_id] @profileable ||= @user = (User.find params[:user_id]) if params[:user_id] diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index a282a04ff..28342a0e2 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -1,6 +1,6 @@ class ProjectsController < ApplicationController load_and_authorize_resource - + def index if @group @projects = @group.child_projects @@ -10,9 +10,9 @@ def index @projects = current_user.groups.collect { |g| g.child_projects }.flatten set_current_title t(:my_projects) set_current_navable current_user - end + end end - + def show set_current_title @project.title set_current_navable @project @@ -20,35 +20,35 @@ def show set_current_access :group set_current_access_text I18n.t(:members_of_group_name_can_read_this_content, group_name: @project.group.name) end - + def update - @project.update_attributes params[:project] + @project.update_attributes(project_params) respond_with_bip(@project) end - + def new set_current_title t(:new_project) set_current_navable Page.find_intranet_root - + @project = Project.new end - + def create @project = Project.new(project_params) @project.title ||= I18n.t(:new_project) @project.save! - + if current_user.corporation && @project.group.try(:corporation) != current_user.corporation current_user.corporation << @project end - + redirect_to @project end - + private - + def project_params params.require(:project).permit(:title, :description, :corporation_name) end - + end \ No newline at end of file diff --git a/app/controllers/status_memberships_controller.rb b/app/controllers/status_memberships_controller.rb index d1ecdd1b6..f815ed266 100644 --- a/app/controllers/status_memberships_controller.rb +++ b/app/controllers/status_memberships_controller.rb @@ -21,6 +21,10 @@ def destroy private + def status_membership_params + params.require(:status_membership).permit(:valid_from, :valid_to, :valid_from_localized_date, :valid_to_localized_date, :needs_review) + end + def find_membership @status_membership = Memberships::Status.with_invalid.find(params[:id]) if params[:id].present? end diff --git a/app/controllers/workflows_controller.rb b/app/controllers/workflows_controller.rb index 22aa07c00..a3c3d07e4 100644 --- a/app/controllers/workflows_controller.rb +++ b/app/controllers/workflows_controller.rb @@ -66,7 +66,7 @@ def edit # POST /workflows # POST /workflows.json def create - @workflow = Workflow.new(params[:workflow]) + @workflow = Workflow.new(workflow_params) respond_to do |format| if @workflow.save @@ -83,7 +83,7 @@ def create # PUT /workflows/1.json def update respond_to do |format| - if @workflow.update_attributes(params[:workflow]) + if @workflow.update_attributes(workflow_params) format.html { redirect_to @workflow, notice: 'Workflow was successfully updated.' } format.json { head :no_content } else @@ -104,4 +104,10 @@ def destroy end end + private + + def workflow_params + params.require(:workflow).permit(:description, :name, :parameters) + end + end \ No newline at end of file diff --git a/app/models/active_record_update_attributes_bip_extension.rb b/app/models/active_record_update_attributes_bip_extension.rb index 607a4df4d..7b1d2a3d0 100644 --- a/app/models/active_record_update_attributes_bip_extension.rb +++ b/app/models/active_record_update_attributes_bip_extension.rb @@ -20,7 +20,7 @@ def update_attributes(attributes, options = {}) non_empty_attributes[key] = nil if value == "-" end - super(non_empty_attributes, options) + super(non_empty_attributes) end module ClassMethods diff --git a/app/models/attachment.rb b/app/models/attachment.rb index 75967135b..a5872a370 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -1,5 +1,4 @@ class Attachment < ActiveRecord::Base - attr_accessible :description, :file, :parent_id, :parent_type, :title, :author, :type if defined? attr_accessible belongs_to :parent, polymorphic: true belongs_to :author, :class_name => "User", foreign_key: 'author_user_id' diff --git a/app/models/bookmark.rb b/app/models/bookmark.rb index 32bcdd0f0..77fa78473 100644 --- a/app/models/bookmark.rb +++ b/app/models/bookmark.rb @@ -2,11 +2,10 @@ # This model represents bookmarks. User can bookmark objects by clicking on a star beside # the object's title. Their bookmarks are listed for them in a quick menu, thus # users have quick access to bookmarked objects. -# +# # Such bookmarkable objects may be other users, or pages, groups, et cetera. # class Bookmark < ActiveRecord::Base - attr_accessible :bookmarkable_id, :bookmarkable_type, :user_id, :user, :bookmarkable if defined? attr_accessible belongs_to :bookmarkable, polymorphic: true belongs_to :user diff --git a/app/models/comment.rb b/app/models/comment.rb index 2338fc847..87dee065e 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -1,10 +1,9 @@ class Comment < ActiveRecord::Base - attr_accessible :text - + belongs_to :author, foreign_key: :author_user_id, class_name: 'User' belongs_to :commentable, polymorphic: true - + has_many :mentions, as: :reference has_many :mentioned_users, through: :mentions, class_name: 'User', source: 'whom' - + end diff --git a/app/models/concerns/archivable.rb b/app/models/concerns/archivable.rb index 6ea35898e..fffa995b0 100644 --- a/app/models/concerns/archivable.rb +++ b/app/models/concerns/archivable.rb @@ -1,20 +1,19 @@ concern :Archivable do included do - attr_accessible :archived_at, :archived if defined? attr_accessible attr_accessor :archived - + scope :archived, -> { where('archived_at IS NOT NULL') } scope :not_archived, -> { where('archived_at IS NULL') } def archived? archived end - + def archived archived_at ? true : false end - + def archived=(new_archived_setting) if new_archived_setting.in? [false, 'false', 0, nil] self.archived_at = nil diff --git a/app/models/concerns/group_mailing_lists.rb b/app/models/concerns/group_mailing_lists.rb index 9d9228ecf..9d3b98199 100644 --- a/app/models/concerns/group_mailing_lists.rb +++ b/app/models/concerns/group_mailing_lists.rb @@ -1,24 +1,20 @@ concern :GroupMailingLists do - - included do - attr_accessible :mailing_list_sender_filter - end - + # Returns all mailing list profile fields, i.e. email addresses that # are used as mailing list for that group. # def mailing_lists self.profile_fields.where(type: 'ProfileFields::MailingListEmail') end - + # Possible settings for the sender filter, i.e. the group attribute that determines # whether an incoming post is accepted or rejected. # def mailing_list_sender_filter_settings %w(open users_with_account corporation_members group_members officers group_officers global_officers) end - - # Checks whether the given user is allowed to send an email to the mailing lists + + # Checks whether the given user is allowed to send an email to the mailing lists # of this group. # def user_matches_mailing_list_sender_filter?