diff --git a/Gemfile b/Gemfile index 31285842..0e5d0728 100644 --- a/Gemfile +++ b/Gemfile @@ -9,9 +9,10 @@ gem "bson_ext", ">= 1.0.1" gem "mongo_ext" gem "mongoid", ">= 2.0.0.beta6" gem "mongoid_acts_as_tree", ">= 0.1.2" +gem "mongo_session_store", :git => 'git://github.com/nmerouze/mongo_session_store.git' gem "warden" -gem "devise", ">= 1.1.rc0" -gem "haml", ">= 3.0.1" +gem "devise", ">= 1.1.rc1" +gem "haml", "3.0.1" gem "rmagick", "2.12.2" gem "aws" gem "jeweler" diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb index 5d239d33..6153525f 100644 --- a/app/controllers/admin/base_controller.rb +++ b/app/controllers/admin/base_controller.rb @@ -5,7 +5,7 @@ module Admin layout 'admin/application' - before_filter :authenticate_account! + before_filter :authenticate_admin! before_filter :require_site @@ -48,7 +48,7 @@ module Admin end def set_locale - I18n.locale = current_account.locale + I18n.locale = current_admin.locale end end diff --git a/app/controllers/admin/my_accounts_controller.rb b/app/controllers/admin/my_accounts_controller.rb index c00f07cd..aa50af88 100644 --- a/app/controllers/admin/my_accounts_controller.rb +++ b/app/controllers/admin/my_accounts_controller.rb @@ -4,11 +4,11 @@ module Admin sections 'settings', 'account' def edit - @account = current_account + @account = current_admin end def update - @account = current_account + @account = current_admin if @account.update_attributes(params[:account]) flash_success! redirect_to edit_admin_my_account_url diff --git a/app/controllers/admin/sites_controller.rb b/app/controllers/admin/sites_controller.rb index d8e61944..b0b8a98d 100644 --- a/app/controllers/admin/sites_controller.rb +++ b/app/controllers/admin/sites_controller.rb @@ -11,7 +11,7 @@ module Admin @site = Site.new(params[:site]) if @site.save - @site.memberships.create :account => @current_account, :admin => true + @site.memberships.create :account => @current_admin, :admin => true flash_success! redirect_to edit_admin_my_account_url else @@ -21,7 +21,7 @@ module Admin end def destroy - @site = current_account.sites.detect { |s| s._id == params[:id] } + @site = current_admin.sites.detect { |s| s._id == params[:id] } if @site != current_site @site.destroy diff --git a/app/helpers/admin/accounts_helper.rb b/app/helpers/admin/accounts_helper.rb index fa83b42d..36409cf0 100644 --- a/app/helpers/admin/accounts_helper.rb +++ b/app/helpers/admin/accounts_helper.rb @@ -1,7 +1,7 @@ module Admin::AccountsHelper def admin_on?(site = current_site) - site.memberships.detect { |a| a.admin? && a.account == current_account } + site.memberships.detect { |a| a.admin? && a.account == current_admin } end end diff --git a/app/views/admin/current_sites/_form.html.haml b/app/views/admin/current_sites/_form.html.haml index 863888d9..8694af9d 100644 --- a/app/views/admin/current_sites/_form.html.haml +++ b/app/views/admin/current_sites/_form.html.haml @@ -40,6 +40,6 @@ %li{ :class => "item #{'last' if index == @site.memberships.size - 1}" } %strong= account.name %em= account.email - - if account != current_account + - if account != current_admin %span.actions = link_to image_tag('admin/form/icons/trash.png'), admin_membership_url(membership), :class => 'remove first', :confirm => t('admin.messages.confirm'), :method => :delete \ No newline at end of file diff --git a/app/views/admin/passwords/edit.html.haml b/app/views/admin/passwords/edit.html.haml index 758151ad..a5463c1f 100644 --- a/app/views/admin/passwords/edit.html.haml +++ b/app/views/admin/passwords/edit.html.haml @@ -1,6 +1,6 @@ - title t('.title') -= semantic_form_for(resource, :as => resource_name, :url => password_path, :html => { :method => :put }) do |f| += semantic_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| = f.hidden_field :reset_password_token @@ -12,7 +12,7 @@ = f.input :password_confirmation, :label => t('.password_confirmation'), :required => false %p.link - = link_to t('.link'), new_account_session_path + = link_to t('.link'), new_admin_session_path .footer = login_button_tag t('admin.buttons.change_password') diff --git a/app/views/admin/passwords/new.html.haml b/app/views/admin/passwords/new.html.haml index bea73ba5..e43b69a5 100644 --- a/app/views/admin/passwords/new.html.haml +++ b/app/views/admin/passwords/new.html.haml @@ -1,6 +1,6 @@ - title t('.title') -= semantic_form_for(resource, :as => resource_name, :url => password_path) do |f| += semantic_form_for(resource, :as => resource_name, :url => password_path(resource_name)) do |f| = f.hidden_field :reset_password_token @@ -11,7 +11,7 @@ = f.input :email, :label => t('.email'), :required => false %p.link - = link_to t('.link'), new_account_session_path + = link_to t('.link'), new_admin_session_path .footer = login_button_tag t('admin.buttons.send_password') \ No newline at end of file diff --git a/app/views/admin/sessions/new.html.haml b/app/views/admin/sessions/new.html.haml index 76076c86..b3d8df62 100644 --- a/app/views/admin/sessions/new.html.haml +++ b/app/views/admin/sessions/new.html.haml @@ -9,7 +9,7 @@ = f.input :password, :label => t('.password'), :required => false %p.link - = link_to t('.link'), new_password_path + = link_to t('.link'), new_admin_password_path .footer = login_button_tag t('admin.buttons.login') diff --git a/app/views/admin/shared/_header.html.haml b/app/views/admin/shared/_header.html.haml index 116cc142..5fd976d0 100644 --- a/app/views/admin/shared/_header.html.haml +++ b/app/views/admin/shared/_header.html.haml @@ -1,8 +1,8 @@ %h1= link_to current_site.name, '#' #global-actions-bar - = t('.welcome', :name => link_to(current_account.name, edit_admin_my_account_url)) + = t('.welcome', :name => link_to(current_admin.name, edit_admin_my_account_url)) %span= '|' = link_to t('.see'), main_site_url %span= '|' - = link_to t('.logout'), destroy_account_session_url, :confirm => t('admin.messages.confirm') \ No newline at end of file + = link_to t('.logout'), destroy_admin_session_url, :confirm => t('admin.messages.confirm') \ No newline at end of file diff --git a/app/views/devise/confirmations/new.html.haml b/app/views/devise/confirmations/new.html.haml deleted file mode 100644 index baac47f6..00000000 --- a/app/views/devise/confirmations/new.html.haml +++ /dev/null @@ -1,12 +0,0 @@ -%h2 - Resend confirmation instructions -= form_for(resource_name, resource, :url => confirmation_path(resource_name)) do |f| -= f.error_messages -%p - = f.label :email -%p - = f.text_field :email -%p - = f.submit "Resend confirmation instructions" -- end -= render :partial => "devise/shared/links" diff --git a/app/views/devise/mailer/reset_password_instructions.html.haml b/app/views/devise/mailer/reset_password_instructions.html.haml index 24d2eea1..67cc4934 100644 --- a/app/views/devise/mailer/reset_password_instructions.html.haml +++ b/app/views/devise/mailer/reset_password_instructions.html.haml @@ -5,7 +5,7 @@ %p Someone has requested a link to change your password, and you can do this through the link below. %p - = link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) + = link_to 'Change my password', edit_admin_password_url(@resource, :reset_password_token => @resource.reset_password_token) %p If you didn't request this, please ignore this email. %p diff --git a/app/views/devise/registrations/edit.html.haml b/app/views/devise/registrations/edit.html.haml deleted file mode 100644 index cb69d96b..00000000 --- a/app/views/devise/registrations/edit.html.haml +++ /dev/null @@ -1,35 +0,0 @@ -%h2 - Edit - = resource_name.to_s.humanize -= form_for(resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put }) do |f| -= f.error_messages -%p - = f.label :email -%p - = f.text_field :email -%p - = f.label :password - %i - (leave blank if you don't want to change it) -%p - = f.password_field :password -%p - = f.label :password_confirmation -%p - = f.password_field :password_confirmation -%p - = f.label :current_password - %i - (we need your current password to confirm your changes) -%p - = f.password_field :current_password -%p - = f.submit "Update" -- end -%h3 - Cancel my account -%p - Unhappy? - = link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete - \. -= link_to "Back", :back diff --git a/app/views/devise/registrations/new.html.haml b/app/views/devise/registrations/new.html.haml deleted file mode 100644 index 70740a1d..00000000 --- a/app/views/devise/registrations/new.html.haml +++ /dev/null @@ -1,20 +0,0 @@ -%h2 - Sign up -= form_for(resource_name, resource, :url => registration_path(resource_name)) do |f| -= f.error_messages -%p - = f.label :email -%p - = f.text_field :email -%p - = f.label :password -%p - = f.password_field :password -%p - = f.label :password_confirmation -%p - = f.password_field :password_confirmation -%p - = f.submit "Sign up" -- end -= render :partial => "devise/shared/links" diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml deleted file mode 100644 index f6114871..00000000 --- a/app/views/devise/sessions/new.html.haml +++ /dev/null @@ -1,22 +0,0 @@ - - -/ = form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| -/ %p -/ = f.label :email -/ %p -/ = f.text_field :email -/ -/ %p -/ = f.label :password -/ %p -/ = f.password_field :password -/ -/ - if devise_mapping.rememberable? -/ %p -/ = f.check_box :remember_me -/ = f.label :remember_me -/ -/ %p -/ = f.submit "Sign in" -/ -/ = link_to "Forgot your password?", new_password_path(resource_name) \ No newline at end of file diff --git a/app/views/devise/shared/_links.haml b/app/views/devise/shared/_links.haml deleted file mode 100644 index 682e3bfb..00000000 --- a/app/views/devise/shared/_links.haml +++ /dev/null @@ -1,20 +0,0 @@ -- if controller_name != 'sessions' -= link_to "Sign in", new_session_path(resource_name) -%br -- end -- if devise_mapping.registerable? && controller_name != 'registrations' -= link_to "Sign up", new_registration_path(resource_name) -%br -- end -- if devise_mapping.recoverable? && controller_name != 'passwords' -= link_to "Forgot your password?", new_password_path(resource_name) -%br -- end -- if devise_mapping.confirmable? && controller_name != 'confirmations' -= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) -%br -- end -- if devise_mapping.lockable? && controller_name != 'unlocks' -= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) -%br -- end diff --git a/app/views/devise/unlocks/new.html.haml b/app/views/devise/unlocks/new.html.haml deleted file mode 100644 index 16d1f505..00000000 --- a/app/views/devise/unlocks/new.html.haml +++ /dev/null @@ -1,12 +0,0 @@ -%h2 - Resend unlock instructions -= form_for(resource_name, resource, :url => unlock_path(resource_name)) do |f| -= f.error_messages -%p - = f.label :email -%p - = f.text_field :email -%p - = f.submit "Resend unlock instructions" -- end -= render :partial => "devise/shared/links" diff --git a/config/application.rb b/config/application.rb index 4c2362e3..8214ba45 100644 --- a/config/application.rb +++ b/config/application.rb @@ -40,10 +40,14 @@ module Locomotive # g.template_engine :erb # g.test_framework :test_unit, :fixture => true # end + + # Configure the default encoding used in templates for Ruby 1.9. + config.encoding = "utf-8" # Configure sensitive parameters which will be filtered from the log file. config.filter_parameters << :password - - config.secret_token = '968a457262807c64e3ed5609882e17a774b917f5bcf2d308bd37eac4ba4d416d5692e6b13d77523fddb94c1dd603f160db8492b86b5e0203240bf339fe2aeae4' + + # config.action_controller.session_store :cookie_store, { :key => "_myapp_session" } + # config.secret_token = '968a457262807c64e3ed5609882e17a774b917f5bcf2d308bd37eac4ba4d416d5692e6b13d77523fddb94c1dd603f160db8492b86b5e0203240bf339fe2aeae4' end end diff --git a/config/boot.rb b/config/boot.rb index 29c9d506..712b0981 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,17 +1,6 @@ -# Use Bundler (preferred) -begin - require File.expand_path('../../.bundle/environment', __FILE__) -rescue LoadError - require 'rubygems' +require 'rubygems' +# Set up gems listed in the Gemfile. +if File.exist?