show / hide templatized page with visible / hidden content + disable font theme assets for web security reasons

2010-07-19 02:09:10 +02:00 · 2010-07-19 02:09:10 +02:00 · 7dac567cbc
parent 81dc8ea623
commit 7dac567cbc
12 changed files with 83 additions and 25 deletions
--- a/.gitignore
+++ b/.gitignore
@ -13,6 +13,7 @@ public/stylesheets/plugins
 public/javascripts/all.js
 public/javascripts/plugins
 public/images/plugins
 public/fonts
 pkg
 rails_3_gems
 doc/performance.txt
--- a/app/controllers/admin/theme_assets_controller.rb
+++ b/app/controllers/admin/theme_assets_controller.rb
@ -12,7 +12,6 @@ module Admin
      @non_image_assets = assets.find_all { |a| a.stylesheet? || a.javascript? }
      @image_assets = assets.find_all { |a| a.image? }
      @flash_assets = assets.find_all { |a| a.movie? }
      @font_assets = assets.find_all { |a| a.font? }
      if request.xhr?
        render :action => 'images', :layout => false and return
--- a/app/helpers/admin/pages_helper.rb
+++ b/app/helpers/admin/pages_helper.rb
@ -1,6 +1,6 @@
 module Admin::PagesHelper
-  def page_main_url(page)
+  def page_main_url(page, content = nil)
    url = '' 
    if page.site.domains.empty? 
@ -10,7 +10,11 @@ module Admin::PagesHelper
      url += ":#{request.port}" if request.port != 80
    end
    if content.nil?
      File.join(url, page.fullpath)
    else
      File.join(url, page.fullpath.gsub('/content_type_template', ''), content._slug) 
    end
  end  
  def parent_pages_options
--- a/app/models/content_instance.rb
+++ b/app/models/content_instance.rb
@ -9,6 +9,7 @@ class ContentInstance
  ## fields (dynamic fields) ##
  field :_slug
  field :_position_in_list, :type => Integer, :default => 0
  field :_visible, :type => Boolean, :default => true
  ## validations ##
  validate :require_highlighted_field
@ -18,6 +19,7 @@ class ContentInstance
  ## callbacks ##
  before_save :set_slug
  before_save :set_visibility
  before_create :add_to_list_bottom
  ## named scopes ##
@ -25,6 +27,12 @@ class ContentInstance
  ## methods ##
  alias :visible? :_visible?
  def visible?
    self._visible || self._visible.nil?
  end
  def to_liquid
    Locomotive::Liquid::Drops::Content.new(self)
  end
@ -36,6 +44,11 @@ class ContentInstance
    self._slug = self.send(_alias).parameterize('_')
  end
  def set_visibility
    field = self.content_type.content_custom_fields.detect { |f| %w{visible active}.include?(f._alias) }
    self._visible = self.send(field._name) rescue true
  end
  def add_to_list_bottom
    Rails.logger.debug "add_to_list_bottom"
    self._position_in_list = self.content_type.contents.size
--- a/app/models/content_type.rb
+++ b/app/models/content_type.rb
@ -13,7 +13,11 @@ class ContentType
  ## associations ##
  belongs_to_related :site
-  embeds_many :contents, :class_name => 'ContentInstance'
+  embeds_many :contents, :class_name => 'ContentInstance' do
    def visible
      @target.find_all { |c| c.visible? }
    end
  end
  ## callbacks ##
  before_validate :normalize_slug
--- a/app/uploaders/theme_asset_uploader.rb
+++ b/app/uploaders/theme_asset_uploader.rb
@ -26,7 +26,7 @@ class ThemeAssetUploader < AssetUploader
  end
  def extension_white_list
-    %w(jpg jpeg gif png css js swf flv ttf eot)
+    %w(jpg jpeg gif png css js swf flv)
  end
 end
--- a/app/views/admin/sitemaps/show.xml.builder
+++ b/app/views/admin/sitemaps/show.xml.builder
@ -8,11 +8,21 @@ xml.urlset "xmlns" => "http://www.sitemaps.org/schemas/sitemap/0.9" do
  @pages.each do |page|
    if not page.index_or_not_found?
      if page.templatized?
        page.content_type.contents.visible.each do |c|
          xml.url do
            xml.loc page_main_url(page, c)
            xml.priority 0.9
          end
        end
      else
        xml.url do
          xml.loc page_main_url(page)
          xml.priority 0.9
        end
      end
    end
  end
 end
--- a/app/views/admin/theme_assets/index.html.haml
+++ b/app/views/admin/theme_assets/index.html.haml
@ -34,11 +34,3 @@
  %ul.assets
    = render :partial => 'asset', :collection => @flash_assets
    %li.clear
 - if not @font_assets.empty?