(user) @@ -53,5 +49,5 @@ def user_matches_mailing_list_sender_filter?(user) false end end - + end \ No newline at end of file diff --git a/app/models/concerns/group_welcome_message.rb b/app/models/concerns/group_welcome_message.rb index af34784df..e363b8fdd 100644 --- a/app/models/concerns/group_welcome_message.rb +++ b/app/models/concerns/group_welcome_message.rb @@ -2,7 +2,6 @@ included do delegate :welcome_message, :welcome_message=, to: :settings - attr_accessible :welcome_message alias_method :assign_user_before_welcome_message, :assign_user def assign_user(user, options = {}) diff --git a/app/models/concerns/has_permalinks.rb b/app/models/concerns/has_permalinks.rb index 6c929502e..e1136195c 100644 --- a/app/models/concerns/has_permalinks.rb +++ b/app/models/concerns/has_permalinks.rb @@ -2,8 +2,6 @@ included do has_many :permalinks, as: :reference, dependent: :destroy - - attr_accessible :permalinks_list if defined? attr_accessible end def permalink_path diff --git a/app/models/concerns/user_avatar.rb b/app/models/concerns/user_avatar.rb index 4f00467bd..a1003d63b 100644 --- a/app/models/concerns/user_avatar.rb +++ b/app/models/concerns/user_avatar.rb @@ -12,7 +12,6 @@ included do attachment :avatar, type: :image - attr_accessible :avatar, :remove_avatar if defined? attr_accessible end def avatar_base64 diff --git a/app/models/concerns/user_corporations.rb b/app/models/concerns/user_corporations.rb index 062cd48df..4a3499b6d 100644 --- a/app/models/concerns/user_corporations.rb +++ b/app/models/concerns/user_corporations.rb @@ -10,10 +10,6 @@ # concern :UserCorporations do - included do - attr_accessible :corporation_name if defined? attr_accessible - end - def corporation_id (Corporation.pluck(:id) & self.ancestor_group_ids).first end diff --git a/app/models/dag_link.rb b/app/models/dag_link.rb index ba830e2e9..ba26bf8cf 100644 --- a/app/models/dag_link.rb +++ b/app/models/dag_link.rb @@ -1,6 +1,5 @@ class DagLink < ApplicationRecord - attr_accessible :ancestor_id, :ancestor_type, :count, :descendant_id, :descendant_type, :direct if defined? attr_accessible acts_as_dag_links polymorphic: true include DagLinkTypes diff --git a/app/models/event.rb b/app/models/event.rb index d760ae40d..b452dfe3d 100644 --- a/app/models/event.rb +++ b/app/models/event.rb @@ -1,5 +1,4 @@ class Event < ActiveRecord::Base - attr_accessible :description, :location, :end_at, :name, :start_at, :localized_start_at, :localized_end_at, :publish_on_local_website, :publish_on_global_website, :group_id, :contact_person_id if defined? attr_accessible is_structureable ancestor_class_names: %w(Group Page), descendant_class_names: %w(Group Page) is_navable diff --git a/app/models/flag.rb b/app/models/flag.rb index 302fa7352..c135d389f 100644 --- a/app/models/flag.rb +++ b/app/models/flag.rb @@ -1,5 +1,4 @@ class Flag < ActiveRecord::Base - attr_accessible :flagable_id, :flagable_type, :key if defined? attr_accessible belongs_to :flagable, polymorphic: true diff --git a/app/models/geo_location.rb b/app/models/geo_location.rb index c59be0b9b..32c53a490 100644 --- a/app/models/geo_location.rb +++ b/app/models/geo_location.rb @@ -1,6 +1,4 @@ class GeoLocation < ActiveRecord::Base - attr_accessible :address if defined? attr_accessible - # When to perform geocoding queries (to google) # ========================================================================================== diff --git a/app/models/group.rb b/app/models/group.rb index d75ee46cf..cd48bf3d6 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -4,23 +4,6 @@ # class Group < ApplicationRecord - if defined? attr_accessible - attr_accessible( :name, # just the name of the group; example: 'Corporation A' - :body, # a description text displayed on the groups pages top - :token, # (optional) a short-name, abbreviation of the group's name, in - # a global context; example: 'A' - :internal_token, # (optional) an internal abbreviation, i.e. used by the - # members of the group; example: 'AC' - :extensive_name, # (optional) a long version of the group's name; - # example: 'The Corporation of A' - :direct_members_titles_string, # Used for inline-editing: The comma-separated - # titles of the child users of the group. - :type - ) - end - - include ActiveModel::ForbiddenAttributesProtection # TODO: Move into initializer - is_structureable(ancestor_class_names: %w(Group Page Event), descendant_class_names: %w(Group User Page Workflow Project)) is_navable diff --git a/app/models/issue.rb b/app/models/issue.rb index 11e4ac2c8..b190c3f2c 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -14,7 +14,6 @@ # issue.resecan # Rescan a specific issue. # class Issue < ActiveRecord::Base - attr_accessible :title, :description, :resolved_at, :responsible_admin_id, :reference_id, :reference_type belongs_to :reference, polymorphic: true belongs_to :responsible_admin, class_name: 'User' diff --git a/app/models/last_seen_activity.rb b/app/models/last_seen_activity.rb index 0d5d7ece7..040c94433 100644 --- a/app/models/last_seen_activity.rb +++ b/app/models/last_seen_activity.rb @@ -1,9 +1,8 @@ class LastSeenActivity < ActiveRecord::Base - attr_accessible :description, :link_to_object_id, :link_to_object_type, :user_id if defined? attr_accessible - + belongs_to :user belongs_to :link_to_object, polymorphic: true - + def self.current where('updated_at > ?', 5.minutes.ago).order('created_at') end diff --git a/app/models/membership.rb b/app/models/membership.rb index a0611a384..d685b8fce 100644 --- a/app/models/membership.rb +++ b/app/models/membership.rb @@ -14,10 +14,6 @@ class Membership < DagLink alias_attribute :group_id, :ancestor_id alias_attribute :group, :ancestor - attr_accessible :user_id, :group_id if defined? attr_accessible - - before_validation :ensure_correct_ancestor_and_descendant_type - has_many :issues, as: :reference, dependent: :destroy @@ -41,7 +37,6 @@ class Membership < DagLink # has_many_flags