modifications for security and stuff
This commit is contained in:
parent
d820db3596
commit
84fca12445
|
@ -1,5 +1,6 @@
|
||||||
class Admin::AskAcknowledgementsController < OrbitAdminController
|
class Admin::AskAcknowledgementsController < OrbitAdminController
|
||||||
helper Admin::AsksHelper
|
helper Admin::AsksHelper
|
||||||
|
before_action ->(module_app = "ask") { set_variables module_app }
|
||||||
def initialize
|
def initialize
|
||||||
super
|
super
|
||||||
@app_title = 'ask_acknowledgement'
|
@app_title = 'ask_acknowledgement'
|
||||||
|
@ -8,13 +9,13 @@ class Admin::AskAcknowledgementsController < OrbitAdminController
|
||||||
def index
|
def index
|
||||||
@ask_acknowledgements = AskAcknowledgement.first || AskAcknowledgement.create
|
@ask_acknowledgements = AskAcknowledgement.first || AskAcknowledgement.create
|
||||||
@url = admin_ask_acknowledgement_path(@ask_acknowledgements)
|
@url = admin_ask_acknowledgement_path(@ask_acknowledgements)
|
||||||
|
@categories = @module_app.categories.map{|cat| [cat.title, cat.id.to_s]}
|
||||||
end
|
end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
@ask_acknowledgements = AskAcknowledgement.first
|
@ask_acknowledgements = AskAcknowledgement.first
|
||||||
@ask_acknowledgements.update_attributes(params.require(:ask_acknowledgement).permit!)
|
@ask_acknowledgements.update_attributes(params.require(:ask_acknowledgement).permit!)
|
||||||
|
|
||||||
redirect_to admin_ask_acknowledgements_path, notice: t('ask.save_success')
|
redirect_to admin_ask_acknowledgements_path, notice: t('ask.save_success')
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -580,7 +580,7 @@ class AsksController < ApplicationController
|
||||||
if host_url == "http://"
|
if host_url == "http://"
|
||||||
host_url = request.protocol + request.host_with_port
|
host_url = request.protocol + request.host_with_port
|
||||||
end
|
end
|
||||||
mail_subject = mail_from+" #{t('ask.new_question')}:"
|
mail_subject = mail_from + " : " + email_er.category.title
|
||||||
email_er.email.update_attributes(
|
email_er.email.update_attributes(
|
||||||
:mail_lang=> site.default_locale,
|
:mail_lang=> site.default_locale,
|
||||||
:create_user=>(current_user rescue nil),
|
:create_user=>(current_user rescue nil),
|
||||||
|
|
|
@ -68,7 +68,7 @@ module Admin::AsksHelper
|
||||||
"<div class=\"show_field\" id=\"#{index1 ? "#{get_input_name_for_ask}[#{index1}][#{field}][#{locale}]" : "#{get_input_name_for_ask}[#{field}][#{locale}]"}\">#{value_locale}</div>".html_safe
|
"<div class=\"show_field\" id=\"#{index1 ? "#{get_input_name_for_ask}[#{index1}][#{field}][#{locale}]" : "#{get_input_name_for_ask}[#{field}][#{locale}]"}\">#{value_locale}</div>".html_safe
|
||||||
end
|
end
|
||||||
end.join + create_lang_panel_for_ask(all_field)).html_safe + combine_element
|
end.join + create_lang_panel_for_ask(all_field)).html_safe + combine_element
|
||||||
|
|
||||||
if sortable
|
if sortable
|
||||||
if exteral_options['style'].nil?
|
if exteral_options['style'].nil?
|
||||||
exteral_options['style'] = 'display: flex;align-items: center;flex-wrap: nowrap;'
|
exteral_options['style'] = 'display: flex;align-items: center;flex-wrap: nowrap;'
|
||||||
|
@ -80,7 +80,7 @@ module Admin::AsksHelper
|
||||||
tmp
|
tmp
|
||||||
end).html_safe
|
end).html_safe
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
tmp = content_tag(:div,{:class => "tab-panel"}.merge(exteral_options)) do
|
tmp = content_tag(:div,{:class => "tab-panel"}.merge(exteral_options)) do
|
||||||
tmp
|
tmp
|
||||||
end
|
end
|
||||||
|
@ -113,7 +113,7 @@ module Admin::AsksHelper
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end.join + create_lang_panel_for_ask(all_field)).html_safe + combine_element
|
end.join + create_lang_panel_for_ask(all_field)).html_safe + combine_element
|
||||||
|
|
||||||
if sortable
|
if sortable
|
||||||
if exteral_options['style'].nil?
