module Caboose class PagesController < ApplicationController helper :application def before_action @page = Page.page_with_uri('/admin') end # GET /pages/:id def show # Find the page with an exact URI match page = Page.page_with_uri(request.fullpath, false) if (!page) asset return end user = logged_in_user if !user.is_allowed(page, 'view') if user.id == User::LOGGED_OUT_USER_ID redirect_to "/modal/login?return_url=" + URI.encode(request.fullpath) return else page.title = 'Access Denied' #page.content = "
You do not have access to view this page.
" end end if session['use_redirect_urls'] && !page.redirect_url.nil? && page.redirect_url.strip.length > 0 redirect_to page.redirect_url return end page = Caboose.plugin_hook('page_content', page) @page = page @user = user @editmode = !params['edit'].nil? && user.is_allowed('pages', 'edit') ? true : false @crumb_trail = Caboose::Page.crumb_trail(@page) @subnav = Caboose::Page.subnav(@page, session['use_redirect_urls'], @user) #@subnav.links = @tasks.collect {|href, task| {'href' => href, 'text' => task, 'is_current' => uri == href}} end def asset uri = uri.to_s.gsub(/^(.*?)\?.*?$/, '\1') uri.chop! if uri.end_with?('/') uri[0] = '' if uri.starts_with?('/') page = Page.page_with_uri(File.dirname(uri), false) if (page.nil? || !page) render :file => "caboose/extras/error404", :layout => "caboose/error404" return end asset = Asset.where(:page_id => page.id, :filename => File.basename(uri)).first if (asset.nil?) render :file => "caboose/extras/error404", :layout => "caboose/error404" return end user = logged_in_user if (!Page.is_allowed(user, asset.page_id, 'view')) render "caboose/pages/asset_no_permission" return end #Caboose.log(Caboose::assets_path, 'Caboose::assets_path') path = Caboose::assets_path.join("#{asset.id}.#{asset.extension}") #Caboose.log("Sending asset #{path}") #send_file(path) #send_file(path, :filename => "your_document.pdf", :type => "application/pdf") # #$path = ASSETS_PATH ."/". $asset->id .".". $asset->extension # #$finfo = finfo_open(FILEINFO_MIME_TYPE) // return mime type ala mimetype extension #$mime = finfo_file($finfo, $path) #finfo_close($finfo) # #header("X-Sendfile: $path") #header("Content-Type: $mime") #header("Content-Disposition: inline filename=\"$asset->filename\"") end # GET /pages/1/redirect def redirect @page = Page.find(params[:id]) redirect_to "/#{@page.uri}" end #=========================================================================== # Admin actions #=========================================================================== # GET /admin/pages def admin_index return if !user_is_allowed('pages', 'view') @home_page = Page.find(1) render :layout => 'caboose/admin' end # GET /admin/pages/new def admin_new return unless user_is_allowed('pages', 'add') @parent_id = params[:parent_id] ? params[:parent_id] : 1 @parent = Page.find(@parent_id) render :layout => 'caboose/admin' end # GET /admin/pages/:id/edit def admin_edit_general return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) render :layout => 'caboose/admin' end # GET /admin/pages/:id/permissions def admin_edit_permissions return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) render :layout => 'caboose/admin' end # GET /admin/pages/:id/content def admin_edit_content return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) if @page.block.nil? redirect_to "/admin/pages/#{@page.id}/layout" return end @editing = true end # GET /admin/pages/:id/layout def admin_edit_layout return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) render :layout => 'caboose/admin' end # PUT /admin/pages/:id/layout def admin_update_layout return unless user_is_allowed('pages', 'edit') bt = BlockType.find(params[:block_type_id]) Block.where(:page_id => params[:id]).destroy_all Block.create(:page_id => params[:id], :block_type_id => params[:block_type_id], :name => bt.name) resp = Caboose::StdClass.new({ 'redirect' => "/admin/pages/#{params[:id]}/content" }) render :json => resp end # GET /admin/pages/:id/block-order def admin_edit_block_order return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) render :layout => 'caboose/admin' end # PUT /admin/pages/:id/block-order def admin_update_block_order return unless user_is_allowed('pages', 'edit') block_ids = params[:block_ids] i = 0 block_ids.each do |block_id| b = Block.find(block_id) b.sort_order = i b.save i = i + 1 end render :json => true end # GET /admin/pages/:id/new-blocks def admin_new_blocks