may_need_review - attr_accessible :needs_review if defined? attr_accessible # General Properties diff --git a/app/models/membership_mixins/validity_range.rb b/app/models/membership_mixins/validity_range.rb index f1bdf8818..f24f396d2 100644 --- a/app/models/membership_mixins/validity_range.rb +++ b/app/models/membership_mixins/validity_range.rb @@ -70,7 +70,6 @@ module MembershipMixins::ValidityRange extend ActiveSupport::Concern included do - attr_accessible :valid_from, :valid_to, :valid_from_localized_date, :valid_to_localized_date before_validation :set_valid_from_to_now default_scope { valid } diff --git a/app/models/nav_node.rb b/app/models/nav_node.rb index d188875f1..8a85af533 100644 --- a/app/models/nav_node.rb +++ b/app/models/nav_node.rb @@ -4,10 +4,6 @@ # relevant to the position of the Navable object within the navigational structure. # class NavNode < ActiveRecord::Base - if defined? attr_accessible - attr_accessible :breadcrumb_item, :hidden_menu, :menu_item, :slim_breadcrumb, :slim_menu, :slim_url, :url_component - attr_accessible :hidden_footer - end belongs_to :navable, polymorphic: true diff --git a/app/models/notification.rb b/app/models/notification.rb index 161f1345d..ada77c5df 100644 --- a/app/models/notification.rb +++ b/app/models/notification.rb @@ -18,7 +18,6 @@ # end # class Notification < ActiveRecord::Base - attr_accessible :recipient_id, :author_id, :reference_url, :reference_type, :reference_id, :message, :text, :sent_at, :read_at, :failed_at belongs_to :recipient, class_name: 'User' belongs_to :author, class_name: 'User' diff --git a/app/models/page.rb b/app/models/page.rb index 8c5cde15b..f02f6c4d4 100644 --- a/app/models/page.rb +++ b/app/models/page.rb @@ -1,7 +1,5 @@ class Page < ActiveRecord::Base - attr_accessible :content, :title, :teaser_text, :redirect_to, :author, :tag_list, :teaser_image_url if defined? attr_accessible - is_structureable ancestor_class_names: %w(Page User Group Event), descendant_class_names: %w(Page User Group Event) is_navable diff --git a/app/models/post.rb b/app/models/post.rb index cf79deec8..0e43da0ad 100644 --- a/app/models/post.rb +++ b/app/models/post.rb @@ -1,12 +1,10 @@ class Post < ActiveRecord::Base - attr_accessible :author_user_id, :external_author, :group_id, :sent_at, :sticky, :subject, :text, :sent_via if defined? attr_accessible belongs_to :group belongs_to :author, :class_name => "User", foreign_key: 'author_user_id' has_many :attachments, as: :parent, dependent: :destroy accepts_nested_attributes_for :attachments - attr_accessible :attachments_attributes has_many :mentions, as: :reference, dependent: :destroy has_many :directly_mentioned_users, through: :mentions, class_name: 'User', source: 'whom' diff --git a/app/models/profile_field.rb b/app/models/profile_field.rb index b704ac763..1c1cd653d 100644 --- a/app/models/profile_field.rb +++ b/app/models/profile_field.rb @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- class ProfileField < ActiveRecord::Base - attr_accessible :label, :type, :value, :key, :profileable_id, :profileable_type, :needs_review if defined? attr_accessible - belongs_to :profileable, polymorphic: true has_many :issues, as: :reference, dependent: :destroy diff --git a/app/models/profile_field_mixins/has_child_profile_fields.rb b/app/models/profile_field_mixins/has_child_profile_fields.rb index 8e8c6ae94..ae6b8564a 100644 --- a/app/models/profile_field_mixins/has_child_profile_fields.rb +++ b/app/models/profile_field_mixins/has_child_profile_fields.rb @@ -2,13 +2,13 @@ module ProfileFieldMixins::HasChildProfileFields # This creates an easier way to access a composed ProfileField's child field - # values. Instead of calling + # values. Instead of calling # # bank_account.children.where( :label => :account_number ).first.value # bank_account.children.where( :label => :account_number ).first.value = "12345" # # you may call - # + # # bank_account.account_number # bank_account.account_number = "12345" # @@ -19,7 +19,7 @@ module ProfileFieldMixins::HasChildProfileFields # has_child_profile_fields :account_holder, :account_number, ... # ... # end - # + # # Furthermore, this method modifies the intializer to build the child fields # on build of the main profile_field. # @@ -27,8 +27,6 @@ def has_child_profile_fields( *keys ) before_save :build_child_fields_if_absent after_save :save_child_profile_fields - - attr_accessible *keys if defined? attr_accessible include HasChildProfileFieldsInstanceMethods @@ -85,7 +83,7 @@ def build_child_fields( keys ) end end - # This method saves the child profile fields. + # This method saves the child profile fields. # This is necessary, since the acts_as_tree gem does not provide the # autosave option for the association. # diff --git a/app/models/profile_fields/address.rb b/app/models/profile_fields/address.rb index 4ceab0c07..1149ca0ce 100644 --- a/app/models/profile_fields/address.rb +++ b/app/models/profile_fields/address.rb @@ -204,7 +204,6 @@ def longitude # Allow to mark one address as primary postal address. # - attr_accessible :postal_address if defined? attr_accessible concerning :PostalAddressFlag do def postal_address self.has_flag? :postal_address diff --git a/app/models/project.rb b/app/models/project.rb index c83a0f5b6..80ef5a70f 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -1,10 +1,9 @@ class Project < ActiveRecord::Base - attr_accessible :title, :description, :corporation_name attr_accessor :corporation_name is_structureable ancestor_class_names: %w(Group Page), descendant_class_names: %w(Group Page) is_navable - + def group parent_groups.first end diff --git a/app/models/relationship.rb b/app/models/relationship.rb index 0ceaabfd2..02b91f722 100644 --- a/app/models/relationship.rb +++ b/app/models/relationship.rb @@ -2,7 +2,7 @@ # # This class models a relationship between two users. # -# For example, John is the brother of Sue. +# For example, John is the brother of Sue. # # who: John relationship.user1 relationship.who # is: Brother relationship.is relationship.name @@ -10,8 +10,6 @@ # class Relationship < ActiveRecord::Base - attr_accessible :user1, :user2, :name, :who, :is, :of, :who_by_title, :of_by_title if defined? attr_accessible - belongs_to :user1, class_name: "User", inverse_of: :relationships_as_first_user belongs_to :user2, class_name: "User", inverse_of: :relationships_as_second_user @@ -38,7 +36,7 @@ def is=( name ) # John is the brother of Sue. # --- of: Sue # - def of + def of self.user2 end def of=( user ) @@ -46,7 +44,7 @@ def of=( user ) end # Adding new relationships: - # + # # Relationship.add( who: john_user, is: :brother, of: :sue_user ) # # which is the same as: @@ -65,7 +63,7 @@ def who_by_title def who_by_title=( title ) self.who = User.find_by_title( title ) end - + # Access method for the second user being given by his title. # def of_by_title diff --git a/app/models/setting.rb b/app/models/setting.rb index f48d6fd67..6ac81ac3b 100644 --- a/app/models/setting.rb +++ b/app/models/setting.rb @@ -15,7 +15,3 @@ def self.preferred_locale super end end - -class RailsSettings::Base - attr_accessible :var if defined? attr_accessible -end \ No newline at end of file diff --git a/app/models/user.rb b/app/models/user.rb index 0c89e8fda..bdfda814e 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,10 +1,4 @@ class User < ActiveRecord::Base - if defined? attr_accessible - attr_accessible :first_name, :last_name, :name, :alias, :email, :create_account, :female, :add_to_group, - :add_to_corporation, :date_of_birth, :localized_date_of_birth, - :aktivmeldungsdatum, :study_address, :home_address, :work_address, :phone, :mobile, - :notification_policy - end # Gamification: https://github.com/merit-gem/merit include Merit diff --git a/app/models/user_account.rb b/app/models/user_account.rb index cb0b38545..e4808391b 100644 --- a/app/models/user_account.rb +++ b/app/models/user_account.rb @@ -33,7 +33,6 @@ class UserAccount < ActiveRecord::Base # Can unlock via email or after a specified time period. # devise :database_authenticatable, :recoverable, :rememberable, :validatable, :registerable - attr_accessible :login, :password, :password_confirmation, :remember_me if defined? attr_accessible # Virtual attribute for authenticating by either username, alias or email attr_accessor :login diff --git a/app/models/workflow_kit/parameter.rb b/app/models/workflow_kit/parameter.rb index 939743a87..f2a1186c5 100644 --- a/app/models/workflow_kit/parameter.rb +++ b/app/models/workflow_kit/parameter.rb @@ -2,8 +2,6 @@ module WorkflowKit class Parameter < ActiveRecord::Base self.table_name = "workflow_kit_parameters" - attr_accessible :key, :value - belongs_to :parameterable, polymorphic: true def key diff --git a/app/models/workflow_kit/step.rb b/app/models/workflow_kit/step.rb index efb0d03c3..ea09d5949 100644 --- a/app/models/workflow_kit/step.rb +++ b/app/models/workflow_kit/step.rb @@ -1,13 +1,11 @@ module WorkflowKit require 'workflow_kit/brick' - + class Step < ActiveRecord::Base self.table_name = "workflow_kit_steps" - - default_scope { order(:sequence_index) } - attr_accessible :sequence_index, :brick_name, :parameters + default_scope { order(:sequence_index) } belongs_to :workflow diff --git a/app/models/workflow_kit/workflow.rb b/app/models/workflow_kit/workflow.rb index 71325bbad..f0b1b70dc 100644 --- a/app/models/workflow_kit/workflow.rb +++ b/app/models/workflow_kit/workflow.rb @@ -2,8 +2,6 @@ module WorkflowKit class Workflow < ActiveRecord::Base self.table_name = "workflow_kit_workflows" - attr_accessible :description, :name, :parameters - has_many :steps, dependent: :destroy extend WorkflowKit::Parameterable diff --git a/config/initializers/strong_parameters.rb b/config/initializers/strong_parameters.rb new file mode 100644 index 000000000..331bac3e9 --- /dev/null +++ b/config/initializers/strong_parameters.rb @@ -0,0 +1,3 @@ +# http://railscasts.com/episodes/371-strong-parameters +# +ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection) diff --git a/demo_app/my_platform/Gemfile b/demo_app/my_platform/Gemfile index 273828990..4b5dd0776 100644 --- a/demo_app/my_platform/Gemfile +++ b/demo_app/my_platform/Gemfile @@ -41,9 +41,6 @@ source 'https://rubygems.org' do # Use unicorn as the app server gem 'unicorn' - # RAILS-3-MIGRATION TEMPORARY GEMS - gem 'protected_attributes', require: 'protected_attributes' - # Use Capistrano for deployment # gem 'capistrano-rails', group: :development @@ -103,6 +100,7 @@ source 'https://rubygems.org' do # see: http://stackoverflow.com/questions/13807686 gem 'json' gem 'colored' + gem 'rake', '< 11.0' # http://stackoverflow.com/a/35893625/2066546, Gem Load Error is: undefined method `last_comment', TODO: Remove after updating rspec. end source 'https://rails-assets.org' diff --git a/demo_app/my_platform/Gemfile.lock b/demo_app/my_platform/Gemfile.lock index 89ed88401..679bd7bb5 100644 --- a/demo_app/my_platform/Gemfile.lock +++ b/demo_app/my_platform/Gemfile.lock @@ -52,7 +52,7 @@ PATH mail_form merit mini_magick - nokogiri (>= 1.6.8) + nokogiri (>= 1.7.1) omniauth-facebook (~> 3.0.0) omniauth-github omniauth-google-oauth2 @@ -62,7 +62,7 @@ PATH prawn (= 2.0.2) public_activity (~> 1.4.1) rack (>= 1.6.2) - rack-mini-profiler (>= 0.9.0.pre) + rack-mini-profiler rack-ssl (>= 1.3.4) rails (>= 4.2.5.1) rails-assets-bootstrap-social @@ -85,7 +85,6 @@ PATH sidekiq (>= 3.4.2) sidekiq-limit_fetch simple_form - slim_breadcrumb (>= 0.0.3) sprockets-rails (~> 2.3) sugar-rails table-formatter @@ -151,7 +150,7 @@ GEM auto_html (1.6.4) redcarpet (~> 3.1) rinku (~> 1.5.0) - autoprefixer-rails (6.7.6) + autoprefixer-rails (6.7.7.1) execjs autosize-rails (1.18.17) rails (>= 3.1) @@ -180,9 +179,10 @@ GEM slim (>= 1.3.6, < 4.0) terminal-table (~> 1.4) browser (2.3.0) - builder (3.2.2) + builder (3.2.3) cancan (1.6.10) - capybara (2.5.0) + capybara (2.13.0) + addressable mime-types (>= 1.16) nokogiri (>= 1.3.3) rack (>= 1.0.0) @@ -222,7 +222,7 @@ GEM debug_inspector (0.0.2) decent_exposure (3.0.2) activesupport (>= 4.0) - devise (4.2.0) + devise (4.2.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -310,8 +310,8 @@ GEM hike (1.2.3) http-cookie (1.0.2) domain_name (~> 0.5) - i18n (0.7.0) - i18n-js (3.0.0.rc15) + i18n (0.8.1) + i18n-js (3.0.0.rc16) i18n (~> 0.6, >= 0.6.6) icalendar (2.4.1) jbuilder (2.3.2) @@ -322,14 +322,14 @@ GEM actionpack (>= 3.1) railties (>= 3.1) sass (>= 3.2) - jquery-rails (4.2.2) + jquery-rails (4.3.