(File.expand_path('../../Gemfile', __FILE__)) require 'bundler' Bundler.setup - - # To use 2.x style vendor/rails and RubyGems - # - # vendor_rails = File.expand_path('../../vendor/rails', __FILE__) - # if File.exist?(vendor_rails) - # Dir["#{vendor_rails}/*/lib"].each { |path| $:.unshift(path) } - # end - # - # require 'rubygems' end diff --git a/config/initializers/mongoid.rb b/config/initializers/mongoid.rb index 4599492f..3b17b715 100644 --- a/config/initializers/mongoid.rb +++ b/config/initializers/mongoid.rb @@ -15,21 +15,10 @@ module Mongoid #:nodoc: end end - # Rails.logger.debug "conditions = #{conditions.inspect} / #{options[:scope].inspect}" - return if document.class.where(conditions).empty? - # if document.new_record? || key_changed?(document) - document.errors.add(attribute, :taken, :default => options[:message], :value => value) - # end + document.errors.add(attribute, :taken, :default => options[:message], :value => value) end - - # protected - # def key_changed?(document) - # (document.primary_key || {}).each do |key| - # return true if document.send("#{key}_changed?") - # end; false - # end end end @@ -42,4 +31,14 @@ module Mongoid #:nodoc: end end end + + # FIX BUG about accepts_nested_attributes_for + module Document + module InstanceMethods + def remove(child) + name = child.association_name + @attributes.remove(name, child.raw_attributes) + end + end + end end \ No newline at end of file diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb new file mode 100644 index 00000000..5dcbc0e9 --- /dev/null +++ b/config/initializers/secret_token.rb @@ -0,0 +1,7 @@ +# Be sure to restart your server when you modify this file. + +# Your secret key for verifying the integrity of signed cookies. +# If you change this key, all old signed cookies will become invalid! +# Make sure the secret is at least 30 characters and all random, +# no regular words or you'll be exposed to dictionary attacks. +Rails.application.config.secret_token = 'aa84844b97e90edda8e005a686d82c3bef1f8e20a1255301f1d0886fc592a45ef2393d64b0c3d3ea858b1f6406ad6f15305666264716a79fcfa17de93ad0d69d' diff --git a/config/routes.rb b/config/routes.rb index f4c566d9..ddc146a3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,14 +6,8 @@ Rails.application.routes.draw do |map| end # admin authentication - Devise.register(:accounts, :controllers => { :sessions => 'admin/sessions', :passwords => 'admin/passwords' }) # bypass the devise_for :accounts - scope '/admin' do - get 'login' => 'admin/sessions#new', :as => :new_account_session - post 'login' => 'admin/sessions#create', :as => :account_session - get 'logout' => 'admin/sessions#destroy', :as => :destroy_account_session - resource :password, :only => [:new, :create, :edit, :update], :controller => 'admin/passwords' - end - + devise_for :admin, :class_name => 'Account', :controllers => { :sessions => 'admin/sessions', :passwords => 'admin/passwords' } + # admin interface for each website namespace 'admin' do root :to => 'pages#index' diff --git a/doc/TODO b/doc/TODO index cc91619e..0d71129a 100644 --- a/doc/TODO +++ b/doc/TODO @@ -1,16 +1,15 @@ BOARD: - deploy on Heroku -- password resets (url is not handled correctly) -- mongoid hack for nested attributes +- convert 2 plugins into gems (mongo_session_store / actionmailer_with_request) BACKLOG: -- devise messages in French -- localize devise emails - -- cucumber features for admin pages -- refactoring admin crud (pages + layouts + snippets) +- localize application in French + - admin + - devise + - carrierwave + - localize devise emails - theme assets: disable version if not image @@ -18,8 +17,10 @@ BACKLOG: - file - boolean - date - + +- refactoring admin crud (pages + layouts + snippets) - refactor slugify method (use parameterize + create a module) +- cucumber features for admin pages BUGS: @@ -117,4 +118,6 @@ x make an engine: x move initializers to lib/... x helpers do not work x missing translation in english -x api security option in content types \ No newline at end of file +x api security option in content types +x password resets (url is not handled correctly) +x mongoid hack for nested attributes \ No newline at end of file diff --git a/features/admin/login.feature b/features/admin/login.feature index cf4f4dd0..a37a5785 100644 --- a/features/admin/login.feature +++ b/features/admin/login.feature @@ -6,14 +6,14 @@ Feature: Login Scenario: Successful authentication When I go to login - And I fill in "account_email" with "admin@locomotiveapp.org" - And I fill in "account_password" with "easyone" + And I fill in "admin_email" with "admin@locomotiveapp.org" + And I fill in "admin_password" with "easyone" And I press "Log in" Then I should see "Listing pages" Scenario: Failed authentication When I go to login - And I fill in "account_email" with "admin@locomotiveapp.org" - And I fill in "account_password" with "" + And I fill in "admin_email" with "admin@locomotiveapp.org" + And I fill in "admin_password" with "" And I press "Log in" Then I should not see "Listing pages" \ No newline at end of file diff --git a/features/admin/pages.feature b/features/admin/pages.feature index 62ab2e98..c8e57b55 100644 --- a/features/admin/pages.feature +++ b/features/admin/pages.feature @@ -8,7 +8,7 @@ Feature: Manage Skills Scenario: Pages list is not accessible for non authenticated accounts Given I am not authenticated When I go to pages - Then I should see "Login" + Then I should see "Log in" Scenario: Creating a valid page When I go to pages diff --git a/features/step_definitions/admin_steps.rb b/features/step_definitions/admin_steps.rb index 7b8a603f..3999cb49 100644 --- a/features/step_definitions/admin_steps.rb +++ b/features/step_definitions/admin_steps.rb @@ -10,14 +10,14 @@ end ### Authentication Given /^I am not authenticated$/ do - visit('/admin/logout') + visit('/admin/sign_out') end Given /^I am an authenticated user$/ do Given %{I go to login} - And %{I fill in "account_email" with "admin@locomotiveapp.org"} - And %{I fill in "account_password" with "easyone"} + And %{I fill in "admin_email" with "admin@locomotiveapp.org"} + And %{I fill in "admin_password" with "easyone"} And %{I press "Log in"} end diff --git a/features/support/env.rb b/features/support/env.rb index 109bbabd..d1af0cec 100644 --- a/features/support/env.rb +++ b/features/support/env.rb @@ -37,23 +37,11 @@ require 'factory_girl' require 'spec/factories' Before do - Mongoid.master.collections.each(&:drop) + Mongoid.master.collections.select { |c| c.name != 'system.indexes' }.each(&:drop) end Locomotive.configure do |config| config.default_domain = 'example.com' end -# class ActionController::Integration::Session -# def reset_with_test_subdomain! -# self.reset_without_test_subdomain! -# self.host = "test.example.com" -# end -# alias_method_chain :reset!, :test_subdomain -# end -# -# class ActionDispatch::Integration::Session -# DEFAULT_HOST = 'test.example.com' -# end - Capybara.default_host = 'test.example.com' \ No newline at end of file diff --git a/features/support/paths.rb b/features/support/paths.rb index 3c015e7e..6d80775f 100644 --- a/features/support/paths.rb +++ b/features/support/paths.rb @@ -11,9 +11,9 @@ module