class ApplicationController < ActionController::Base protect_from_forgery include ParserFrontEnd, ApplicationHelper include OrbitApp::ErrorHandlers::PageErrorHandler include OrbitApp::ErrorHandlers::ObjectAuthErrorHandler include OrbitApp::ErrorHandlers::ModuleAppErrorHandler rescue_from ObjectAuthError, :with => :render_object_auth_error rescue_from ModuleAppError, :with => :render_module_app_error rescue_from PageError, :with => :render_page_error layout :layout_by_resource helper :admin, :orbit_form before_filter :set_site, :set_locale, :prepare_for_mobile helper_attr :site_valid_locales def check_backend_openness if !Site.first.backend_openness_on redirect_to '/users/sign_in' if not (authenticate_user! and is_member? ) end end def check_mobile_api_openness if !Site.first.mobile_api_openness_on redirect_to '/users/sign_in' if not (authenticate_user! and is_member? ) end end def site_restart Resque.enqueue(RestartServer) end def set_current_user User.current = current_or_guest_user UserActionRecoder.perform(current_or_guest_user,params.to_s) end def front_end_available(module_app_title='') app_controller = ModuleApp.first(conditions: {:key => module_app_title} ) unless app_controller.enable_frontend? render :nothing => true end end def get_all_app_engines ary = ["vender/plugins/new_blog"] app_engines = ary.collect{|t| Rails::Engine.find t } app_engines.each{ |t| # t. } end def flaten_controller ary=[] Find.find(File.join(Rails.root , 'vendor/plugins/')) { |name| require_dependency(name) if /_controller\.rb$/ =~ name ary << name } ary end # Find the parent for the given item def find_parent_item @parent_item = Item.first(:conditions => { :id => BSON::ObjectId(params[:parent_id]) }) rescue nil end def auth_failed_in_backend #redirect_to admin_dashboards_url redirect_to root_path end def for_admin_only if is_admin? true else flash[:error] = t("access.denied.not_admin") auth_failed_in_backend end end def for_app_manager if is_manager? true else flash[:error] = t("access.denied.app.not_manager") auth_failed_in_backend end end def for_app_sub_manager if (@module_app.sub_managing_users.include?(current_or_guest_user) || is_manager?) true else flash[:error] = t("access.denied.app.not_sub_manager") auth_failed_in_backend end end def for_app_user if (@module_app.app_auth.auth_users.include?(current_or_guest_user) || for_app_sub_manager ) true else flash[:error] = t("access.denied.app.not_authed_user") auth_failed_in_backend end end def check_object_premission(obj,title) flash[:error] = t("access.denied.object") auth_failed_in_backend unless (obj.get_object_auth_by_title(title).auth_users.include?(current_or_guest_user) || is_manager? || is_admin? ) end # Render the page def render_page(args={}) if @item respond_to do |format| format.html { render :text => parse_page_content(@item,args), :layout => 'page_layout' } format.rss { render_main_rss } format.mobile { redirect_to mobile_path(:app => params[:app]) } end else render :text => '404 Not Found' end end def render_share object_class = params[:model].classify.constantize @object = object_class.find(params[:id]) module_app = ModuleApp.first(:conditions => {:key => params[:key]}) @item = @object.share_item #@item = Item.where(module_app_id: module_app.id).all_of("tag" => {"$in" => [nil,'']},"category" => { "$in" => [nil,'']}).first #binding.pry @orig_url = "http://#{request.host_with_port}/#{@item.path}?id=#{@object.id}" render 'shared/render_share', :layout => false end protected # Set I18n.locale def set_locale # update session if passed session[:locale] = params[:locale] if params[:locale] browser_locale = condition = nil default_locale = condition = nil backup_locale = condition = nil # check if locale is valid for non site pages if LIST[:forbidden_item_names].include?(env['PATH_INFO'].split('/')[1].to_s) condition = VALID_LOCALES.include?(session[:locale]) #check if the default locale is present or not elsif params[:locale] condition = @site.in_use_locales.include?(params[:locale]) elsif (@site.default_locale.present? && @site.enable_language_detection.eql?(false)) default_locale = @site.default_locale condition = @site.in_use_locales.include?(default_locale) elsif (@site.enable_language_detection.eql?(true)) #check enable langauge detection browser_locale = request.env['HTTP_ACCEPT_LANGUAGE'].scan(/^[a-z]{2}/).first rescue nil condition = @site.in_use_locales.include?(browser_locale) elsif (@site.default_locale.nil? && @site.enable_language_detection.eql?