summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2026-06-27 22:52:50 +0200
committererdgeist <erdgeist@erdgeist.org>2026-06-27 22:52:50 +0200
commit9a19a0494ef51cdac9a78e24d517ca48ba44c453 (patch)
tree8eaae12d8047a40e29d3ea7ff3116b5c869e04bd /app/controllers
parent85a01e35274b8d4d4165a7b26bd7986e211246bb (diff)
parent1853082fcd8c067390c246f9daa01a9b47387497 (diff)
Migration from Rails 2.3.5 to Rails 8.1 successful.
Merging dev branch.
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin_controller.rb48
-rw-r--r--app/controllers/application_controller.rb35
-rw-r--r--app/controllers/assets_controller.rb19
-rw-r--r--app/controllers/content_controller.rb39
-rw-r--r--app/controllers/events_controller.rb12
-rw-r--r--app/controllers/menu_items_controller.rb19
-rw-r--r--app/controllers/nodes_controller.rb49
-rw-r--r--app/controllers/occurrences_controller.rb13
-rw-r--r--app/controllers/pages_controller.rb16
-rw-r--r--app/controllers/revisions_controller.rb3
-rw-r--r--app/controllers/rss_controller.rb30
-rw-r--r--app/controllers/tags_controller.rb53
-rw-r--r--app/controllers/users_controller.rb23
13 files changed, 215 insertions, 144 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 1d1a1ca..9e8564e 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -2,31 +2,46 @@ class AdminController < ApplicationController
2 2
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_action :login_required
6 6
7 def index 7 def index
8 @drafts = Node.all( 8 @drafts = Node.where("draft_id IS NOT NULL")
9 :limit => 20, 9 .limit(50).order("updated_at desc")
10 :order => "updated_at desc", 10
11 :conditions => ["draft_id IS NOT NULL"] 11 @drafts_count = Node.where("draft_id IS NOT NULL").count
12 ) 12
13 @recent_changes = Node.all( 13 @recent_changes = Node.where(
14 :limit => 20, 14 "updated_at < ? AND updated_at > ? AND parent_id IS NOT NULL",
15 :order => "updated_at desc", 15 Time.now, Time.now - 14.days
16 :conditions => [ 16 ).limit(50).order("updated_at desc")
17 "updated_at < ? AND updated_at > ? AND parent_id IS NOT NULL", Time.now, Time.now-14.days 17
18 ] 18 all_nodes = Node.root.self_and_descendants
19 ) 19 @sitemap_depth = {}
20 Node.each_with_level(all_nodes) do |node, level|
21 @sitemap_depth[node.id] = level
22 end
23 @sitemap = all_nodes.to_a.sort! { |node1,node2| node1.lft <=> node2.lft }.delete_if { |node| node.update? }
24
25 @mypages = Page.where("user_id = ? or editor_id = ?", @current_user, @current_user)
26
27 @mynodes = Node.joins(:pages)
28 .where("pages.user_id = ? or pages.editor_id = ?", @current_user, @current_user)
29 .order("updated_at desc")
30 .uniq.first(50)
20 end 31 end
21 32
22 def search 33 def search
23 @results = Node.search params[:search_term] 34 @results = Node.search params[:search_term], :per_page => 1000
24 35
25 respond_to do |format| 36 respond_to do |format|
26 format.html 37 format.html do
38 render :template => 'admin/search_results.html'
39 end
27 format.js do 40 format.js do
28 render( :json => @results.map do |node| 41 render( :json => @results.map do |node|
29 {:id => node.id, :title => node.title, :edit_path => node_path(node)} 42 if node
43 {:id => node.id, :title => node.title, :edit_path => node_path(node)}
44 end
30 end 45 end
31 ) 46 )
32 47
@@ -46,7 +61,6 @@ class AdminController < ApplicationController
46 render :partial => 'admin/menu_search_results' 61 render :partial => 'admin/menu_search_results'
47 end 62 end
48 63
49
50 format.js do 64 format.js do
51 render( :json => @results.map do |node| 65 render( :json => @results.map do |node|
52 {:node_id => node.id, :title => node.title, :unique_name => node.unique_name} 66 {:node_id => node.id, :title => node.title, :unique_name => node.unique_name}
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bce0c71..75f92c3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,26 +1,21 @@
1# Filters added to this controller apply to all controllers in the application.
