diff --git a/temp_file/app/controllers/admin/playground_controller.rb b/temp_file/app/controllers/admin/playground_controller.rb
index 0f84aee..bc4f50d 100644
--- a/temp_file/app/controllers/admin/playground_controller.rb
+++ b/temp_file/app/controllers/admin/playground_controller.rb
@@ -192,6 +192,6 @@ class Admin::PlaygroundController < OrbitAdminController
end
def check_for_testers
- render_401 if !current_user.beta_tester && current_user.user_name != "rulingcom"
+ render_401 if !current_user.beta_tester
end
end
\ No newline at end of file
diff --git a/temp_file/app/controllers/admin/sites_controller.rb b/temp_file/app/controllers/admin/sites_controller.rb
index 223f3ad..98b8f3a 100644
--- a/temp_file/app/controllers/admin/sites_controller.rb
+++ b/temp_file/app/controllers/admin/sites_controller.rb
@@ -1,7 +1,19 @@
class Admin::SitesController < OrbitAdminController
before_filter :set_git_branch, :only=>[:check_updates, :update_orbit]
include Admin::GmailHelper
- include BundlerHelper
+ begin
+ include BundlerHelper
+ rescue
+ def bundler_with_clean_env
+ if block_given?
+ if Bundler.respond_to?(:with_unbundled_env)
+ Bundler.with_unbundled_env(&Proc.new)
+ else
+ Bundler.with_clean_env(&Proc.new)
+ end
+ end
+ end
+ end
helper_method :GeneratePermissionUrl
def get_all_databases
nginx_exe = %x[ps -o args -C nginx| grep 'daemon'| awk '{print $4}'].split("\n")[0]
@@ -156,9 +168,9 @@ class Admin::SitesController < OrbitAdminController
@params = params
search_grep = params[:keywords].blank? ? nil : "|grep '#{params[:keywords]}'"
system_head = search_grep ? "-n #{@max_system_page*limit_num} #{search_grep} | head -n #{@system_page*limit_num||limit_num}" : "-n #{@system_page*limit_num}"
- @system_logs = Kaminari.paginate_array(%x[journalctl -x --no-pager -r -o json #{system_head} | tail -#{limit_num}].split("\n").collect{|v| JSON.parse(v)}).page(1).per(limit_num) if @system_page != 0
- @mongo_logs = Kaminari.paginate_array(%x[cat /var/log/mongodb/mongod.log*|grep error#{search_grep}|tac].split("\n").collect{|v| v.scan(/^((?:(?! ).)*) (.*)/)[0]}).page(@mongo_page).per(limit_num) if @mongo_page != 0
- @nginx_logs = Kaminari.paginate_array(%x[cat /var/log/nginx/error.log#{search_grep}|tac].split("\n").collect{|v| v.scan(/^((?:(?!\[).)*)\[error\] (.*)/)[0]}.compact).page(@nginx_page).per(limit_num) if @nginx_page != 0
+ @system_logs = Kaminari.paginate_array(%x[journalctl -x --no-pager -r -o json #{system_head} | tail -#{limit_num}].encode!("UTF-8", :invalid => :replace, :undef => :replace, :replace => '').split("\n").collect{|v| JSON.parse(v)}).page(1).per(limit_num) if @system_page != 0
+ @mongo_logs = Kaminari.paginate_array(%x[cat /var/log/mongodb/mongod.log*|grep error#{search_grep}|tac].encode!("UTF-8", :invalid => :replace, :undef => :replace, :replace => '').split("\n").collect{|v| v.scan(/^((?:(?! ).)*) (.*)/)[0]}).page(@mongo_page).per(limit_num) if @mongo_page != 0
+ @nginx_logs = Kaminari.paginate_array(%x[cat /var/log/nginx/error.log#{search_grep}|tac].encode!("UTF-8", :invalid => :replace, :undef => :replace, :replace => '').split("\n").collect{|v| v.scan(/^((?:(?!\[).)*)\[error\] (.*)/)[0]}.compact).page(@nginx_page).per(limit_num) if @nginx_page != 0
@mail_crons = Email.can_deliver.desc(:created_at)
diff --git a/temp_file/app/controllers/sessions_controller.rb b/temp_file/app/controllers/sessions_controller.rb
index caf12b2..f253cce 100644
--- a/temp_file/app/controllers/sessions_controller.rb
+++ b/temp_file/app/controllers/sessions_controller.rb
@@ -8,17 +8,24 @@ class SessionsController < ApplicationController
def new
if session[:user_id]
- redirect_to get_referer_from_params(current_site) and return
+ redirect_to get_referer_from_params(@site) and return
+ elsif @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user))
+ render(:plain => t('privileged_ip_login_only'), :status => 403) and return
end
end
def show
user_name = []
if params["_method"].present?
