module RailsConnector # @api public module CmsAccessible protected # Filter method to load a CMS object. # # To require the loading for all actions, use this in your controllers: # before_filter :load_object def load_object CmsEnv.new(request.env).load loaded_obj = request.env[CmsEnv::OBJ_ENV_KEY] raise loaded_obj if loaded_obj.is_a?(StandardError) @obj = loaded_obj end # Filter method to check if the already loaded object is active. If it is # not, a 410 Gone error message will be generate (by calling render_obj_error). # # To require the check for all actions, use this in your controllers: # before_filter :load_object # before_filter :ensure_object_is_active def ensure_object_is_active unless @obj.active? @valid_from = @obj.valid_from @valid_until = @obj.valid_until @obj = nil render_obj_error(410, "gone") return false end return true end # Filter method to check if access to the loaded object is permitted. If it is # not, a 403 Forbidden error message will be generated (by calling render_obj_error) # # To require the check for all actions, use this in your controllers: # before_filter :load_object # before_filter :ensure_object_is_permitted def ensure_object_is_permitted unless is_permitted(@obj) @obj = nil render_obj_error(403, "forbidden") return false end return true end # This method is called when rendering an error caused by either {ensure_object_is_permitted} # or {ensure_object_is_active} before filter. It renders an error template located in # "errors/*.html.erb" with given HTTP status and content type "text/html" and with no layout. # Overwrite this method to change the error page. # @api public def render_obj_error(status, name) force_html_format render( :template => "errors/#{status}_#{name}", :layout => false, :status => status, :content_type => Mime::HTML ) end # Enforce "html" as template format. # @api public def force_html_format request.format = :html end # Inclusion hook to make is_permitted available as helper method. def self.included(base) base.__send__ :helper_method, :is_permitted end # Helper method to check live permissions def is_permitted(obj) obj.permitted_for_user?(current_user) end # Filter method which sets the header 'X-Robots-Tag: unavailable_after' # to the valid_until date of the current object. def set_google_expire_header if @obj && (date = @obj.valid_until) headers['X-Robots-Tag: unavailable_after'] = date.rfc822 end end # Deliver the obj's body as response by file or data. # May respond with status 304 if a If-Modified-Since header is found. # @api public def deliver_file if @obj.body_data_url redirect_to enforce_protocol_from_request(@obj.body_data_url) elsif stale?(:last_modified => @obj.last_changed.utc) mime_type = @obj.mime_type mime_type += '; charset=utf-8' if mime_type =~ /^text\// if (filepath = @obj.body_data_path).present? send_file(File.expand_path(filepath), { :type => mime_type, :filename => @obj.filename, :disposition => 'inline', }) else # generics should send its body, empty files should be delivered as # empty files - and not lead to an application error send_data @obj.body || '', :type => mime_type, :filename => @obj.filename, :disposition => 'inline' end end end end end