2# Likewise, all the methods added will be available for all controllers.
3
4class ApplicationController < ActionController::Base 1class ApplicationController < ActionController::Base
5
6 include ExceptionNotifiable
7 include AuthenticatedSystem 2 include AuthenticatedSystem
8
9 helper :all # include all helpers, all the time
10 protect_from_forgery # See ActionController::RequestForgeryProtection for details
11 3
12 # Scrub sensitive parameters from your log 4 protect_from_forgery
13 filter_parameter_logging :password, :password_confirmation 5
14 6 before_action :set_locale
15 before_filter :set_locale 7
16
17 protected 8 protected
18 9
19 def set_locale 10 def set_locale
20 if params[:locale] && I18n.available_locales.include?(params[:locale].to_sym) 11 if params[:locale] && I18n.available_locales.include?(params[:locale].to_sym)
21 I18n.locale = params[:locale].to_sym 12 I18n.locale = params[:locale].to_sym
22 else 13 else
23 params.delete(:locale) 14 I18n.locale = I18n.default_locale
24 end
25 end 15 end
16 end
17
18 def default_url_options
19 { locale: I18n.locale == I18n.default_locale ? nil : I18n.locale }
20 end
26end 21end
diff --git a/app/controllers/assets_controller.rb b/app/controllers/assets_controller.rb
index cfaf176..d150e06 100644
--- a/app/controllers/assets_controller.rb
+++ b/app/controllers/assets_controller.rb
@@ -2,15 +2,14 @@ class AssetsController < ApplicationController
2 2
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_action :login_required
6 6
7 layout 'admin' 7 layout 'admin'
8 8
9 def index 9 def index
10 @assets = Asset.all.paginate( 10 @assets = Asset.order('id DESC').paginate(
11 :page => params[:page], 11 :page => params[:page],
12 :per_page => 20, 12 :per_page => 20
13 :order => 'id DESC'
14 ) 13 )
15 end 14 end
16 15
@@ -44,7 +43,7 @@ class AssetsController < ApplicationController
44 # POST /assets 43 # POST /assets
45 # POST /assets.xml 44 # POST /assets.xml
46 def create 45 def create
47 @asset = Asset.new(params[:asset]) 46 @asset = Asset.new(asset_params)
48 47
49 respond_to do |format| 48 respond_to do |format|
50 if @asset.save 49 if @asset.save
@@ -64,7 +63,7 @@ class AssetsController < ApplicationController
64 @asset = Asset.find(params[:id]) 63 @asset = Asset.find(params[:id])
65 64
66 respond_to do |format| 65 respond_to do |format|
67 if @asset.update_attributes(params[:asset]) 66 if @asset.update(asset_params)
68 flash[:notice] = 'Asset was successfully updated.' 67 flash[:notice] = 'Asset was successfully updated.'
69 format.html { redirect_to(@asset) } 68 format.html { redirect_to(@asset) }
70 format.xml { head :ok } 69 format.xml { head :ok }
@@ -86,4 +85,10 @@ class AssetsController < ApplicationController
86 format.xml { head :ok } 85 format.xml { head :ok }
87 end 86 end
88 end 87 end
88
89 private
90
91 def asset_params
92 params.require(:asset).permit(:name, :upload)
93 end
89end 94end
diff --git a/app/controllers/content_controller.rb b/app/controllers/content_controller.rb
index 1b13456..8d33105 100644
--- a/app/controllers/content_controller.rb
+++ b/app/controllers/content_controller.rb
@@ -1,30 +1,31 @@
1class ContentController < ApplicationController 1class ContentController < ApplicationController
2 2
3 # Public 3 # Public
4 4
5 before_filter :find_page 5 before_action :find_page
6 6
7 # This is the method that renders most of the the public content. It recieves 7 # This is the method that renders most of the the public content. It recieves
8 # a :locale and a :page_path parameter through the params hash. It looks up 8 # a :locale and a :page_path parameter through the params hash. It looks up
9 # the node with the corresponding unique_name attribute. The method doesn't 9 # the node with the corresponding unique_name attribute. The method doesn't
10 # return a node though, the node is really a proxy object for pages. It 10 # return a node though, the node is really a proxy object for pages. It
11 # returns the most recent page associated to this node instead. 11 # returns the most recent page associated to this node instead.
