module Roroacms class ApplicationController < ActionController::Base before_filter :configure_permitted_parameters, if: :devise_controller? before_filter :set_vars before_filter :check_setup before_filter :add_breadcrumb_fe before_filter :authorize_demo, :except => [:index, :show, :edit, :new] protect_from_forgery helper Roroacms::PrepcontentHelper helper Roroacms::ViewHelper helper Roroacms::MenuHelper helper Roroacms::SeoHelper helper Roroacms::CommentsHelper helper Roroacms::GeneralHelper include Roroacms::GeneralHelper include Roroacms::ViewHelper include Roroacms::PrepcontentHelper include Roroacms::SeoHelper private # Override the generic 404 page to use the 404 in the theme directory def render_404 if File.exists?("#{Rails.root}/app/views/themes/#{current_theme}/error_404.html.erb") render( :template => "themes/#{current_theme}/error_404", :layout => 'layouts/roroacms/application', :status => :not_found) else raise ActionController::RoutingError.new('404: Page was not found') end end # Get the current theme being used by the application def current_theme @theme_folder = Setting.get('theme_folder') end helper_method :current_theme # theme extension def get_theme_ext theme_yaml('view_extension') end helper_method :get_theme_ext # Return the current user data def current_user if !session["warden.user.admin.key"].blank? @current_admin ||= Admin.find_by_id(session["warden.user.admin.key"][0][0]) else nil end end helper_method :current_user # globalize allows access to all of the given content from anywhere def gloalize(content) @content_multiple = content if content.class == ActiveRecord::Relation @content = content end # Return the current user logged in as admin data def current_admin @current_admin ||= current_user end # Returns the current access that is granted to the logged in admin. Allowing you to restrict necessary areas to certain types of user # currently there are only two user types (admin or editor) def current_admin_access if !@current_admin.nil? @current_admin.access_level else false end end # json encode/decode object variable - this is set here because it is used through out helpers/models/controllers def set_vars @json = ActiveSupport::JSON @breadcrumbs ||= [] end # checks if the admin is logged in before anything else def authorize_admin redirect_to admin_login_path and return if current_user.nil? end # devise settings def after_sign_in_path_for(resource) set_sessions(session, current_user) admin_path end # check that the setup is complete if not redirect to the setup area def check_setup redirect_to setup_index_path and return if Setting.get('setup_complete') != 'Y' && params[:controller] != 'roroacms/setup' end # add the home breadcrumb for the front end def add_breadcrumb_fe add_breadcrumb I18n.t("generic.home"), '/', :title => I18n.t("generic.home") if !params[:controller].include?('admin/') end # add a breadcrumb to the breadcrumb hash def add_breadcrumb(name, url = 'javascript:;', atts = {}) hash = { name: name, url: url, atts: atts } @breadcrumbs << hash end # restricts any CRUD functions if you are logged in as the username of demo and you have demonstration mode turned on def authorize_demo if !request.xhr? && !request.get? && ( !current_user.blank? && current_user.username.downcase == 'demo' && Setting.get('demonstration_mode') == 'Y' ) redirect_to :back, flash: { error: I18n.t('generic.demo_notification') } and return end render :inline => 'demo' and return if params[:action] == 'save_menu' && !current_user.blank? && current_user.username.downcase == 'demo' && Setting.get('demonstration_mode') == 'Y' end # protected def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :first_name, :last_name, :username, :access_level, :password_confirmation, :description) } devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :username, :email, :password, :remember_me) } devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :first_name, :last_name, :username, :access_level, :password_confirmation, :description) } end end end