Permalink
Browse files

Merge branch 'public_notes' into featured_cms

  • Loading branch information...
nathanstitt committed Feb 18, 2013
2 parents 1870a54 + 68e32b0 commit ba5cdb3f0a3f059ebf45f58b750af7c998ab7d5f
Showing 710 changed files with 87,146 additions and 2,493 deletions.
View
@@ -14,7 +14,7 @@ raw
public/docs
public/asset_store
public/document-viewer/images/*.psd
-solr
+solr/data
*.swp
*~
.#*
@@ -124,6 +124,7 @@ def process_text
document.save!
pages = document.reload.pages
Sunspot.index pages
+ Sunspot.commit
DC::Import::EntityExtractor.new.extract(document, text) unless options['secure'] or not DC::Language::SUPPORTED.include? document.language
document.upload_text_assets(pages, access)
document.id
@@ -0,0 +1,31 @@
+require File.dirname(__FILE__) + '/support/setup'
+
+class ReindexEverything < CloudCrowd::Action
+
+ def process
+ docs = Document.all(:conditions=>{:id => input}, :include => [:pages, :docdata])
+ docs.each do |document|
+ counter = 0
+ begin
+ Sunspot.index(document)
+ document.pages.each{ |page| Sunspot.index(page) }
+ rescue Exception => e
+ counter += 1
+ LifecycleMailer.deliver_exception_notification(e, options)
+ retry if counter < 5
+ end
+ end
+ docs.map(&:id)
+ end
+
+ def merge
+ counter = 0
+ begin
+ Sunspot.commit
+ rescue Exception => e
+ counter += 1
+ LifecycleMailer.deliver_exception_notification(e, options)
+ retry if counter < 5
+ end
+ end
+end
@@ -44,30 +44,51 @@ def logged_in
json_response
end
- # Creating a new account creates a pending account, with a security key
- # instead of a password.
+ # Fetches or creates a user account and creates a membership for that
+ # account in an organization.
+ #
+ # New accounts are created as pending, with a security key instead of
+ # a password.
def create
- return forbidden unless current_account.admin? or params[:role] == Account::REVIEWER
- attributes = pick(params, :first_name, :last_name, :email, :role)
- account = Account.lookup(attributes[:email])
- if account.nil?
- account = current_organization.accounts.create(attributes)
- elsif account.reviewer?
+ # Check the requester's permissions
+ return forbidden unless current_account.admin? or
+ (current_account.real?(current_organization) and params[:role] == Account::REVIEWER)
+
+ # Find or create the appropriate account
+ account_attributes = pick(params, :first_name, :last_name, :email)
+ account = Account.lookup(account_attributes[:email]) || Account.create(account_attributes)
+
+ # Find role for account in organization if it exists.
+ membership_attributes = pick(params, :role, :concealed)
+ membership = current_organization.role_of(account)
+
+ # Create a membership if account has no existing role
+ if membership.nil?
+ membership_attributes[:default] = true unless account.memberships.exists?
+ membership = current_organization.memberships.create(membership_attributes.merge(:account_id => account.id))
+ elsif membership.reviewer? # or if account is a reviewer in this organization
account.upgrade_reviewer_to_real(current_organization, attributes[:role])
- elsif account.role == Account::DISABLED
+ elsif membership.role == Account::DISABLED
return json({:errors => ['That email address belongs to an inactive account.']}, 409)
else
- return json(nil, 409)
+ return json({:errors => ['That email address is already part of this organization']}, 409)
end
- account.send_login_instructions(current_account) if account.valid? && account.pending?
- json account
+
+ if account.valid?
+ if account.pending?
+ account.send_login_instructions(current_account)
+ else
+ LifecycleMailer.deliver_membership_notification(account, current_organization, current_account)
+ end
+ end
+ json account # N.B. account's canonical method currently returns the default organization_id.
end
# Journalists are authorized to update any account in the organization.
# Think about what the desired level of access control is.
def update
account = current_organization.accounts.find(params[:id])
- return json(nil, 403) unless account && current_account.allowed_to_edit_account?(account)
+ return json(nil, 403) unless account && current_account.allowed_to_edit_account?(account, current_organization)