12 def render_page 12 def render_page
13 13
14 expires_in 20.minutes, :public => true 14 expires_in 20.minutes, :public => true
15 15
16 if @page and @page.public? 16 if @page and @page.public?
17 render( 17 render(
18 :file => @page.valid_template, 18 :template => @page.valid_template,
19 :layout => true 19 :layout => true
20 ) 20 )
21 else 21 else
22 render( 22 render(
23 :file => File.join(RAILS_ROOT, 'public', '404.html'), 23 :file => Rails.root.join('public', '404.html').to_s,
24 :status => 404 24 :status => 404,
25 :layout => false
25 ) 26 )
26 end 27 end
27 28
28 end 29 end
29 30
30 def render_gallery 31 def render_gallery
@@ -32,13 +33,17 @@ class ContentController < ApplicationController
32 @images = @page.assets.images 33 @images = @page.assets.images
33 render :file => "content/gallery" 34 render :file => "content/gallery"
34 else 35 else
35 render :nothing => true, :status => 404 36 head :not_found
36 end 37 end
37 end 38 end
38 39
39 private 40 private
40 def find_page 41 def find_page
41 path = params[:page_path].join('/') 42 path = params[:page_path].is_a?(Array) ? params[:page_path].join('/') : params[:page_path]
42 @page = Node.find_page(path) 43 if path =~ /^[a-zA-Z\:\/\/\.\-\d_]+$/
44 @page = Node.find_page(path)
45 else
46 @page = nil
47 end
43 end 48 end
44end 49end
diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb
index 805e941..7695e9b 100644
--- a/app/controllers/events_controller.rb
+++ b/app/controllers/events_controller.rb
@@ -2,7 +2,7 @@ class EventsController < ApplicationController
2 2
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_action :login_required
6 6
7 layout 'admin' 7 layout 'admin'
8 8
@@ -47,7 +47,7 @@ class EventsController < ApplicationController
47 # POST /events 47 # POST /events
48 # POST /events.xml 48 # POST /events.xml
49 def create 49 def create
50 @event = Event.new(params[:event]) 50 @event = Event.new(event_params)
51 51
52 respond_to do |format| 52 respond_to do |format|
53 if @event.save 53 if @event.save
@@ -67,7 +67,7 @@ class EventsController < ApplicationController
67 @event = Event.find(params[:id]) 67 @event = Event.find(params[:id])
68 68
69 respond_to do |format| 69 respond_to do |format|
70 if @event.update_attributes(params[:event]) 70 if @event.update(event_params)
71 flash[:notice] = 'Event was successfully updated.' 71 flash[:notice] = 'Event was successfully updated.'
72 format.html { redirect_to(edit_node_path(@event.node)) } 72 format.html { redirect_to(edit_node_path(@event.node)) }
73 format.xml { head :ok } 73 format.xml { head :ok }
@@ -89,4 +89,10 @@ class EventsController < ApplicationController
89 format.xml { head :ok } 89 format.xml { head :ok }
90 end 90 end
91 end 91 end
92
93 private
94
95 def event_params
96 params.require(:event).permit(:start_time, :end_time, :rrule, :custom_rrule, :allday, :url, :latitude, :longitude, :node_id, :location)
97 end
92end 98end
diff --git a/app/controllers/menu_items_controller.rb b/app/controllers/menu_items_controller.rb
index 808da15..1b1eb59 100644
--- a/app/controllers/menu_items_controller.rb
+++ b/app/controllers/menu_items_controller.rb
@@ -2,23 +2,23 @@ class MenuItemsController < ApplicationController
2 2
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_action :login_required
6 6
7 layout 'admin' 7 layout 'admin'
8 8
9 def index 9 def index
10 @menu_items = MenuItem.all(:order => "position ASC") 10 @menu_items = MenuItem.order("position ASC").all
11 end 11 end
12 12
