show / hide templatized page with visible / hidden content + disable font theme assets for web security reasons

This commit is contained in:
dinedine 2010-07-19 02:09:10 +02:00
parent 81dc8ea623
commit 7dac567cbc
12 changed files with 83 additions and 25 deletions

1
.gitignore vendored
View File

@ -13,6 +13,7 @@ public/stylesheets/plugins
public/javascripts/all.js
public/javascripts/plugins
public/images/plugins
public/fonts
pkg
rails_3_gems
doc/performance.txt

View File

@ -12,7 +12,6 @@ module Admin
@non_image_assets = assets.find_all { |a| a.stylesheet? || a.javascript? }
@image_assets = assets.find_all { |a| a.image? }
@flash_assets = assets.find_all { |a| a.movie? }
@font_assets = assets.find_all { |a| a.font? }
if request.xhr?
render :action => 'images', :layout => false and return

View File

@ -1,6 +1,6 @@
module Admin::PagesHelper
def page_main_url(page)
def page_main_url(page, content = nil)
url = ''
if page.site.domains.empty?
@ -10,7 +10,11 @@ module Admin::PagesHelper
url += ":#{request.port}" if request.port != 80
end
if content.nil?
File.join(url, page.fullpath)
else
File.join(url, page.fullpath.gsub('/content_type_template', ''), content._slug)
end
end
def parent_pages_options

View File

@ -9,6 +9,7 @@ class ContentInstance
## fields (dynamic fields) ##
field :_slug
field :_position_in_list, :type => Integer, :default => 0
field :_visible, :type => Boolean, :default => true
## validations ##
validate :require_highlighted_field
@ -18,6 +19,7 @@ class ContentInstance
## callbacks ##
before_save :set_slug
before_save :set_visibility
before_create :add_to_list_bottom
## named scopes ##
@ -25,6 +27,12 @@ class ContentInstance
## methods ##
alias :visible? :_visible?
def visible?
self._visible || self._visible.nil?
end
def to_liquid
Locomotive::Liquid::Drops::Content.new(self)
end
@ -36,6 +44,11 @@ class ContentInstance
self._slug = self.send(_alias).parameterize('_')
end
def set_visibility
field = self.content_type.content_custom_fields.detect { |f| %w{visible active}.include?(f._alias) }
self._visible = self.send(field._name) rescue true
end
def add_to_list_bottom
Rails.logger.debug "add_to_list_bottom"
self._position_in_list = self.content_type.contents.size

View File

@ -13,7 +13,11 @@ class ContentType
## associations ##
belongs_to_related :site
embeds_many :contents, :class_name => 'ContentInstance'
embeds_many :contents, :class_name => 'ContentInstance' do
def visible
@target.find_all { |c| c.visible? }
end
end
## callbacks ##
before_validate :normalize_slug

View File

@ -26,7 +26,7 @@ class ThemeAssetUploader < AssetUploader
end
def extension_white_list
%w(jpg jpeg gif png css js swf flv ttf eot)
%w(jpg jpeg gif png css js swf flv)
end
end

View File

@ -8,11 +8,21 @@ xml.urlset "xmlns" => "http://www.sitemaps.org/schemas/sitemap/0.9" do
@pages.each do |page|
if not page.index_or_not_found?
if page.templatized?
page.content_type.contents.visible.each do |c|
xml.url do
xml.loc page_main_url(page, c)
xml.priority 0.9
end
end
else
xml.url do
xml.loc page_main_url(page)
xml.priority 0.9
end
end
end
end
end

View File

@ -34,11 +34,3 @@
%ul.assets
= render :partial => 'asset', :collection => @flash_assets
%li.clear
- if not @font_assets.empty?
%br
%h3= t('.fonts')
%ul.assets
= render :partial => 'asset', :collection => @font_assets
%li.clear

View File

@ -2,7 +2,6 @@ BOARD:
- refactor slugify method (use parameterize + create a module)
- send email when new content added thru api
- templatized: do not display content with visible / active set to false
BACKLOG:
@ -64,3 +63,4 @@ x change action icons according to the right action [Sacha]
x publish event when saving form in ajax (for instance, in order to update account name or site name)
x page templatized (bound to a model)
x theme asset picker when editing layout / snippet
x templatized: do not display content with visible / active set to false

View File

@ -37,7 +37,7 @@ module Locomotive
if page.templatized?
@content_instance = page.content_type.contents.where(:_slug => File.basename(path.first)).first
if @content_instance.nil? # content instance not found
if @content_instance.nil? || (!@content_instance.visible? && current_admin.nil?) # content instance not found or not visible
page = nil
end
end

View File

@ -79,6 +79,7 @@ describe 'Locomotive rendering system' do
before(:each) do
@content_type = Factory.build(:content_type, :site => nil)
@content = @content_type.contents.build(:_visible => true)
@page.templatized = true
@page.content_type = @content_type
@controller.request.fullpath = '/projects/edeneo.html'
@ -86,9 +87,9 @@ describe 'Locomotive rendering system' do
end
it 'sets the content_instance variable' do
@content_type.contents.stubs(:where).returns([42])
@content_type.contents.stubs(:where).returns([@content])
@controller.send(:locomotive_page).should_not be_nil
@controller.instance_variable_get(:@content_instance).should == 42
@controller.instance_variable_get(:@content_instance).should == @content
end
it 'returns the 404 page if the instance does not exist' do
@ -99,6 +100,14 @@ describe 'Locomotive rendering system' do
@controller.instance_variable_get(:@content_instance).should be_nil
end
it 'returns the 404 page if the instance is not visible' do
@content._visible = false
@content_type.contents.stubs(:where).returns([@content])
(klass = Page).expects(:published).returns([true])
@controller.current_site.pages.expects(:not_found).returns(klass)
@controller.send(:locomotive_page).should be_true
end
end
context 'non published page' do

View File

@ -7,18 +7,19 @@ describe ContentInstance do
@content_type = Factory.build(:content_type)
@content_type.content_custom_fields.build :label => 'Title', :kind => 'String'
@content_type.content_custom_fields.build :label => 'Description', :kind => 'Text'
@content_type.content_custom_fields.build :label => 'Visible ?', :kind => 'Text', :_alias => 'visible'
@content_type.highlighted_field_name = 'custom_field_1'
end
context 'when validating' do
describe '#validation' do
it 'should be valid' do
it 'is valid' do
build_content.should be_valid
end
# Validations ##
it 'should validate presence of title' do
it 'requires presence of title' do
content = build_content :title => nil
content.should_not be_valid
content.errors[:title].should == ["can't be blank"]
@ -26,6 +27,31 @@ describe ContentInstance do
end
describe '#visibility' do
before(:each) do
@content = build_content
end
it 'is visible by default' do
@content._visible?.should be_true
@content.visible?.should be_true
end
it 'can be visible even if it is nil' do
@content.visible = nil
@content.send(:set_visibility)
@content.visible?.should be_true
end
it 'can not be visible' do
@content.visible = false
@content.send(:set_visibility)
@content.visible?.should be_false
end
end
def build_content(options = {})
@content_type.contents.build({ :title => 'Locomotive', :description => 'Lorem ipsum....' }.merge(options))
end