account.update_attributes pick(params, :first_name, :last_name, :email)
role = pick(params, :role)
account.update_attributes(role) if !role.empty? && current_account.admin?
@@ -1,26 +1,27 @@
class AnnotationsController < ApplicationController
include DC::Access
- before_filter :login_required, :except => [:index, :show, :print]
+ before_filter :login_required, :except => [:index, :show, :print,:cors_options]
+ skip_before_filter :verify_authenticity_token
# In the workspace, request a listing of annotations.
def index
annotations = current_document.annotations_with_authors(current_account)
json annotations
end
-
+
def show
return not_found unless current_annotation
respond_to do |format|
format.js do
json = current_annotation.canonical(:include_image_url => true, :include_document_url => true).to_json
js = "dc.embed.noteCallback(#{json})"
- cache_page js if current_annotation.cacheable? && current_document.access == PUBLIC
+ cache_page js if current_annotation.cacheable? && PUBLIC_LEVELS.include?(current_document.access)
render :js => js
end
end
end
-
+
# Print out all the annotations for a document (or documents.)
def print
docs = Document.accessible(current_account, current_organization).find_all_by_id(params[:docs])
@@ -32,20 +33,21 @@ def print
# Any account can create a private note on any document.
# Only the owner of the document is allowed to create a public annotation.
def create
+ maybe_set_cors_headers
note_attrs = pick(params, :page_number, :title, :content, :location, :access)
note_attrs[:access] = ACCESS_MAP[note_attrs[:access].to_sym]
doc = current_document
- return forbidden unless note_attrs[:access] == PRIVATE || current_account.allowed_to_edit?(doc) || current_account.reviews?(doc)
+ return forbidden unless note_attrs[:access] == PRIVATE || current_account.allowed_to_comment?(doc)
expire_page doc.canonical_cache_path if doc.cacheable?
anno = doc.annotations.create(note_attrs.merge(
- :account_id => current_account.id,
- :organization_id => current_organization.id
+ :account_id => current_account.id
))
json current_document.annotations_with_authors(current_account, [anno]).first
end
# You can only alter annotations that you've made yourself.
def update
+ maybe_set_cors_headers
return not_found unless anno = current_annotation
if !current_account.allowed_to_edit?(anno)
anno.errors.add_to_base "You don't have permission to update the note."
@@ -61,8 +63,9 @@ def update
end
def destroy
+ maybe_set_cors_headers
return not_found unless anno = current_annotation
- if !current_account.allowed_to_edit?(anno)
+ if ! current_account.allowed_to_edit?(anno)
anno.errors.add_to_base "You don't have permission to delete the note."
return json(anno, 403)
end
@@ -71,9 +74,22 @@ def destroy
json nil
end
+ def cors_options(should_render=true)
+ return bad_request unless params[:allowed_methods]
+ maybe_set_cors_headers
+ render :nothing => true
+ end
private
+ def maybe_set_cors_headers
+ return unless request.headers['Origin']
+ headers['Access-Control-Allow-Origin'] = request.headers['Origin'] #'http://dc-viewer.dev'
+ headers['Access-Control-Allow-Methods'] = 'OPTIONS, GET, POST, PUT, DELETE'
+ headers['Access-Control-Allow-Headers'] = 'Accept,Authorization,Content-Length,Content-Type,Cookie'
+ headers['Access-Control-Allow-Credentials'] = 'true'
+ end
+
def current_annotation
@current_annotation ||= current_document.annotations.find_by_id(params[:id])
end
@@ -82,4 +98,4 @@ def current_document
@current_document ||= Document.accessible(current_account, current_organization).find(params[:document_id])
end
-end
+end
@@ -12,7 +12,7 @@ class ApiController < ApplicationController
before_filter :secure_only, :only => [:upload, :projects, :upload, :destroy, :create_project, :update_project, :destroy_project]
before_filter :api_login_required, :only => [:upload, :projects, :update, :destroy, :create_project, :update_project, :destroy_project]
- before_filter :api_login_optional, :only => [:documents, :search, :notes, :pending]
+ before_filter :api_login_optional, :only => [:documents, :search, :notes, :pending, :entities]
def index
redirect_to '/help/api'
Oops, something went wrong.

0 comments on commit ba5cdb3

Please sign in to comment.