- render :text => "Invalid format", :status => 403
+ flash.now.alert = "Invalid format"
+ render "new" and return
end
begin
+ if @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user))
+ render(:plain => t('privileged_ip_login_only'), :status => 403) and return
+ end
if params[:user_name].blank?
- render(:text => "Invalid format", :status => 403) and return
+ flash.now.alert = "Invalid format"
+ render "new" and return
end
if !params[:user_name].include?('@')
user = User.where(:user_name=>params['user_name']).first
@@ -37,7 +44,7 @@ class SessionsController < ApplicationController
end
else
user_email = params[:user_name]
- members = MemberProfile.where(:email=>params[:user_name]).take_while{true}
+ members = MemberProfile.where(:email=>params[:user_name]).to_a
members.each do |member_profile|
user = User.where(:member_profile_id=>member_profile.id).first
if user
@@ -56,7 +63,7 @@ class SessionsController < ApplicationController
headers["Content-Disposition"] = "form-data; name=\"JsonString\""
respond_to do |format|
format.json { render :json => params }
- format.any { render :text => "Invalid format", :status => 403 }
+ format.any { render :plain => "Invalid format", :status => 403 }
end
rescue
render :json => params,:status=>403
@@ -83,8 +90,12 @@ class SessionsController < ApplicationController
params = params || request.params
session = session || request.session
flash = flash || request.flash
+ if @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user))
+ render(:plain => t('privileged_ip_login_only'), :status => 403) and return
+ end
if params[:user_name].blank?
- render(:text => "Invalid format", :status => 403) and return
+ flash.now.alert = "Invalid format"
+ render "new" and return
end
if !params[:user_name].include?('@')
user = User.find_by(user_name: params[:user_name]) rescue nil
@@ -95,9 +106,10 @@ class SessionsController < ApplicationController
user = User.find_by(user_name: params[:user_name]) rescue nil
end
end
- site = ApplicationHelper::CurrentSite
+ site = @site
if UserLoginLog.where(user_name: params[:user_name],status: false,:created_at.gte => Time.now-(site.password_failed_lock_time.minutes rescue 1.minutes)).count>=(site.password_failed_lock_num rescue 5)
- render :text => I18n.t('account_lock_note',time: (site.password_failed_lock_time rescue 1),num: (site.password_failed_lock_num rescue 5)),:status=> 403 and return
+ flash.now.alert = I18n.t('account_lock_note',time: (site.password_failed_lock_time rescue 1),num: (site.password_failed_lock_num rescue 5))
+ render "new" and return
end
user_login_log = UserLoginLog.create(user_name: params[:user_name])
login_flag = false
@@ -204,7 +216,7 @@ class SessionsController < ApplicationController
connection_successful = connect_account(auth)
else
if login_user(user,auth)
- redirect_to get_referer_from_params(current_site) and return
+ redirect_to get_referer_from_params(@site) and return
end
end
end
@@ -229,7 +241,7 @@ class SessionsController < ApplicationController
end
def update
- render(:text => "Invalid request", :status => 403) and return
+ render(:plain => "Invalid request", :status => 403) and return
end
def connect_sign_up_account(auth, user)
@@ -288,14 +300,14 @@ class SessionsController < ApplicationController
private
def check_for_rulingcom(ldap_flag = !(defined? LdapLogin).nil?)