13 def show 13 def show
14 end 14 end
15 15
16 def new 16 def new
17 @menu_item = MenuItem.new params[:menu_item] 17 @menu_item = MenuItem.new menu_item_params
18 end 18 end
19 19
20 def create 20 def create
21 if MenuItem.create( params[:menu_item] ) 21 if MenuItem.create( menu_item_params )
22 redirect_to menu_items_path 22 redirect_to menu_items_path
23 else 23 else
24 render :new 24 render :new
@@ -32,7 +32,7 @@ class MenuItemsController < ApplicationController
32 def update 32 def update
33 @menu_item = MenuItem.find( params[:id] ) 33 @menu_item = MenuItem.find( params[:id] )
34 34
35 if @menu_item.update_attributes( params[:menu_item] ) 35 if @menu_item.update( menu_item_params )
36 redirect_to menu_items_path 36 redirect_to menu_items_path
37 else 37 else
38 render :edit 38 render :edit
@@ -48,10 +48,15 @@ class MenuItemsController < ApplicationController
48 def sort 48 def sort
49 params[:menu_items].each_with_index do |item_id, index| 49 params[:menu_items].each_with_index do |item_id, index|
50 menu_item = MenuItem.find(item_id) 50 menu_item = MenuItem.find(item_id)
51 menu_item.update_attributes(:position => index + 1) 51 menu_item.update(:position => index + 1)
52 end 52 end
53 53
54 render :nothing => true 54 head :ok
55 end 55 end
56 56
57 private
58
59 def menu_item_params
60 params.require(:menu_item).permit(:node_id, :path, :position, :type, :type_id)
61 end
57end 62end
diff --git a/app/controllers/nodes_controller.rb b/app/controllers/nodes_controller.rb
index 4f72744..494887d 100644
--- a/app/controllers/nodes_controller.rb
+++ b/app/controllers/nodes_controller.rb
@@ -4,8 +4,8 @@ class NodesController < ApplicationController
4 4
5 layout 'admin' 5 layout 'admin'
6 6
7 before_filter :login_required 7 before_action :login_required
8 before_filter :find_node, :only => [ 8 before_action :find_node, :only => [
9 :show, 9 :show,
10 :edit, 10 :edit,
11 :update, 11 :update,
@@ -15,16 +15,17 @@ class NodesController < ApplicationController
15 ] 15 ]
16 16
17 def index 17 def index
18 @nodes = Node.root.descendants.paginate( 18 @nodes = Node.root.descendants.includes(:head, :draft)
19 :include => [:head, :draft], 19 .order('id DESC')
20 :page => params[:page], 20 .paginate(:page => params[:page], :per_page => 25)
21 :per_page => 25,
22 :order => 'id DESC'
23 )
24 end 21 end
25 22
26 def new 23 def new
27 @node = Node.new params[:node] 24 @node = Node.new node_params
25 if params.has_key?(:parent_id)
26 @parent_id = params[:parent_id]
27 @parent_name = Node.find(@parent_id).title
28 end
28 end 29 end
29 30
30 def create 31 def create
@@ -33,9 +34,16 @@ class NodesController < ApplicationController
33 @node = Node.new 34 @node = Node.new
34 @node.parent_id = find_parent 35 @node.parent_id = find_parent
35 @node.slug = params[:title].parameterize.to_s 36 @node.slug = params[:title].parameterize.to_s
36 37
37 if @node.save 38 if @node.save
38 @node.draft.update_attributes(:title => params[:title]) 39 @node.draft.update(:title => params[:title])
40 case params[:kind]
41 when "update"
42 @node.draft.tag_list.add("update")
43 when "press_release"
44 @node.draft.tag_list.add("update", "pressemitteilung")
45 end
46 @node.draft.save!
39 redirect_to(edit_node_path(@node)) 47 redirect_to(edit_node_path(@node))
40 else 48 else
41 render :new 49 render :new
@@ -44,6 +52,7 @@ class NodesController < ApplicationController
44 52
45 def show 53 def show
46 node = Node.find(params[:id]) 54 node = Node.find(params[:id])
55 node.wipe_draft!
