-
Notifications
You must be signed in to change notification settings - Fork 479
/
scripts_controller.rb
128 lines (109 loc) · 3.22 KB
/
scripts_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
class ScriptsController < ApplicationController
before_action :require_levelbuilder_mode, except: :show
before_action :authenticate_user!, except: :show
check_authorization
before_action :set_script, only: [:show, :edit, :update, :destroy]
authorize_resource
before_action :set_script_file, only: [:edit, :update]
def show
if @script.redirect_to?
redirect_to Script.get_from_cache(@script.redirect_to)
return
end
if request.path != (canonical_path = script_path(@script))
redirect_to canonical_path, status: :moved_permanently
return
end
end
def index
authorize! :manage, Script
rake if params[:rake] == '1'
# Show all the scripts that a user has created.
@scripts = Script.all
end
def new
end
def create
@script = Script.new(script_params)
if @script.save && @script.update_text(script_params, params[:script_text], i18n_params, general_params)
redirect_to @script, notice: I18n.t('crud.created', model: Script.model_name.human)
else
render 'new'
end
end
def destroy
# Though @script.name is prevented from starting with a dot or tilde or
# containing a slash, we do this (security) check anyways to prevent
# directory traversal as validation can be manually bypassed.
if (@script.name.start_with? '.') ||
(@script.name.start_with? '~') ||
(@script.name.include? '/')
raise ArgumentError, "evil script name (#{@script.name})"
end
@script.destroy
filename = "config/scripts/#{@script.name}.script"
File.delete(filename) if File.exist?(filename)
redirect_to scripts_path, notice: I18n.t('crud.destroyed', model: Script.model_name.human)
end
def edit
@show_all_instructions = params[:show_all_instructions]
end
def update
script_text = params[:script_text]
if @script.update_text(script_params, script_text, i18n_params, general_params)
redirect_to @script, notice: I18n.t('crud.updated', model: Script.model_name.human)
else
render action: 'edit'
end
end
def instructions
require_levelbuilder_mode
script = Script.get_from_cache(params[:script_id])
render 'levels/instructions', locals: {stages: script.stages}
end
private
def set_script_file
@script_file = ScriptDSL.serialize_stages(@script)
end
def rake
@errors = []
begin
Script.rake
redirect_to scripts_path, notice: 'Updated.'
rescue StandardError => e
@errors << e.to_s
render action: 'index'
end
end
def set_script
@script = Script.get_from_cache(params[:id])
end
def script_params
params.require(:script).permit(:name)
end
def general_params
h = params.permit(
:visible_to_teachers,
:login_required,
:hideable_stages,
:professional_learning_course,
:peer_reviews_to_complete,
:wrapup_video,
:student_detail_progress_view
).to_h
h[:peer_reviews_to_complete] = h[:peer_reviews_to_complete].to_i
h[:hidden] = !h[:visible_to_teachers]
h.delete(:visible_to_teachers)
h
end
def i18n_params
params.permit(
:name,
:title,
:description_audience,
:description_short,
:description,
:stage_descriptions
).to_h
end
end