(false)) backup_locale = @site.valid_locales.first condition = @site.in_use_locales.include?(backup_locale) end session[:locale] = condition ? ( session[:locale] || default_locale || browser_locale || backup_locale) : I18n.default_locale.to_s I18n.locale = session[:locale].to_sym @site_in_use_locales = @site.in_use_locales @site_valid_locales = site_locales_default_head(@site.valid_locales) end # Set the site variables def set_site # set site if exist or create site @site = Site.first || Site.create({:valid_locales => VALID_LOCALES, :in_use_locales => VALID_LOCALES}) session[:site] = @site.id end def set_current_item session[:current_page] = params[:id] || @item.id rescue nil end def decrypt_data(encrypted_data, encrypted_key, encrypted_iv) site = Site.find(session[:site]) if encrypted_data private_key = OpenSSL::PKey::RSA.new(site.private_key) cipher = OpenSSL::Cipher.new('aes-256-cbc') cipher.decrypt cipher.key = private_key.private_decrypt(encrypted_key) cipher.iv = private_key.private_decrypt(encrypted_iv) decrypted_data = cipher.update(encrypted_data) decrypted_data << cipher.final else '' end end def get_homepage Page.root end def layout_by_resource if devise_controller? "devise" else "application" end end def site_locales_default_head(locales) if locales[0].eql? I18n.locale.to_s Rails.logger.info locales else a = Array.new(locales) shift_out = a.delete(I18n.locale.to_s) [shift_out] + a end end # called (once) when the user logs in, insert any code your application needs # to hand off from guest_user to current_user. def logging_in # For example: # guest_comments = guest_user.comments.all # guest_comments.each do |comment| # comment.user_id = current_user.id # comment.save # end end def render_main_rss ret = '' ret << "/panel/#{@item.module_app.key}/front_end/#{@item.app_frontend_url}.rss" ret << "/#{params[:id]}" if params[:id] && !params[:id].eql?(@item.id.to_s) categories_str=params[:category].collect{|t| "category_id[]=#{t}"}.join('&') tags_str=params[:tag].collect{|t| "tag_id[]=#{t}"}.join('&') categories_str = "&#{categories_str}" unless categories_str.blank? tags_str = "&#{tags_str}" unless tags_str.blank? ret << "?inner=true#{categories_str}#{tags_str}&page_main=#{params[:page_main]}" redirect_to ret end def get_sorted_and_filtered(object_class, query = nil, objects = nil, pagination = true) if params[:filter] || params[:sort] || params[:new_filter] @filter = params[:filter] new_filter = params[:new_filter] if @filter && params[:clear] @filter.delete(params[:type]) elsif @filter && new_filter if @filter.has_key?(new_filter[:type]) && @filter[new_filter[:type]].include?(new_filter[:id].to_s) @filter[new_filter[:type]].delete(new_filter[:id].to_s) elsif @filter.has_key?(new_filter[:type]) @filter[new_filter[:type]] << new_filter[:id].to_s else @filter.merge!({new_filter[:type] => [new_filter[:id].to_s]}) end elsif new_filter @filter = {new_filter[:type] => [new_filter[:id].to_s]} end object_class = object_class.classify.constantize objects ||= get_objects(object_class, query) unless params[:sort].blank? options = params[:sort_options] options = [options] unless options.is_a?(Array) options.each do |option| if object_class.fields.include?(option) if object_class.fields[option].type.to_s.eql?('Object') && !object_class.relations[option].nil? objects = get_objects_from_referenced_objects(object_class.fields[option].options[:class_name].constantize, objects, option) else (objects = objects.order_by(option, params[:direction])) rescue nil end elsif object_class.relations.include?(option) case object_class.relations[option].macro when :references_one a = Array.new objects.each { |object| a << [get_string_value_from_object(object), object] } sorted = params[:direction].eql?('asc') ? a.sort : a.sort.reverse! objects = sorted.collect {|x| x[1] } when :references_many, :references_and_referenced_in_many objects = get_objects_from_self(object_class, objects, option) when :referenced_in objects = get_objects_from_referenced_objects(object_class.relations[option].class_name.constantize, objects, "#{option}_id") end elsif option.eql?('category') category_array = @module_app.categories.inject([]){ |result, value| result << [value.title, value] } params[:direction].eql?('asc') ? category_array.sort! : category_array.sort!.reverse! sorted_objects = Array.new category_array.each do |x| buffer_categories = x[1].buffer_categories buffer_categories.each {|buffer_category| sorted_objects << buffer_category.categorizable } end sorted_objects.flatten! sorted_objects.uniq! objects = get_with_nil(objects, option, sorted_objects) elsif option.eql?