NavigationHelpers when /the home\s?page/ '/' when /login/ - new_account_session_path + new_admin_session_path when /logout/ - destroy_account_session_path + destroy_admin_session_path when /pages/ admin_pages_path diff --git a/lib/locomotive.rb b/lib/locomotive.rb index d00359cc..05c928cb 100644 --- a/lib/locomotive.rb +++ b/lib/locomotive.rb @@ -3,6 +3,8 @@ require 'locomotive/configuration' require 'locomotive/liquid' require 'locomotive/mongoid' +require 'mongo_session_store/mongoid' + module Locomotive class << self @@ -26,7 +28,7 @@ module Locomotive ActionMailer::Base.default_url_options[:host] = Locomotive.config.default_domain + (Rails.env.development? ? ':3000' : '') - Rails.application.config.session_store :cookie_store, { + Rails.application.config.session_store :mongoid_store, { :key => Locomotive.config.cookie_key, :domain => ".#{Locomotive.config.default_domain}" } diff --git a/lib/locomotive/render.rb b/lib/locomotive/render.rb index 0fbdd13c..02dff333 100644 --- a/lib/locomotive/render.rb +++ b/lib/locomotive/render.rb @@ -24,7 +24,7 @@ module Locomotive path = 'index' if path.blank? if page = current_site.pages.where(:fullpath => path).first - if not page.published? and current_account.nil? + if not page.published? and current_admin.nil? page = nil end end diff --git a/lib/locomotive/routing/site_dispatcher.rb b/lib/locomotive/routing/site_dispatcher.rb index ad034622..b0d11a19 100644 --- a/lib/locomotive/routing/site_dispatcher.rb +++ b/lib/locomotive/routing/site_dispatcher.rb @@ -31,7 +31,7 @@ module Locomotive end def validate_site_membership - return if current_site && current_site.accounts.include?(current_account) + return if current_site && current_site.accounts.include?(current_admin) redirect_to application_root_url end diff --git a/spec/lib/locomotive/render_spec.rb b/spec/lib/locomotive/render_spec.rb index 2ce34e05..3357e3f7 100644 --- a/spec/lib/locomotive/render_spec.rb +++ b/spec/lib/locomotive/render_spec.rb @@ -61,7 +61,7 @@ describe 'Locomotive rendering system' do before(:each) do @page.published = false - @controller.current_account = nil + @controller.current_admin = nil end it 'should return the 404 page if the page has not been published yet' do @@ -72,7 +72,7 @@ describe 'Locomotive rendering system' do end it 'should not return the 404 page if the page has not been published yet and admin is logged in' do - @controller.current_account = true + @controller.current_admin = true @controller.request.fullpath = '/contact' @controller.current_site.pages.expects(:where).with({ :fullpath => 'contact' }).returns([@page]) @controller.send(:locomotive_page).should == @page diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index a1bb99aa..464ab3ea 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -12,6 +12,6 @@ Rspec.configure do |config| config.mock_with :mocha config.before(:each) do - Mongoid.master.collections.each(&:drop) + Mongoid.master.collections.select { |c| c.name != 'system.indexes' }.each(&:drop) end end diff --git a/spec/support/locomotive.rb b/spec/support/locomotive.rb index c88be1e1..deb902c0 100644 --- a/spec/support/locomotive.rb +++ b/spec/support/locomotive.rb @@ -7,7 +7,7 @@ module Locomotive include Locomotive::Render - attr_accessor :output, :current_site, :current_account + attr_accessor :output, :current_site, :current_admin def render(options = {}) self.output = options[:text] diff --git a/vendor/plugins/custom_fields/Gemfile b/vendor/plugins/custom_fields/Gemfile index a0698497..917f1e48 100644 --- a/vendor/plugins/custom_fields/Gemfile +++ b/vendor/plugins/custom_fields/Gemfile @@ -3,7 +3,7 @@ source "http://gemcutter.org" gem "bson_ext", ">= 1.0.1" gem "mongo_ext" gem "mongoid", ">= 2.0.0.beta6" -gem "activesupport", ">= 3.0.0.beta3" +gem "activesupport", ">= 3.0.0.beta4" group :test do gem 'rspec', '>= 2.0.0.beta.10'