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) jquery-turbolinks (2.1.0) railties (>= 3.1.0) turbolinks - json (1.8.3) + json (1.8.6) judge (2.1.1) rails (>= 3.1) jwt (1.5.6) @@ -357,14 +357,14 @@ GEM mimemagic (0.3.2) mini_magick (4.6.1) mini_portile2 (2.1.0) - minitest (5.9.1) + minitest (5.10.1) multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) mysql2 (0.4.2) nenv (0.2.0) netrc (0.11.0) - nokogiri (1.6.8.1) + nokogiri (1.7.1) mini_portile2 (~> 2.1.0) notiffany (0.0.8) nenv (~> 0.1) @@ -399,9 +399,12 @@ GEM omniauth-oauth (~> 1.1) rack orm_adapter (0.5.0) + parallel (1.11.1) + parallel_tests (2.14.0) + parallel passgen (1.0.2) pdf-core (0.6.1) - phony (2.15.41) + phony (2.15.42) poltergeist (1.8.1) capybara (~> 2.1) cliver (~> 0.3.1) @@ -421,7 +424,7 @@ GEM activerecord (>= 3.0) i18n (>= 0.5.0) railties (>= 3.0.0) - rack (1.6.4) + rack (1.6.5) rack-mini-profiler (0.10.2) rack (>= 1.2.0) rack-protection (1.5.3) @@ -450,7 +453,7 @@ GEM rails-assets-jquery (>= 1.7.0) rails-assets-font-awesome (4.7.0) rails-assets-inline-attachment (2.0.3) - rails-assets-jquery (3.1.1) + rails-assets-jquery (3.2.1) rails-assets-jquery-ui (1.12.1) rails-assets-jquery (>= 1.6) rails-assets-jquery-ujs (1.2.2) @@ -458,9 +461,9 @@ GEM rails-assets-trentrichardson--jQuery-Timepicker-Addon (1.6.3) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) + rails-dom-testing (1.0.8) activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) + nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) @@ -475,7 +478,7 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) raindrops (0.15.0) - rake (11.3.0) + rake (12.0.0) rb-fsevent (0.9.6) rb-inotify (0.9.5) ffi (>= 0.5.0) @@ -526,6 +529,8 @@ GEM rspec-core (2.14.8) rspec-expectations (2.14.5) diff-lcs (>= 1.1.3, < 2.0) + rspec-instafail (1.0.0) + rspec rspec-mocks (2.14.6) rspec-rails (2.14.1) actionpack (>= 3.0) @@ -537,7 +542,7 @@ GEM rspec-mocks (~> 2.14.0) rspec-rerun (0.3.1) rspec - ruby-ole (1.2.12) + ruby-ole (1.2.12.1) ruby-progressbar (1.7.5) ruby2ruby (2.2.0) ruby_parser (~> 3.1) @@ -561,7 +566,7 @@ GEM websocket (~> 1.0) sexp_processor (4.6.0) shellany (0.0.1) - sidekiq (4.2.9) + sidekiq (4.2.10) concurrent-ruby (~> 1.0) connection_pool (~> 2.2, >= 2.2.0) rack-protection (>= 1.5.0) @@ -583,11 +588,6 @@ GEM slim (3.0.6) temple (~> 0.7.3) tilt (>= 1.3.3, < 2.1) - slim_breadcrumb (0.0.3) - coffee-rails - jquery-rails - rails (>= 3.2) - sass-rails slop (3.6.0) spork (0.9.2) spreadsheet (1.1.4) @@ -612,8 +612,8 @@ GEM therubyracer (0.12.2) libv8 (~> 3.16.14.0) ref - thor (0.19.1) - thread_safe (0.3.5) + thor (0.19.4) + thread_safe (0.3.6) tilt (1.4.1) timecop (0.8.0) tins (1.6.0) @@ -685,11 +685,13 @@ DEPENDENCIES json! letter_opener! mysql2! + parallel_tests! poltergeist! protected_attributes! pry! rails (~> 4.2.1)! redcarpet! + rspec-instafail! rspec-rails (= 2.14.1)! rspec-rerun! sass-rails (~> 4.0.3)! @@ -711,4 +713,4 @@ RUBY VERSION ruby 2.3.1p112 BUNDLED WITH - 1.13.7 + 1.14.6 diff --git a/demo_app/my_platform/app/controllers/application_controller.rb b/demo_app/my_platform/app/controllers/application_controller.rb index 48fd6acc8..2a0ab63ea 100644 --- a/demo_app/my_platform/app/controllers/application_controller.rb +++ b/demo_app/my_platform/app/controllers/application_controller.rb @@ -1,10 +1,9 @@ require_dependency YourPlatform::Engine.root.join('app/controllers/application_controller').to_s class ApplicationController - include ActiveModel::MassAssignmentSecurity # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. #protect_from_forgery with: :exception - + end diff --git a/demo_app/my_platform/config/application.rb b/demo_app/my_platform/config/application.rb index ad6d83756..722d4b827 100644 --- a/demo_app/my_platform/config/application.rb +++ b/demo_app/my_platform/config/application.rb @@ -57,9 +57,6 @@ class Application < Rails::Application # config.i18n.default_locale = :de config.active_record.raise_in_transactional_callbacks = true - - config.active_record.whitelist_attributes = false - #config.active_record.mass_assignment_sanitizer = :strict end end diff --git a/demo_app/my_platform/config/environments/test.rb b/demo_app/my_platform/config/environments/test.rb index 9e9801442..d45bcf4ad 100644 --- a/demo_app/my_platform/config/environments/test.rb +++ b/demo_app/my_platform/config/environments/test.rb @@ -40,4 +40,6 @@ # Raises error for missing translations # config.action_view.raise_on_missing_translations = true + + config.action_controller.action_on_unpermitted_parameters = :raise end diff --git a/spec/models/profile_section_spec.rb b/spec/models/profile_section_spec.rb index b725ce92d..6e33398ba 100644 --- a/spec/models/profile_section_spec.rb +++ b/spec/models/profile_section_spec.rb @@ -10,7 +10,6 @@ before do class MyStructureable < ActiveRecord::Base - attr_accessible :name is_structureable( ancestor_class_names: %w(MyStructureable), descendant_class_names: %w(MyStructureable Group User Workflow Page) ) has_profile_fields sections: [ :general, :group ] diff --git a/spec/models/profile_spec.rb b/spec/models/profile_spec.rb index 101bb0e0e..83ee93ea0 100644 --- a/spec/models/profile_spec.rb +++ b/spec/models/profile_spec.rb @@ -7,10 +7,9 @@ end describe Profile do - + before do class MyStructureable < ActiveRecord::Base - attr_accessible :name is_structureable( ancestor_class_names: %w(MyStructureable), descendant_class_names: %w(MyStructureable Group User Workflow Page) ) has_profile_fields sections: [ :general, :group ] @@ -18,19 +17,19 @@ class MyStructureable < ActiveRecord::Base @profileable = MyStructureable.create(name: "My Profileable") @address_field = @profileable.profile_fields.create( label: "Home Address", value: "Berliner Platz 1, Erlangen", type: "ProfileFields::Address" ) - + @profile = Profile.new(@profileable) end - + subject { @profile } - + describe "#profileable" do subject { @profile.profileable } it "should return the Profileable the Profile is associated with" do subject.should == @profileable end end - + describe "#profile_fields" do subject { @profile.profile_fields } it "should return the profile fields of the profileable object" do @@ -38,14 +37,14 @@ class MyStructureable < ActiveRecord::Base subject.should include @address_field end end - + describe "#fields" do subject { @profile.fields } it "should be the same as #profile_fields" do subject.should == @profile.profile_fields end end - + describe "#sections" do subject { @profile.sections } it "should be an array of ProfileSection objects" do @@ -53,7 +52,7 @@ class MyStructureable < ActiveRecord::Base subject.first.should be_kind_of ProfileSection end end - + describe "#section_by_title" do subject { @profile.section_by_title(:general) } it "should return the ProfileSection where the title matches the given title" do @@ -61,7 +60,7 @@ class MyStructureable < ActiveRecord::Base subject.title.should.to_s == "general" end end - + describe "#sections_by_title" do subject { @profile.sections_by_title([:group, :general]) } it "should return an array of ProfileSections where the titles matche the given titles" do diff --git a/spec/models/profileable_spec.rb b/spec/models/profileable_spec.rb index 45ce1f021..02bef248c 100644 --- a/spec/models/profileable_spec.rb +++ b/spec/models/profileable_spec.rb @@ -10,12 +10,11 @@ before do class MyStructureable < ActiveRecord::Base - attr_accessible :name is_structureable( ancestor_class_names: %w(MyStructureable), descendant_class_names: %w(MyStructureable Group User Workflow Page) ) end end - + describe ".is_profileable" do before do class MyStructureable @@ -52,7 +51,7 @@ class MyStructureable end @profileable = MyStructureable.create end - + describe "#email=" do subject { @profileable.email = "foo@example.com" } it "should create an email profile field" do @@ -72,13 +71,13 @@ class MyStructureable subject.should == "bar@example.com" end end - + describe "#profile" do subject { @profileable.profile } it { should be_kind_of Profile } its(:profileable) { should == @profileable } end - + describe "#profile_section_titles" do subject { @profileable.profile_section_titles } it "should be an array of titles" do @@ -86,10 +85,10 @@ class MyStructureable subject.first.should be_kind_of Symbol end it "should include the proper sections for default" do - subject.should include :contact_information, :about_myself, :study_information, :career_information, :organizations, :bank_account_information, :description + subject.should include :contact_information, :about_myself, :study_information, :career_information, :organizations, :bank_account_information, :description end end - + describe "#profile_sections" do subject { @profileable.profile_sections } it "should be an array of ProfileSection objects" do @@ -97,10 +96,10 @@ class MyStructureable subject.first.should be_kind_of ProfileSection end it "should include the proper sections for default" do - subject.collect { |section| section.title }.should include :contact_information, :about_myself, :study_information, :career_information, :organizations, :bank_account_information, :description + subject.collect { |section| section.title }.should include :contact_information, :about_myself, :study_information, :career_information, :organizations, :bank_account_information, :description end end - + describe "#profile_fields_by_type" do before do @address_field = @profileable.profile_fields.create(type: "ProfileFields::Address", value: "Berliner Platz 1, Erlangen") @@ -113,7 +112,7 @@ class MyStructureable end end end - + describe "#profile_fields" do before do @profileable.profile_fields.create(type: "ProfileFields::Address", value: "Berliner Platz 1, Erlangen") @@ -131,7 +130,7 @@ class MyStructureable end end end - + describe "creating profile fields for a User: " do before do @profileable = create(:user) diff --git a/spec/models/structureable_mixins/has_special_groups_spec.rb b/spec/models/structureable_mixins/has_special_groups_spec.rb index 1ba5f3f3a..50e36bc2b 100644 --- a/spec/models/structureable_mixins/has_special_groups_spec.rb +++ b/spec/models/structureable_mixins/has_special_groups_spec.rb @@ -10,7 +10,6 @@ before do class MyStructureable < ActiveRecord::Base - attr_accessible :name is_structureable( ancestor_class_names: %w(MyStructureable), descendant_class_names: %w(MyStructureable Group User) ) end @@ -216,7 +215,6 @@ def title before do class MyStructureable < ActiveRecord::Base - attr_accessible :name is_structureable( ancestor_class_names: %w(MyStructureable), descendant_class_names: %w(MyStructureable Group User) ) @@ -433,7 +431,6 @@ def vip_testers before do class MyStructureable < ActiveRecord::Base - attr_accessible :name is_structureable( ancestor_class_names: %w(MyStructureable), descendant_class_names: %w(MyStructureable Group User) ) diff --git a/spec/models/structureable_mixins/roles_spec.rb b/spec/models/structureable_mixins/roles_spec.rb index 380957b72..16675026c 100644 --- a/spec/models/structureable_mixins/roles_spec.rb +++ b/spec/models/structureable_mixins/roles_spec.rb @@ -10,7 +10,6 @@ before do class MyStructureable < ActiveRecord::Base - attr_accessible :name is_structureable( ancestor_class_names: %w(MyStructureable Group), descendant_class_names: %w(MyStructureable Group User) ) end From 57a3743a955dc61bfb4c448750729f7a1460d944 Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Sat, 25 Mar 2017 02:12:10 +0100 Subject: [PATCH 14/18] migrating from cancan to cancancan due to migration to strong parameters. Also, fixing some issues due to the migration. https://trello.com/c/lnxaYpDE/6-migration-from-cancan-to-cancancan https://trello.com/c/fp08dMhE/5-migrating-from-attr-accessible-to-strong -parameters --- .rspec | 1 - Gemfile.lock | 4 ++-- app/controllers/blog_posts_controller.rb | 2 +- app/controllers/profile_fields_controller.rb | 7 ++++--- app/models/concerns/group_memberships.rb | 2 +- app/models/concerns/membership_creator.rb | 2 +- app/models/profile_field.rb | 1 + demo_app/my_platform/Gemfile.lock | 10 ++++------ lib/your_platform/engine.rb | 2 +- spec/models/term_reports/for_corporation_spec.rb | 2 +- your_platform.gemspec | 2 +- 11 files changed, 17 insertions(+), 18 deletions(-) diff --git a/.rspec b/.rspec index 8fc91f294..c99b4baf5 100644 --- a/.rspec +++ b/.rspec @@ -1,4 +1,3 @@ --colour ---format progress --require rspec/instafail --format RSpec::Instafail diff --git a/Gemfile.lock b/Gemfile.lock index 42684571a..206ce0f36 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -21,7 +21,7 @@ PATH bootstrap-sass (= 3.3.3) bootstrap_tokenfield_rails bundler (>= 1.9.4) - cancan + cancancan carrierwave (~> 0.11) chartkick coffee-rails (>= 4.1.0) @@ -181,7 +181,7 @@ GEM terminal-table (~> 1.4) browser (2.3.0) builder (3.2.3) - cancan (1.6.10) + cancancan (1.15.0) capybara (2.13.0) addressable mime-types (>= 1.16) diff --git a/app/controllers/blog_posts_controller.rb b/app/controllers/blog_posts_controller.rb index 27c2da7ff..1305f67d7 100644 --- a/app/controllers/blog_posts_controller.rb +++ b/app/controllers/blog_posts_controller.rb @@ -50,7 +50,7 @@ def update private def blog_post_params - params.require(:blog_post).permit(:content, :title, :teaser_text, :author, :tag_list, :teaser_image_url, :archived) + params[:blog_post].try(:permit, :content, :title, :teaser_text, :author, :tag_list, :teaser_image_url, :archived) || {} end def set_inheritance_instance_variable diff --git a/app/controllers/profile_fields_controller.rb b/app/controllers/profile_fields_controller.rb index 11ef7ce72..7d8caf3b2 100644 --- a/app/controllers/profile_fields_controller.rb +++ b/app/controllers/profile_fields_controller.rb @@ -1,7 +1,7 @@ class ProfileFieldsController < ApplicationController before_action :load_profileable, :only => [:create, :index] - load_and_authorize_resource except: :index + load_and_authorize_resource except: :index, param_method: :profile_field_params skip_authorization_check only: :index before_action :log_public_activity_for_profileable, only: [:destroy] @@ -22,6 +22,7 @@ def index def create type = secure_profile_field_type || 'ProfileFields::Custom' + @profile_field.type = type @profile_field = @profile_field.becomes(type.constantize) @profile_field.profileable = @profileable @profile_field.label = params[:label] if params[:label].present? @@ -71,8 +72,8 @@ def destroy def profile_field_params params .require(:profile_field) - .permit(:label, :type, :value, :key, :profileable_id, :profileable_type, :needs_review) - .permit(:postal_address) + .permit(:label, :type, :value, :key, :profileable_id, :profileable_type, :needs_review, + :postal_address) end def load_profileable diff --git a/app/models/concerns/group_memberships.rb b/app/models/concerns/group_memberships.rb index 495c213f1..49cc17dde 100644 --- a/app/models/concerns/group_memberships.rb +++ b/app/models/concerns/group_memberships.rb @@ -97,7 +97,7 @@ def direct_members_titles_string=( titles_string ) def assign_user( user, options = {} ) if user and not user.in?(self.direct_members) time_of_joining = options[:joined_at] || options[:at] || options[:time] || Time.zone.now - m = Membership.create user_id: user.id, group_id: self.id + m = Membership.create descendant_id: user.id, ancestor_id: self.id m.update_attributes valid_from: time_of_joining # It does not work when added in `create`. m end diff --git a/app/models/concerns/membership_creator.rb b/app/models/concerns/membership_creator.rb index 7e58c91aa..9e2c793b5 100644 --- a/app/models/concerns/membership_creator.rb +++ b/app/models/concerns/membership_creator.rb @@ -8,7 +8,7 @@ def create(attributes = {}) attributes[:descendant_id] ||= attributes[:user_id] || attributes[:user].try(:id) attributes[:ancestor_type] = "Group" attributes[:descendant_type] = "User" - attributes = attributes.except(:group_id, :user_id) + attributes = attributes.except(:group_id, :user_id, :user, :group) membership = DagLink.create(attributes).becomes(Membership) membership.valid_from ||= Time.zone.now diff --git a/app/models/profile_field.rb b/app/models/profile_field.rb index 1c1cd653d..8f9dc90f1 100644 --- a/app/models/profile_field.rb +++ b/app/models/profile_field.rb @@ -96,6 +96,7 @@ def children_count # Example: For a ProfileFields::FooBar-type profile field, this method returns 'foo_bar'. # def underscored_type + raise 'This profile field has no type!' unless self.type.present? self.type.demodulize.underscore end diff --git a/demo_app/my_platform/Gemfile.lock b/demo_app/my_platform/Gemfile.lock index 679bd7bb5..b6f5a6bfa 100644 --- a/demo_app/my_platform/Gemfile.lock +++ b/demo_app/my_platform/Gemfile.lock @@ -21,7 +21,7 @@ PATH bootstrap-sass (= 3.3.3) bootstrap_tokenfield_rails bundler (>= 1.9.4) - cancan + cancancan carrierwave (~> 0.11) chartkick coffee-rails (>= 4.1.0) @@ -180,7 +180,7 @@ GEM terminal-table (~> 1.4) browser (2.3.0) builder (3.2.3) - cancan (1.6.10) + cancancan (1.16.0) capybara (2.13.0) addressable mime-types (>= 1.16) @@ -413,8 +413,6 @@ GEM prawn (2.0.2) pdf-core (~> 0.6.0) ttfunk (~> 1.4.0) - protected_attributes (1.1.3) - activemodel (>= 4.0.1, < 5.0) pry (0.10.3) coderay (~> 1.1.0) method_source (~> 0.8.1) @@ -478,7 +476,7 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) raindrops (0.15.0) - rake (12.0.0) + rake (10.5.0) rb-fsevent (0.9.6) rb-inotify (0.9.5) ffi (>= 0.5.0) @@ -687,9 +685,9 @@ DEPENDENCIES mysql2! parallel_tests! poltergeist! - protected_attributes! pry! rails (~> 4.2.1)! + rake (< 11.0)! redcarpet! rspec-instafail! rspec-rails (= 2.14.1)! diff --git a/lib/your_platform/engine.rb b/lib/your_platform/engine.rb index 987b591e1..d1d406129 100644 --- a/lib/your_platform/engine.rb +++ b/lib/your_platform/engine.rb @@ -34,7 +34,7 @@ require 'omniauth-facebook' # Authorization -require 'cancan' +require 'cancancan' # Encryption require 'has_secure_token' diff --git a/spec/models/term_reports/for_corporation_spec.rb b/spec/models/term_reports/for_corporation_spec.rb index 57ac0e3ca..043d157fe 100644 --- a/spec/models/term_reports/for_corporation_spec.rb +++ b/spec/models/term_reports/for_corporation_spec.rb @@ -6,7 +6,7 @@ @corporation = create :corporation_with_status_groups @semester_calendar = @corporation.semester_calendars.create year: 2016, term: :winter_term - @event = @corporation.events.create title: "Winter party", start_at: "2016-12-01".to_datetime + @event = @corporation.events.create name: "Winter party", start_at: "2016-12-01".to_datetime @new_member = create :user @corporation.status_groups.first.assign_user @new_member, at: "2016-12-01".to_date diff --git a/your_platform.gemspec b/your_platform.gemspec index d10372838..62982dc3e 100644 --- a/your_platform.gemspec +++ b/your_platform.gemspec @@ -82,7 +82,7 @@ Gem::Specification.new do |s| s.add_dependency 'omniauth-facebook', '~> 3.0.0' # Authorization - s.add_dependency 'cancan' # MIT License + s.add_dependency 'cancancan' # To use ActiveModel has_secure_password (password encryption) s.add_dependency 'bcrypt', '>= 3.0.1' # MIT License From af57e1ae9b11de15831a75e75e2d0730164c8a26 Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Sat, 25 Mar 2017 14:48:45 +0100 Subject: [PATCH 15/18] commenting out redundant step in dag-link repair --- app/models/concerns/dag_link_repair.rb | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/app/models/concerns/dag_link_repair.rb b/app/models/concerns/dag_link_repair.rb index 89dd1a4bc..944c04933 100644 --- a/app/models/concerns/dag_link_repair.rb +++ b/app/models/concerns/dag_link_repair.rb @@ -43,15 +43,18 @@ def recalculate_indirect_counts end def recalculate_indirect_validity_ranges - print "\n\nRecalculate validity ranges of indirect memberships.