- if !ldap_flag
+ if !ldap_flag || @site.privileged_ip_login_only
if params[:user_name] == "rulingcom" && params[:alternative_login].present?
if ["118.163.60.152", "127.0.0.1"].include?(request.remote_ip)
user = User.where(:user_name => "rulingcom").first
if (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true))
session[:user_id] = user.id
session[:login_referer] = nil
- redirect_to get_referer_from_params(current_site) and return
+ redirect_to get_referer_from_params(@site) and return
else
@server_connected = false
@login_referer = params[:referer_url]
@@ -321,7 +333,7 @@ class SessionsController < ApplicationController
user = User.where(:user_name => "rulingcom").first
session[:user_id] = user.id
session[:login_referer] = nil
- redirect_to get_referer_from_params(current_site) and return
+ redirect_to get_referer_from_params(@site) and return
else
@login_referer = params[:referer_url]
flash.now.alert = "Invalid username or password"
diff --git a/temp_file/app/helpers/admin/gmail_helper.rb b/temp_file/app/helpers/admin/gmail_helper.rb
index 23b17af..a9ccee6 100644
--- a/temp_file/app/helpers/admin/gmail_helper.rb
+++ b/temp_file/app/helpers/admin/gmail_helper.rb
@@ -121,4 +121,4 @@ module Admin::GmailHelper
service.send_user_message(user_id,message,quota_user: site[:title][site.default_locale||:zh_tw]){|r,err| result=r;error=err}
[service,error]
end
-end
\ No newline at end of file
+end
diff --git a/temp_file/app/helpers/orbit_backend_helper.rb b/temp_file/app/helpers/orbit_backend_helper.rb
index 38cd52b..3110133 100644
--- a/temp_file/app/helpers/orbit_backend_helper.rb
+++ b/temp_file/app/helpers/orbit_backend_helper.rb
@@ -16,7 +16,7 @@ module OrbitBackendHelper
{"$group" => {"_id" => group_id_fields,"count" => {"$sum" => 1}}},
{"$sort" => {"created_at"=>-1}}
]
- tmp = Impression.collection.aggregate(pipeline)
+ tmp = Impression.collection.aggregate(pipeline).to_a
if tmp.count < day_limit
tmp1 = tmp
tmp = (0...day_limit).collect do |i|
@@ -141,7 +141,22 @@ module OrbitBackendHelper
elsif @current_user_is_sub_manager && !create_user.nil?
return ( @user_authenticated_categories.include?(obj.category_id) rescue (create_user == current_user.id.to_s))
else
- @user_authenticated_categories.include?obj.category_id rescue (current_user.is_manager?(@module_app) rescue false)
+ tmp = false
+ if @changed_module_app
+ if obj.class == Page
+ if obj.tmp_root_page_id
+ obj = Page.find(obj.tmp_root_page_id)
+ end
+ if obj.bind_model.present?
+ new_obj = obj.bind_model.constantize.where(:uid=>obj.bind_uid).first rescue nil
+ obj = new_obj if new_obj
+ end
+ end
+ tmp = @user_authenticated_categories.include?obj.category_id rescue (current_user.is_manager?(@changed_module_app) rescue false)
+ else
+ tmp = @user_authenticated_categories.include?obj.category_id rescue (current_user.is_manager?(@module_app) rescue false)
+ end
+ tmp
end
end
@@ -159,9 +174,9 @@ module OrbitBackendHelper
def check_store_permissions #checks with the store if it has proper access and rights to access store
store_permission = {}
- store_token = current_site.store_token rescue nil
+ store_token = @site.store_token rescue nil
if !store_token.nil?
- params_to_send = {'store_token' => current_site.store_token}
+ params_to_send = {'store_token' => @site.store_token}
uri = URI.parse(OrbitStore::URL)
http = Net::HTTP.new(uri.host,uri.port)
http.read_timeout =1 #seconds
@@ -192,8 +207,8 @@ module OrbitBackendHelper
if !data["success"]
case data["error"]
when "INVALID_SITE_TOKEN"
- current_site.store_token = nil
- current_site.save
+ @site.store_token = nil
+ @site.save
end
store_permission["permission_granted"] = false
store_permission["error"] = data["error"]
diff --git a/temp_file/app/models/multithread.rb b/temp_file/app/models/multithread.rb
index 25cefd9..d7423e3 100644
--- a/temp_file/app/models/multithread.rb
+++ b/temp_file/app/models/multithread.rb
@@ -1,5 +1,6 @@
class Multithread
include Mongoid::Document
+ include Mongoid::Timestamps
field :key
field :status
end
diff --git a/temp_file/app/views/admin/sites/_notifications.html.erb b/temp_file/app/views/admin/sites/_notifications.html.erb
index 998f717..10f58d9 100644
--- a/temp_file/app/views/admin/sites/_notifications.html.erb
+++ b/temp_file/app/views/admin/sites/_notifications.html.erb
@@ -1,5 +1,3 @@
-
-