|
if exteral_options['style'].nil?
|
||||||
exteral_options['style'] = 'display: flex;align-items: center;flex-wrap: nowrap;'
|
exteral_options['style'] = 'display: flex;align-items: center;flex-wrap: nowrap;'
|
||||||
|
@ -125,7 +125,7 @@ module Admin::AsksHelper
|
||||||
tmp
|
tmp
|
||||||
end).html_safe
|
end).html_safe
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
content_tag(:div,{:class => "tab-panel"}.merge(exteral_options)) do
|
content_tag(:div,{:class => "tab-panel"}.merge(exteral_options)) do
|
||||||
tmp
|
tmp
|
||||||
end
|
end
|
||||||
|
@ -341,8 +341,21 @@ module Admin::AsksHelper
|
||||||
file_value = value[0] rescue nil
|
file_value = value[0] rescue nil
|
||||||
file_path = value[1] rescue nil
|
file_path = value[1] rescue nil
|
||||||
file_required = v['required']=='true'
|
file_required = v['required']=='true'
|
||||||
readonly ? (file_path ? "<a href=\"#{file_path}\" title=\"file\">#{file_value}</a>" : "") : "<div class=\"file-selector\"><label class=\"ui-button\">
|
readonly ? (file_path ? "<a href=\"#{file_path}\" title=\"file\">#{file_value}</a>".html_safe : "") : "<div class=\"file-selector\"><label class=\"ui-button\">
|
||||||
#{file_field_tag(field_name, {:data => {:src => file_path}, style: "position: absolute;width:0.1em;opacity: 0;padding: 0;border: 0;opacity: 0;left: 50%;top: 0;", :class => 'upload', :required => file_required, value: file_value})}
|
#{file_field_tag(field_name, {:data => {:src => file_path}, style: "position: absolute;width:0.1em;opacity: 0;padding: 0;border: 0;opacity: 0;left: 50%;top: 0;", :class => 'upload', :required => file_required, value: file_value, accept: ".doc,.docx,.xls,.xlsx,.ppt,.pptx,.txt,.pdf,.jpg,.jpeg,.bmp,.gif,.png,.odf,.ods,.odt",
|
||||||
|
onchange: "
|
||||||
|
var file = this.files[0];
|
||||||
|
if (!file) return;
|
||||||
|
var maxSize = 20 * 1024 * 1024; // 20MB
|
||||||
|
var allowedExtensions = /\.(doc|docx|xls|xlsx|ppt|pptx|txt|pdf|jpg|jpeg|bmp|gif|png|odf|ods|odt)$/i;
|
||||||
|
if (file.size > maxSize) {
|
||||||
|
alert('File exceeds 20MB limit.');
|
||||||
|
this.value = '';
|
||||||
|
} else if (!allowedExtensions.test(file.name)) {
|
||||||
|
alert('Invalid file type. Allowed: doc, docx, xls, xlsx, ppt, pptx, txt, pdf, jpg, jpeg, bmp, gif, png, odf, ods, odt');
|
||||||
|
this.value = '';
|
||||||
|
}
|
||||||
|
"})}
|
||||||
<i class=\"fa fa-file\"></i> #{t('ask.upload_file')}
|
<i class=\"fa fa-file\"></i> #{t('ask.upload_file')}
|
||||||
</label><div class=\"filename\"></div></div>"
|
</label><div class=\"filename\"></div></div>"
|
||||||
when 'image'
|
when 'image'
|
||||||
|
@ -451,7 +464,7 @@ module Admin::AsksHelper
|
||||||
def page_for_askquestion(askquestion)
|
def page_for_askquestion(askquestion)
|
||||||
ann_page = nil
|
ann_page = nil
|
||||||
pages = Page.where(:module=>'ask')
|
pages = Page.where(:module=>'ask')
|
||||||
|
|
||||||
pages.each do |page|
|
pages.each do |page|
|
||||||
if page.categories.count ==1
|
if page.categories.count ==1
|
||||||
if page.categories.include?(askquestion.category.id.to_s)
|
if page.categories.include?(askquestion.category.id.to_s)