47 @page = node.draft || node.head 56 @page = node.draft || node.head
48 end 57 end
49 58
@@ -53,7 +62,7 @@ class NodesController < ApplicationController
53 rescue LockedByAnotherUser => e 62 rescue LockedByAnotherUser => e
54 flash[:error] = e.message 63 flash[:error] = e.message
55 if request.referer 64 if request.referer
56 redirect_to :back 65 redirect_to request.referer || node_path(@node)
57 else 66 else
58 redirect_to node_path(@node) 67 redirect_to node_path(@node)
59 end 68 end
@@ -61,10 +70,10 @@ class NodesController < ApplicationController
61 end 70 end
62 71
63 def update 72 def update
64 @node.update_attributes(params[:node]) 73 @node.update(node_params)
65 @draft = @node.find_or_create_draft current_user 74 @draft = @node.find_or_create_draft current_user
66 @draft.tag_list = params[:tag_list] 75 @draft.tag_list = params[:tag_list]
67 if @draft.update_attributes( params[:page] ) 76 if @draft.update( page_params )
68 flash[:notice] = "Draft has been saved: #{Time.now}" 77 flash[:notice] = "Draft has been saved: #{Time.now}"
69 respond_to do |format| 78 respond_to do |format|
70 format.html { redirect_to edit_node_path(@node) } 79 format.html { redirect_to edit_node_path(@node) }
@@ -82,7 +91,7 @@ class NodesController < ApplicationController
82 def publish 91 def publish
83 @node.publish_draft! 92 @node.publish_draft!
84 flash[:notice] = "Draft has been published" 93 flash[:notice] = "Draft has been published"
85 redirect_to node_path 94 redirect_to node_path(@node)
86 end 95 end
87 96
88 def unlock 97 def unlock
@@ -96,6 +105,14 @@ class NodesController < ApplicationController
96 end 105 end
97 106
98 private 107 private
108
109 def node_params
110 params.fetch(:node, {}).permit(:slug, :parent_id, :staged_slug, :staged_parent_id)
111 end
112
113 def page_params
114 params.fetch(:page, {}).permit(:title, :abstract, :body, :template_name, :published_at, :user_id)
115 end
99 116
100 def find_node 117 def find_node
101 @node = Node.find(params[:id]) 118 @node = Node.find(params[:id])
@@ -107,6 +124,8 @@ class NodesController < ApplicationController
107 Node.root.id 124 Node.root.id
108 when "update" 125 when "update"
109 Update.find_or_create_parent.id 126 Update.find_or_create_parent.id
127 when "press_release"
128 Update.find_or_create_parent.id
110 when "generic" 129 when "generic"
111 if params[:parent_id] && Node.find(params[:parent_id]) 130 if params[:parent_id] && Node.find(params[:parent_id])
112 params[:parent_id] 131 params[:parent_id]
diff --git a/app/controllers/occurrences_controller.rb b/app/controllers/occurrences_controller.rb
index 751be40..0f30ce3 100644
--- a/app/controllers/occurrences_controller.rb
+++ b/app/controllers/occurrences_controller.rb
@@ -2,7 +2,7 @@ class OccurrencesController < ApplicationController
2 2
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_action :login_required
6 6
7 # GET /occurrences 7 # GET /occurrences
8 # GET /occurrences.xml 8 # GET /occurrences.xml
@@ -45,7 +45,7 @@ class OccurrencesController < ApplicationController
45 # POST /occurrences 45 # POST /occurrences
46 # POST /occurrences.xml 46 # POST /occurrences.xml
47 def create 47 def create
48 @occurrence = Occurrence.new(params[:occurrence]) 48 @occurrence = Occurrence.new(occurrence_params)
49 49
50 respond_to do |format| 50 respond_to do |format|
51 if @occurrence.save 51 if @occurrence.save
@@ -65,7 +65,7 @@ class OccurrencesController < ApplicationController
65 @occurrence = Occurrence.find(params[:id]) 65 @occurrence = Occurrence.find(params[:id])
66 66
67 respond_to do |format| 67 respond_to do |format|
68 if @occurrence.update_attributes(params[:occurrence]) 68 if @occurrence.update(occurrence_params)
69 flash[:notice] = 'Occurrence was successfully updated.' 69 flash[:notice] = 'Occurrence was successfully updated.'