\n".blue - DagLink.where(anestor_type: "Group", descendant_type: "User", direct: false).each do |membership| - membership.recalculate_validity_range_from_direct_memberships - if membership.save - print "*".blue - else - print ".".green - end - end + # # We don't need this as this is already done in `after_save` + # # when doing `recalculate_indirect_counts`. + # + # print "\n\nRecalculate validity ranges of indirect memberships.\n".blue + # DagLink.where(ancestor_type: "Group", descendant_type: "User", direct: false).each do |membership| + # membership.recalculate_validity_range_from_direct_memberships + # if membership.save + # print "*".blue + # else + # print ".".green + # end + # end end class RedundantLinkRepairer From 20f0c4969d914515a83c683f54e4e2195d0836ef Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Sat, 25 Mar 2017 17:29:45 +0100 Subject: [PATCH 16/18] turbolinks: show button spinner --- app/assets/images/your_platform/spinner.svg | 1 + .../your_platform/turbolinks.js.coffee | 15 +++++++++++++++ .../stylesheets/your_platform/turbolinks.css.sass | 11 +++++++++++ 3 files changed, 27 insertions(+) create mode 100644 app/assets/images/your_platform/spinner.svg create mode 100644 app/assets/stylesheets/your_platform/turbolinks.css.sass diff --git a/app/assets/images/your_platform/spinner.svg b/app/assets/images/your_platform/spinner.svg new file mode 100644 index 000000000..3116a69a9 --- /dev/null +++ b/app/assets/images/your_platform/spinner.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/app/assets/javascripts/your_platform/turbolinks.js.coffee b/app/assets/javascripts/your_platform/turbolinks.js.coffee index 627694638..c4d0a26e2 100644 --- a/app/assets/javascripts/your_platform/turbolinks.js.coffee +++ b/app/assets/javascripts/your_platform/turbolinks.js.coffee @@ -3,3 +3,18 @@ # $(document).on 'turbolinks:before-cache', -> $(".alert").remove() + App.spinner.hide() + +App.spinner = { + hide: -> + $(".spinner").remove() + $(".hidden-by-spinner").removeClass('hidden-by-spinner') + show: (link)-> + link.find('img, i, .glyphicon').addClass('hidden-by-spinner') + link.prepend('') +} + +$(document).on 'turbolinks:click', (event)-> + button = $(event.target) + App.spinner.hide() + App.spinner.show(button) \ No newline at end of file diff --git a/app/assets/stylesheets/your_platform/turbolinks.css.sass b/app/assets/stylesheets/your_platform/turbolinks.css.sass new file mode 100644 index 000000000..006778582 --- /dev/null +++ b/app/assets/stylesheets/your_platform/turbolinks.css.sass @@ -0,0 +1,11 @@ +.spinner + width: 16px + height: 16px + display: inline-block + vertical-align: middle + margin-right: 5px + background: image-url('your_platform/spinner.svg') + background-size: 16px 16px + +.hidden-by-spinner + display: none \ No newline at end of file From da978cb0458fb0dc365da3d6acc56612fce6dfbe Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Sat, 25 Mar 2017 18:11:06 +0100 Subject: [PATCH 17/18] fixing view memberships#index --- app/views/memberships/_memberships_table.html.haml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/app/views/memberships/_memberships_table.html.haml b/app/views/memberships/_memberships_table.html.haml index 203f8899e..4ff89fc3c 100644 --- a/app/views/memberships/_memberships_table.html.haml +++ b/app/views/memberships/_memberships_table.html.haml @@ -13,9 +13,9 @@ %tr %th Id %th - - if @user # All memberships belong to this user. This column specifies the group then. + - if user # All memberships belong to this user. This column specifies the group then. Gruppe - - if @group + - if group Benutzer %th Pfad %th Mitglied seit @@ -27,14 +27,14 @@ %tr{class: ((membership.group && membership.currently_valid?) ? "currently_valid" : "currently_invalid")} %td.copy-to-clipboard{title: "Membership.now_and_in_the_past.find(#{membership.id})"}= membership.id %td - - if @user + - if user - if membership.group = link_to membership.group.name, membership.group - else .alert.alert-danger %strong GRUPPE FEHLT! (Datenfehler) - - if @group + - if group - if membership.user = link_to membership.user.title, membership.user - else @@ -42,7 +42,7 @@ %strong BENUTZER FEHLT! (Datenfehler) %td - - if membership.group && @user + - if membership.group && user %ul - membership.group.ancestor_navables.each do |ancestor| %li= link_to ancestor.title, ancestor From 836dfea557fa17c298655c235f02cb98b3a1e149 Mon Sep 17 00:00:00 2001 From: Sebastian Fiedlschuster Date: Sat, 25 Mar 2017 20:22:26 +0100 Subject: [PATCH 18/18] make dag link recalc validity ranges available for manual access --- app/models/concerns/dag_link_repair.rb | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/app/models/concerns/dag_link_repair.rb b/app/models/concerns/dag_link_repair.rb index 944c04933..a9f48ec8a 100644 --- a/app/models/concerns/dag_link_repair.rb +++ b/app/models/concerns/dag_link_repair.rb @@ -18,7 +18,10 @@ def repair delete_redundant_indirect_links fix_types recalculate_indirect_counts - recalculate_indirect_validity_ranges + # # We don't need this as this is already done in `after_save` + # # when doing `recalculate_indirect_counts`. + # + # recalculate_indirect_validity_ranges end def fix_types @@ -43,18 +46,15 @@ def recalculate_indirect_counts end def recalculate_indirect_validity_ranges - # # We don't need this as this is already done in `after_save` - # # when doing `recalculate_indirect_counts`. - # - # print "\n\nRecalculate validity ranges of indirect memberships.\n".blue - # DagLink.where(ancestor_type: "Group", descendant_type: "User", direct: false).each do |membership| - # membership.recalculate_validity_range_from_direct_memberships - # if membership.save - # print "*".blue - # else - # print ".".green - # end - # end + print "\n\nRecalculate validity ranges of indirect memberships.\n".blue + DagLink.where(ancestor_type: "Group", descendant_type: "User", direct: false).each do |membership| + membership.recalculate_validity_range_from_direct_memberships + if membership.save + print "*".blue + else + print ".".green + end + end end class RedundantLinkRepairer