|
||||||
|
|
|
@ -3,4 +3,5 @@ class AskAcknowledgement
|
||||||
include Mongoid::Timestamps
|
include Mongoid::Timestamps
|
||||||
|
|
||||||
field :content, type: Hash,default:{}
|
field :content, type: Hash,default:{}
|
||||||
end
|
field :category_id, type: String
|
||||||
|
end
|
||||||
|
|
|
@ -11,6 +11,10 @@
|
||||||
</style>
|
</style>
|
||||||
<div id="ask-acknowledgements">
|
<div id="ask-acknowledgements">
|
||||||
<%= form_for @ask_acknowledgements, url: @url, html: { class: 'form-horizontal' } do |f| %>
|
<%= form_for @ask_acknowledgements, url: @url, html: { class: 'form-horizontal' } do |f| %>
|
||||||
|
<div class="control-group">
|
||||||
|
<%= f.label :content, t('category'), class: 'control-label' %>
|
||||||
|
<%= f.select :category_id, options_for_select(@categories) %>
|
||||||
|
</div>
|
||||||
<div class="control-group">
|
<div class="control-group">
|
||||||
<%= f.label :content, t('ask.acknowledgements'), class: 'control-label' %>
|
<%= f.label :content, t('ask.acknowledgements'), class: 'control-label' %>
|
||||||
<%= multiple_lang_tag_for_ask(nil,'text_area','content',@ask_acknowledgements.content,{:class=>'ckeditor',placeholder: t('ask.acknowledgements'),rows:10},nil,{'class' => 'controls','style'=>'display: flex;flex-direction: column-reverse;'})
|
<%= multiple_lang_tag_for_ask(nil,'text_area','content',@ask_acknowledgements.content,{:class=>'ckeditor',placeholder: t('ask.acknowledgements'),rows:10},nil,{'class' => 'controls','style'=>'display: flex;flex-direction: column-reverse;'})
|
||||||
|
|
|
@ -3,9 +3,11 @@
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th><%= t('status') %></th>
|
<th><%= t('status') %></th>
|
||||||
<th><%= t('ask.modified_by') %></th>
|
<% if !current_user.nil? %>
|
||||||
<th><%= t('ask.remark') %></th>
|
<th><%= t('ask.modified_by') %></th>
|
||||||
<th><%= t('ask.attachment') %></th>
|
<th><%= t('ask.remark') %></th>
|
||||||
|
<th><%= t('ask.attachment') %></th>
|
||||||
|
<% end %>
|
||||||
<th><%= t('ask.updated_at') %></th>
|
<th><%= t('ask.updated_at') %></th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
|
@ -15,15 +17,17 @@
|
||||||
<td>
|
<td>
|
||||||
<%= @status_mapping[ask_status_history.status] %>
|
<%= @status_mapping[ask_status_history.status] %>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<% if !current_user.nil? %>
|
||||||
<%= ask_status_history.modified_by_name %>
|
<td>
|
||||||
</td>
|
<%= ask_status_history.modified_by_name %>
|
||||||
<td>
|
</td>
|
||||||
<%= ask_status_history.comment %>
|
<td>
|
||||||
</td>
|
<%= ask_status_history.comment %>
|
||||||
<td>
|
</td>
|
||||||
<%= link_to(ask_status_history[:file], ask_status_history.file.url) if ask_status_history.file.present? %>
|
<td>
|
||||||
</td>
|
<%= link_to(ask_status_history[:file], ask_status_history.file.url) if ask_status_history.file.present? %>
|
||||||
|
</td>
|
||||||
|
<% end %>
|
||||||
<td>
|
<td>
|
||||||
<%= ask_status_history.created_at.strftime("%Y-%m-%d %H:%M:%S") %>
|
<%= ask_status_history.created_at.strftime("%Y-%m-%d %H:%M:%S") %>
|
||||||
</td>
|
</td>
|
||||||
|
|
Loading…
Reference in New Issue