('tags') tag_array = @module_app.tags.inject([]){ |result, value| result << [value.name, value] } params[:direction].eql?('asc') ? tag_array.sort! : tag_array.sort!.reverse! sorted_objects = Array.new tag_array.each do |x| taggings = x[1].taggings taggings.each {|tagging| sorted_objects << tagging.taggable } end sorted_objects.flatten! sorted_objects.uniq! objects = get_with_nil(objects, option, sorted_objects) end end end if @filter @filter.each do |key, value| case key when 'status' a = Array.new objects.each do |object| value.each do |v| a << object if object[v] end end objects = a.uniq when 'category' a = Array.new objects.each do |object| a << object if (value.include?(object.category.id.to_s) rescue nil) end objects = a.uniq when 'tags' a = Array.new objects.each do |object| object.tags.each do |tag| a << object if value.include?(tag.id.to_s) end end objects = a.uniq end if value.size > 0 end end else objects = get_viewable(object_class, query) end if (!user_signed_in? && object_class == "bulletin") objects = get_bulletins_for_open_backend(objects) end if pagination Kaminari.paginate_array(filter_authorized_objects(objects)).page(params[:page]).per(10) else filter_authorized_objects(objects) end end def get_bulletins_for_open_backend(objects) objects.select{|object| object.is_rejected == false && object.is_pending == false} end def get_string_value_from_object(object) s = object.name_translations[I18n.locale.to_s] unless s rescue nil s = object.title_translations[I18n.locale.to_s] unless s rescue nil s = object.name unless s rescue nil s = object.title unless s rescue nil s.downcase rescue '' end def get_objects_from_referenced_objects(object_class, objects, option) referer_ids = objects.distinct(option) referenced_objects = object_class.find(referer_ids) rescue nil if referenced_objects a = Array.new referenced_objects.to_a.each { |referer| a << [get_string_value_from_object(referer), referer.id] } sorted = params[:direction].eql?('asc') ? a.sort : a.sort.reverse! sorted_objects = sorted.collect {|x| objects.where(option => x[1]).entries } sorted_objects.flatten! sorted_objects.uniq! get_with_nil(objects, option, sorted_objects) else objects end end def get_objects_from_self(object_class, objects, option) referenced_class = object_class.relations[option].class_name.constantize referenced_objects = referenced_class.all rescue nil if referenced_objects reverse_relation = nil referenced_class.relations.each { |relation| reverse_relation = relation[1].name.to_s if relation[1].class_name.eql?(object_class.to_s) } a = Array.new referenced_objects.each { |referenced_object| a << [get_string_value_from_object(referenced_object), referenced_object] } a.compact! sorted = params[:direction].eql?('asc') ? a.sort : a.sort.reverse! sorted_objects = Array.new sorted.each {|x| sorted_objects << x[1].send(reverse_relation) } sorted_objects.flatten! sorted_objects.uniq! get_with_nil(objects, option, sorted_objects) else objects end end def get_with_nil(objects, option, sorted_objects) tmp = Array.new objects.each { |object| tmp << [get_string_value_from_object(object), object] if (object.send(option).blank? || (object.send(option).size == 0 rescue nil)) } sorted = params[:direction].eql?('asc') ? tmp.sort : tmp.sort.reverse sorted_tmp = sorted.collect {|a| a[1] } a = params[:direction].eql?('asc') ? (sorted_tmp + sorted_objects) : (sorted_objects + sorted_tmp) a.flatten end def get_viewable(object_class, query=nil) object_class = object_class.classify.constantize get_objects(object_class,query).order_by(:created_at, :desc) end def get_objects(object_class, query=nil) if query objects = object_class.where(query) else objects = object_class.all end objects end def filter_authorized_objects(objects) if(!is_admin? || !is_manager?) objects.delete_if{ |object| if object.is_pending == true if check_permission(:manager) object.create_user_id != current_user.id else !object.category.authed_users("approval_#{@module_app.key}").include?(current_user) rescue false end else false end } end objects end private def mobile_device? if session[:mobile_param] session[:mobile_param] == "1" else request.user_agent =~ /iPhone|iPod|Android/ end end def prepare_for_mobile if @site.mobile_on session[:mobile_param] = if request.path =~ /mobile/ '1' elsif params[:mobile] params[:mobile] else session[:mobile_param] end request.format = :mobile if mobile_device? end end end