return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) render :layout => 'caboose/admin' end # GET /admin/pages/:id/css def admin_edit_css return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) render :layout => 'caboose/admin' end # GET /admin/pages/:id/js def admin_edit_js return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) render :layout => 'caboose/admin' end # GET /admin/pages/:id/seo def admin_edit_seo return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) render :layout => 'caboose/admin' end # GET /admin/pages/:id/child-order def admin_edit_child_sort_order return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) render :layout => 'caboose/admin' end # PUT /admin/pages/:id/child-order def admin_update_child_sort_order return unless user_is_allowed('pages', 'edit') @page = Page.find(params[:id]) page_ids = params[:page_ids] i = 0 page_ids.each do |pid| p = Page.find(pid) p.sort_order = i p.save i = i + 1 end render :json => true end # POST /admin/pages def admin_create return unless user_is_allowed('pages', 'add') resp = Caboose::StdClass.new({ 'error' => nil, 'redirect' => nil }) parent_id = params[:parent_id] title = params[:title] if (title.strip.length == 0) resp.error = "A page title is required." elsif (!logged_in_user.is_allowed('all', 'all') && !Page.page_ids_with_permission(logged_in_user, 'edit' ).include?(parent_id) && !Page.page_ids_with_permission(logged_in_user, 'approve').include?(parent_id)) resp.error = "You don't have permission to add a page there." end if (!resp.error.nil?) render json: resp return end parent = Caboose::Page.find(parent_id) page = Caboose::Page.new page.title = title page.parent_id = parent_id page.hide = true page.content_format = Caboose::Page::CONTENT_FORMAT_HTML i = 0 begin page.slug = Page.slug(page.title + (i > 0 ? " #{i}" : "")) page.uri = parent.parent_id == -1 ? page.slug : "#{parent.uri}/#{page.slug}" i = i+1 end while (Page.where(:uri => page.uri).count > 0 && i < 10) page.save # Create the top level block for the page bt = BlockType.find(params[:block_type_id]) Block.create(:page_id => page.id, :block_type_id => params[:block_type_id], :name => bt.name) # Set the new page's permissions viewers = Caboose::PagePermission.where({ :page_id => parent.id, :action => 'view' }).pluck(:role_id) editors = Caboose::PagePermission.where({ :page_id => parent.id, :action => 'edit' }).pluck(:role_id) Caboose::Page.update_authorized_for_action(page.id, 'view', viewers) Caboose::Page.update_authorized_for_action(page.id, 'edit', editors) # Send back the response resp.redirect = "/admin/pages/#{page.id}/edit" render json: resp end # PUT /admin/pages/:id def admin_update return unless user_is_allowed('pages', 'edit') resp = StdClass.new({'attributes' => {}}) page = Page.find(params[:id]) save = true user = logged_in_user params.each do |name, value| case name when 'parent_id' value = value.to_i if page.id == value resp.error = "The page's parent cannot be itself." elsif Page.is_child(page.id, value) resp.error = "You can't set the current page's parent to be one of its child pages." elsif value != page.parent_id p = Page.find(value) if !user.is_allowed(p, 'edit') resp.error = "You don't have access to put the current page there." end end if resp.error save = false else page.parent = Page.find(value) page.save Page.update_uri(page) resp.attributes['parent_id'] = { 'text' => page.parent.title } end when 'custom_css', 'custom_js' value.strip! page[name.to_sym] = value when 'title', 'menu_title', 'hide', 'layout', 'redirect_url', 'seo_title', 'meta_description', 'fb_description', 'gp_description', 'canonical_url' page[name.to_sym] = value when 'linked_resources' result = [] value.each_line do |line| line.chomp! line.strip! next if line.empty? if !(line.ends_with('.js') || line.ends_with('.css')) resp.error = "Resource '#{line}' has an unsupported file type ('#{comps.last}')." save = false end result << line end page.linked_resources = result.join("\n") when 'content_format' page.content_format = value resp.attributes['content_format'] = { 'text' => value } when 'meta_robots' if (value.include?('index') && value.include?('noindex')) resp.error = "You can't have both index and noindex" save = false elsif (value.include?('follow') && value.include?('nofollow')) resp.error = "You can't have both follow and nofollow" save = false else page.meta_robots = value.join(', ') resp.attributes['meta_robots'] = { 'text' => page.meta_robots } end when 'content' page.content = value.strip.gsub(/