  %br
  %h3= t('.fonts')
  %ul.assets
    = render :partial => 'asset', :collection => @font_assets
    %li.clear
--- a/doc/TODO
+++ b/doc/TODO
@ -2,7 +2,6 @@ BOARD:
 - refactor slugify method (use parameterize + create a module)
 - send email when new content added thru api
 - templatized: do not display content with visible / active set to false
 BACKLOG:
@ -64,3 +63,4 @@ x change action icons according to the right action [Sacha]
 x publish event when saving form in ajax (for instance, in order to update account name or site name)
 x page templatized (bound to a model)
 x theme asset picker when editing layout / snippet
 x templatized: do not display content with visible / active set to false
--- a/lib/locomotive/render.rb
+++ b/lib/locomotive/render.rb
@ -37,7 +37,7 @@ module Locomotive
            if page.templatized?
              @content_instance = page.content_type.contents.where(:_slug => File.basename(path.first)).first
-              if @content_instance.nil? # content instance not found
+              if @content_instance.nil? || (!@content_instance.visible? && current_admin.nil?) # content instance not found or not visible
                page = nil
              end
            end
--- a/spec/lib/locomotive/render_spec.rb
+++ b/spec/lib/locomotive/render_spec.rb
@ -79,6 +79,7 @@ describe 'Locomotive rendering system' do
      before(:each) do
        @content_type = Factory.build(:content_type, :site => nil)
        @content = @content_type.contents.build(:_visible => true)
        @page.templatized = true
        @page.content_type = @content_type
        @controller.request.fullpath = '/projects/edeneo.html'
@ -86,9 +87,9 @@ describe 'Locomotive rendering system' do
      end
      it 'sets the content_instance variable' do
-        @content_type.contents.stubs(:where).returns([42])
+        @content_type.contents.stubs(:where).returns([@content])
        @controller.send(:locomotive_page).should_not be_nil
-        @controller.instance_variable_get(:@content_instance).should == 42
+        @controller.instance_variable_get(:@content_instance).should == @content
      end
      it 'returns the 404 page if the instance does not exist' do
@ -99,6 +100,14 @@ describe 'Locomotive rendering system' do
        @controller.instance_variable_get(:@content_instance).should be_nil
      end
      it 'returns the 404 page if the instance is not visible' do
        @content._visible = false
        @content_type.contents.stubs(:where).returns([@content])
        (klass = Page).expects(:published).returns([true])
        @controller.current_site.pages.expects(:not_found).returns(klass)
        @controller.send(:locomotive_page).should be_true
      end
    end
    context 'non published page' do
--- a/spec/models/content_instance_spec.rb
+++ b/spec/models/content_instance_spec.rb
@ -7,18 +7,19 @@ describe ContentInstance do
    @content_type = Factory.build(:content_type)
    @content_type.content_custom_fields.build :label => 'Title', :kind => 'String'
    @content_type.content_custom_fields.build :label => 'Description', :kind => 'Text'
    @content_type.content_custom_fields.build :label => 'Visible ?', :kind => 'Text', :_alias => 'visible'
    @content_type.highlighted_field_name = 'custom_field_1'
  end
-  context 'when validating' do
+  describe '#validation' do
-    it 'should be valid' do
+    it 'is valid' do
      build_content.should be_valid
    end
    # Validations ##
-    it 'should validate presence of title' do
+    it 'requires presence of title' do
      content = build_content :title => nil
      content.should_not be_valid
      content.errors[:title].should == ["can't be blank"]
@ -26,6 +27,31 @@ describe ContentInstance do
  end
  describe '#visibility' do
    before(:each) do
      @content = build_content
    end
    it 'is visible by default' do
      @content._visible?.should be_true
      @content.visible?.should be_true
    end
    it 'can be visible even if it is nil' do
      @content.visible = nil
      @content.send(:set_visibility)
      @content.visible?.should be_true
    end
    it 'can not be visible' do
      @content.visible = false
      @content.send(:set_visibility)
      @content.visible?.should be_false
    end
  end
  def build_content(options = {})
    @content_type.contents.build({ :title => 'Locomotive', :description => 'Lorem ipsum....' }.merge(options))
  end