70 format.html { redirect_to(@occurrence) } 70 format.html { redirect_to(@occurrence) }
71 format.xml { head :ok } 71 format.xml { head :ok }
@@ -87,4 +87,11 @@ class OccurrencesController < ApplicationController
87 format.xml { head :ok } 87 format.xml { head :ok }
88 end 88 end
89 end 89 end
90
91 private
92
93 def occurrence_params
94 params.require(:occurrence).permit(:start_time, :end_time, :node_id, :event_id)
95 end
96
90end 97end
diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
index a684327..2d08dea 100644
--- a/app/controllers/pages_controller.rb
+++ b/app/controllers/pages_controller.rb
@@ -2,26 +2,24 @@ class PagesController < ApplicationController
2 2
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_action :login_required
6 6
7 def preview 7 def preview
8 @page = Page.find(params[:id]) 8 @page = Page.find(params[:id])
9 9
10 if @page 10 if @page
11 template = @page.valid_template 11 template = @page.valid_template
12 render( 12 render(
13 :file => template, 13 template: template,
14 :layout => "application" 14 layout: "application"
15 ) 15 )
16 end 16 end
17
18 end 17 end
19 18
20
21 def sort_images 19 def sort_images
22 page = Page.find(params[:id]) 20 page = Page.find(params[:id])
23 page.update_assets(params[:images]) 21 page.update_assets(params[:images])
24 22
25 render :nothing => true, :status => 200 23 head :ok
26 end 24 end
27end 25end
diff --git a/app/controllers/revisions_controller.rb b/app/controllers/revisions_controller.rb
index 05e8acc..42d667e 100644
--- a/app/controllers/revisions_controller.rb
+++ b/app/controllers/revisions_controller.rb
@@ -2,12 +2,13 @@ class RevisionsController < ApplicationController
2 2
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_action :login_required
6 6
7 layout 'admin' 7 layout 'admin'
8 8
9 def index 9 def index
10 @node = Node.find(params[:node_id]) 10 @node = Node.find(params[:node_id])
11 @pages = @node.pages.all
11 end 12 end
12 13
13 def diff 14 def diff
diff --git a/app/controllers/rss_controller.rb b/app/controllers/rss_controller.rb
index acffc0e..4b47218 100644
--- a/app/controllers/rss_controller.rb
+++ b/app/controllers/rss_controller.rb
@@ -1,19 +1,21 @@
1class RssController < ApplicationController 1class RssController < ApplicationController
2 2
3 before_filter :authenticate, :only => :recent_changes 3 before_action :authenticate, :only => :recent_changes
4 before_filter :get_host 4 before_action :get_host
5 5
6 def updates 6 def updates
7 expires_in 31.minutes, :public => true 7 expires_in 31.minutes, :public => true
8 8
9 I18n.locale = :de 9 I18n.locale = :de
10 10
11 @items = Page.heads.find_tagged_with( 11 @items = Page.heads
12 "update", 12 .joins("JOIN taggings ON taggings.taggable_id = pages.id
13 :order => "published_at DESC", 13 AND taggings.taggable_type = 'Page'
14 :limit => 20 14 AND taggings.context = 'tags'")
15 ) 15 .joins("JOIN tags ON tags.id = taggings.tag_id")
16 16 .where("LOWER(tags.name) = ?", "update")
17 .order("published_at DESC").limit(20)
18
17 respond_to do |format| 19 respond_to do |format|
18 format.xml {} 20 format.xml {}
19 format.rdf {} 21 format.rdf {}
@@ -21,13 +23,9 @@ class RssController < ApplicationController
21 end 23 end
22 24
23 def recent_changes 25 def recent_changes
24 @items = Page.all( 26 @items = Page.where(
25 :limit => 20, 27 "updated_at < ? AND updated_at > ?", Time.now, Time.now - 14.days
26 :order => "updated_at desc", 28 ).limit(20).order("updated_at desc")
27 :conditions => [
28 "updated_at < ? AND updated_at > ?", Time.now, Time.now-14.days
29 ]
30 )
31 end 29 end
32 30
33 protected 31 protected
diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb
index 565cdd4..bf6a029 100644
--- a/app/controllers/tags_controller.rb
+++ b/app/controllers/tags_controller.rb
@@ -1,33 +1,44 @@
1class TagsController < ApplicationController 1class TagsController < ApplicationController
2 2
3 # Public 3 # Public
4 4
5 def index 5 def index
6 @page = Page.new :title => "Tags" 6 @page = Page.new :title => "Tags"
7 7
8 @tags = Tag.all(:limit => 500) 8 @tags = Tag.limit(500).all
9 end 9 end
10 10
11 def show 11 def show
12 @tag = Tag.find_by_name(params[:id]) 12 tag_name = params[:id]
13 13
14 @tag = @tag ? @tag.name : params[:id] 14 if tag_name.match(/^[a-zA-Z0-9_\w\s\-\.\']+$/)
15 15 @tag = ActsAsTaggableOn::Tag.find_by_name(tag_name)
16 @page = Page.new 16 @tag = @tag ? @tag.name : tag_name
17 @page = Page.new
17 18
18 params[:page] = ( params[:page].is_a?(Fixnum) ? params[:page] : 1 ) 19 params[:page] = (params[:page].is_a?(Integer) ? params[:page] : 1)
19 20
20 @pages = Page.heads.paginate( 21 @pages = Page.heads
21 Page.find_options_for_find_tagged_with(@tag).merge( 22 .joins("JOIN taggings ON taggings.taggable_id = pages.id
22 :order => 'published_at DESC', 23 AND taggings.taggable_type = 'Page'
23 :page=>params[:page], 24 AND taggings.context = 'tags'")
24 :per_page => 23 25 .joins("JOIN tags ON tags.id = taggings.tag_id")
25 ) 26 .where("LOWER(tags.name) = ?", @tag.downcase)
26 ) 27 .order('published_at DESC')
27 28 .paginate(
28 respond_to do |format| 29 :page => params[:page],
29 format.html {} 30 :per_page => 23
31 )
32
33 respond_to do |format|
34 format.html {}
35 end
36 else
37 respond_to do |format|
38 format.html { head :bad_request }
39 end
30 end 40 end
41
31 end 42 end
32 43
33end 44end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 87df678..98fd534 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -2,24 +2,24 @@ class UsersController < ApplicationController
2 2
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_action :login_required
6 before_filter :find_user, :only => [:show, :edit, :update, :destroy] 6 before_action :find_user, :only => [:show, :edit, :update, :destroy]
7 before_filter :verify_status, :except => [:index, :show] 7 before_action :verify_status, :except => [:index, :show]
8 8
9 layout 'admin' 9 layout 'admin'
10 10
11 def index 11 def index
12 @users = User.all(:order => "login ASC").group_by do |user| 12 @users = User.order("login ASC").all.group_by do |user|
13 user.admin? ? :admin : :user 13 user.admin? ? :admin : :user
14 end 14 end
15 end 15 end
16 16
17 def new 17 def new
18 @user = User.new( params[:user] ) 18 @user = User.new
19 end 19 end
20 20
21 def create 21 def create
22 @user = User.new params[:user] 22 @user = User.new user_params
23 23
24 if @user.save 24 if @user.save
25 flash[:notice] = "User created #{@user.login}" 25 flash[:notice] = "User created #{@user.login}"
@@ -33,8 +33,10 @@ class UsersController < ApplicationController
33 end 33 end
34 34
35 def update 35 def update
36 params[:user].delete(:admin) unless current_user.is_admin? 36 permitted = user_params
37 if @user.update_attributes(params[:user]) 37 permitted.delete(:admin) unless current_user.is_admin?
38
39 if @user.update(permitted)
38 flash[:notice] = "Updated user #{@user.login}" 40 flash[:notice] = "Updated user #{@user.login}"
39 redirect_to user_path(@user) 41 redirect_to user_path(@user)
40 else 42 else
@@ -51,6 +53,11 @@ class UsersController < ApplicationController
51 end 53 end
52 54
53 private 55 private
56
57 def user_params
58 params.fetch(:user, {}).permit(:login, :email, :password, :password_confirmation, :admin)
59 end
60
54 def find_user 61 def find_user
55 @user = User.find(params[:id]) 62 @user = User.find(params[:id])
56 end 63 end