diff --git a/Gemfile b/Gemfile index 5e22bbf..6983416 100644 --- a/Gemfile +++ b/Gemfile @@ -1,9 +1,9 @@ source 'http://rubygems.org' -gem 'rails', '3.2.13' +gem 'rails', '4.0.0.beta1' gem 'jquery-rails' gem 'dynamic_form' -gem 'acts_as_tree' +gem 'acts_as_tree', :github => 'mischa78/acts_as_tree' gem 'paperclip' gem 'sqlite3' @@ -11,8 +11,8 @@ gem 'sqlite3' # Gems used only for assets and not required # in production environments by default. group :assets do - gem 'sass-rails', '~> 3.2.3' - gem 'coffee-rails', '~> 3.2.1' + gem 'sass-rails', '~> 4.0.0.beta1' + gem 'coffee-rails', '~> 4.0.0.beta1' gem 'uglifier', '>= 1.0.3' gem 'jquery-fileupload-rails' end diff --git a/Gemfile.lock b/Gemfile.lock index c47ef6b..127021f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,44 +1,47 @@ +GIT + remote: git://github.com/mischa78/acts_as_tree.git + revision: 4d75a03b3c0334964fca3170741aa67664cc56c3 + specs: + acts_as_tree (1.2.0) + activerecord (>= 3.0.0) + GEM remote: http://rubygems.org/ specs: - actionmailer (3.2.13) - actionpack (= 3.2.13) + actionmailer (4.0.0.beta1) + actionpack (= 4.0.0.beta1) mail (~> 2.5.3) - actionpack (3.2.13) - activemodel (= 3.2.13) - activesupport (= 3.2.13) - builder (~> 3.0.0) + actionpack (4.0.0.beta1) + activesupport (= 4.0.0.beta1) + builder (~> 3.1.0) erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.5) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.13) - activesupport (= 3.2.13) - builder (~> 3.0.0) - activerecord (3.2.13) - activemodel (= 3.2.13) - activesupport (= 3.2.13) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.13) - activemodel (= 3.2.13) - activesupport (= 3.2.13) - activesupport (3.2.13) - i18n (= 0.6.1) - multi_json (~> 1.0) - acts_as_tree (1.2.0) - activerecord (>= 3.0.0) - arel (3.0.2) - builder (3.0.4) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + activemodel (4.0.0.beta1) + activesupport (= 4.0.0.beta1) + builder (~> 3.1.0) + activerecord (4.0.0.beta1) + activemodel (= 4.0.0.beta1) + activerecord-deprecated_finders (~> 0.0.3) + activesupport (= 4.0.0.beta1) + arel (~> 4.0.0.beta1) + activerecord-deprecated_finders (0.0.3) + activesupport (4.0.0.beta1) + i18n (~> 0.6.2) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.33) + arel (4.0.0.beta2) + atomic (1.0.1) + builder (3.1.4) climate_control (0.0.3) activesupport (>= 3.0) cocaine (0.5.1) climate_control (>= 0.0.3, < 1.0) - coffee-rails (3.2.2) + coffee-rails (4.0.0.beta1) coffee-script (>= 2.2.0) - railties (~> 3.2.0) + railties (>= 4.0.0.beta, < 5.0) coffee-script (2.2.0) coffee-script-source execjs @@ -53,8 +56,7 @@ GEM factory_girl (~> 4.2.0) railties (>= 3.0.0) hike (1.2.1) - i18n (0.6.1) - journey (1.0.4) + i18n (0.6.4) jquery-fileupload-rails (0.4.1) actionpack (>= 3.1) railties (>= 3.1) @@ -67,7 +69,8 @@ GEM mime-types (~> 1.16) treetop (~> 1.4.8) mime-types (1.21) - multi_json (1.7.1) + minitest (4.7.0) + multi_json (1.7.2) paperclip (3.4.1) activemodel (>= 3.0.0) activerecord (>= 3.0.0) @@ -75,43 +78,45 @@ GEM cocaine (~> 0.5.0) mime-types polyglot (0.3.3) - rack (1.4.5) - rack-cache (1.2) - rack (>= 0.4) - rack-ssl (1.3.3) - rack + rack (1.5.2) rack-test (0.6.2) rack (>= 1.0) - rails (3.2.13) - actionmailer (= 3.2.13) - actionpack (= 3.2.13) - activerecord (= 3.2.13) - activeresource (= 3.2.13) - activesupport (= 3.2.13) - bundler (~> 1.0) - railties (= 3.2.13) - railties (3.2.13) - actionpack (= 3.2.13) - activesupport (= 3.2.13) - rack-ssl (~> 1.3.2) + rails (4.0.0.beta1) + actionmailer (= 4.0.0.beta1) + actionpack (= 4.0.0.beta1) + activerecord (= 4.0.0.beta1) + activesupport (= 4.0.0.beta1) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.0.beta1) + sprockets-rails (~> 2.0.0.rc3) + railties (4.0.0.beta1) + actionpack (= 4.0.0.beta1) + activesupport (= 4.0.0.beta1) rake (>= 0.8.7) rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) - rake (10.0.3) + thor (>= 0.17.0, < 2.0) + rake (10.0.4) rdoc (3.12.2) json (~> 1.4) sass (3.2.7) - sass-rails (3.2.6) - railties (~> 3.2.0) + sass-rails (4.0.0.beta1) + railties (>= 4.0.0.beta, < 5.0) sass (>= 3.1.10) + sprockets-rails (~> 2.0.0.rc0) tilt (~> 1.3) - sprockets (2.2.2) + sprockets (2.9.0) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.0.0.rc3) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) sqlite3 (1.3.7) - thor (0.17.0) + thor (0.18.0) + thread_safe (0.1.0) + atomic tilt (1.3.6) treetop (1.4.12) polyglot @@ -125,14 +130,14 @@ PLATFORMS ruby DEPENDENCIES - acts_as_tree - coffee-rails (~> 3.2.1) + acts_as_tree! + coffee-rails (~> 4.0.0.beta1) dynamic_form factory_girl_rails jquery-fileupload-rails jquery-rails paperclip - rails (= 3.2.13) - sass-rails (~> 3.2.3) + rails (= 4.0.0.beta1) + sass-rails (~> 4.0.0.beta1) sqlite3 uglifier (>= 1.0.3) diff --git a/app/controllers/admins_controller.rb b/app/controllers/admins_controller.rb index b2b8044..bdda131 100644 --- a/app/controllers/admins_controller.rb +++ b/app/controllers/admins_controller.rb @@ -7,7 +7,7 @@ def new end def create - @user = User.new(params[:user]) + @user = User.new(permitted_params.user) @user.password_required = true @user.is_admin = true diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index acb1b3a..5eb702c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -4,7 +4,7 @@ class ApplicationController < ActionController::Base before_filter :require_admin_in_system before_filter :require_login - helper_method :clipboard, :current_user, :signed_in? + helper_method :clipboard, :current_user, :signed_in?, :permitted_params protected @@ -20,6 +20,10 @@ def signed_in? !!current_user end + def permitted_params + @permitted_params ||= PermittedParams.new(params, current_user) + end + def require_admin_in_system redirect_to new_admin_url if User.no_admin_yet? end diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index bc4829f..2b1882f 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -19,7 +19,7 @@ def new # @target_folder is set in require_existing_target_folder def create - @file = @target_folder.user_files.create(params[:user_file]) + @file = @target_folder.user_files.create(permitted_params.user_file) render :nothing => true end @@ -29,7 +29,7 @@ def edit # @file and @folder are set in require_existing_file def update - if @file.update_attributes(params[:user_file]) + if @file.update_attributes(permitted_params.user_file) redirect_to edit_file_url(@file), :notice => t(:your_changes_were_saved) else render :action => 'edit' diff --git a/app/controllers/folders_controller.rb b/app/controllers/folders_controller.rb index fd18aae..8ea62d4 100644 --- a/app/controllers/folders_controller.rb +++ b/app/controllers/folders_controller.rb @@ -23,7 +23,7 @@ def new # Note: @target_folder is set in require_existing_target_folder def create - @folder = @target_folder.children.build(params[:folder]) + @folder = @target_folder.children.build(permitted_params.folder) if @folder.save redirect_to @target_folder @@ -38,7 +38,7 @@ def edit # Note: @folder is set in require_existing_folder def update - if @folder.update_attributes(params[:folder]) + if @folder.update_attributes(permitted_params.folder) redirect_to edit_folder_url(@folder), :notice => t(:your_changes_were_saved) else render :action => 'edit' diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 48106c2..65d2219 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -4,7 +4,7 @@ class GroupsController < ApplicationController before_filter :require_group_isnt_admins_group, :only => [:edit, :update, :destroy] def index - @groups = Group.all(:order => 'name') + @groups = Group.order(:name) end def new @@ -12,7 +12,7 @@ def new end def create - @group = Group.new(params[:group]) + @group = Group.new(permitted_params.group) if @group.save redirect_to groups_url @@ -27,7 +27,7 @@ def edit # Note: @group is set in require_existing_group def update - if @group.update_attributes(params[:group]) + if @group.update_attributes(permitted_params.group) redirect_to edit_group_url(@group), :notice => t(:your_changes_were_saved) else render :action => 'edit' diff --git a/app/controllers/permissions_controller.rb b/app/controllers/permissions_controller.rb index 2b29e96..438c067 100644 --- a/app/controllers/permissions_controller.rb +++ b/app/controllers/permissions_controller.rb @@ -2,10 +2,13 @@ class PermissionsController < ApplicationController before_filter :require_admin def update_multiple - permissions = Permission.update(params[:permissions].keys, params[:permissions].values) - folder = permissions.first.folder - folder.copy_permissions_to_children(permissions) if params[:recursive] && folder.has_children? - redirect_to folder + if params[:permissions] + permissions = Permission.update(params[:permissions].keys, params[:permissions].values) + folder = permissions.first.folder + folder.copy_permissions_to_children(permissions) if params[:recursive] && folder.has_children? + end + + redirect_to :back rescue ActiveRecord::RecordNotFound # Folder was deleted, so permissions are gone too redirect_to Folder.root, :alert => t(:already_deleted, :type => t(:this_folder)) end diff --git a/app/controllers/reset_password_controller.rb b/app/controllers/reset_password_controller.rb index 7e0be1e..51d9264 100644 --- a/app/controllers/reset_password_controller.rb +++ b/app/controllers/reset_password_controller.rb @@ -22,7 +22,7 @@ def edit # Note: @user is set in require_valid_token def update - if @user.update_attributes(params[:user].merge({ :password_required => true })) + if @user.update_attributes(permitted_params.user.merge({ :password_required => true })) redirect_to new_session_url, :notice => t(:password_reset_successfully) else render :action => 'edit' diff --git a/app/controllers/share_links_controller.rb b/app/controllers/share_links_controller.rb index a40e2a1..74c5ad2 100644 --- a/app/controllers/share_links_controller.rb +++ b/app/controllers/share_links_controller.rb @@ -23,7 +23,7 @@ def new # Note: @file and @folder are set in require_existing_file def create - @share_link = @file.share_links.build(params[:share_link]) + @share_link = @file.share_links.build(permitted_params.share_link) if @share_link.save UserMailer.share_link_email(current_user, @share_link).deliver diff --git a/app/controllers/signup_controller.rb b/app/controllers/signup_controller.rb index 037a7a7..07991b6 100644 --- a/app/controllers/signup_controller.rb +++ b/app/controllers/signup_controller.rb @@ -8,7 +8,7 @@ def edit # Note: @user is set in require_valid_token def update - if @user.update_attributes(params[:user].merge({ :password_required => true })) + if @user.update_attributes(permitted_params.user.merge({ :password_required => true })) redirect_to new_session_url, :notice => t(:signed_up_successfully) else render :action => 'edit' diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 7f00b9c..f6fde88 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -13,11 +13,9 @@ def new end def create - group_ids = params[:user].delete(:group_ids) - @user = User.new(params[:user]) + @user = User.new(permitted_params.user) if @user.save - set_groups(group_ids) UserMailer.signup_email(@user).deliver redirect_to users_url else @@ -31,10 +29,7 @@ def edit # Note: @user is set in require_existing_user def update - group_ids = params[:user].delete(:group_ids) - - if @user.update_attributes(params[:user].merge({ :password_required => false })) - set_groups(group_ids) + if @user.update_attributes(permitted_params.user.merge({ :password_required => false })) redirect_to edit_user_url(@user), :notice => t(:your_changes_were_saved) else render :action => 'edit' @@ -73,11 +68,4 @@ def require_deleted_user_isnt_admin redirect_to users_url, :alert => t(:admin_user_cannot_be_deleted) end end - - def set_groups(group_ids) - if current_user.member_of_admins? - @user.group_ids = group_ids - @user.groups << Group.find_by_name('Admins') if @user.is_admin - end - end end diff --git a/app/models/folder.rb b/app/models/folder.rb index 35ac4f0..e0bc315 100644 --- a/app/models/folder.rb +++ b/app/models/folder.rb @@ -1,11 +1,10 @@ class Folder < ActiveRecord::Base acts_as_tree :order => 'name' - has_many :user_files, :dependent => :destroy, :order => 'attachment_file_name' + has_many :user_files, -> { order :attachment_file_name }, :dependent => :destroy has_many :permissions, :dependent => :destroy attr_accessor :is_copied_folder - attr_accessible :name validates_uniqueness_of :name, :scope => :parent_id validates_presence_of :name diff --git a/app/models/group.rb b/app/models/group.rb index 6f2e39c..6b0d899 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -2,8 +2,6 @@ class Group < ActiveRecord::Base has_many :permissions, :dependent => :destroy has_and_belongs_to_many :users - attr_accessible :name - validates_uniqueness_of :name validates_presence_of :name @@ -15,6 +13,10 @@ def admins_group? name == 'Admins' end + def self.admins_group + where(:name => 'Admins').first + end + private def create_admin_permissions diff --git a/app/models/permission.rb b/app/models/permission.rb index 2a99ca6..cc7b68b 100644 --- a/app/models/permission.rb +++ b/app/models/permission.rb @@ -1,6 +1,4 @@ class Permission < ActiveRecord::Base belongs_to :group belongs_to :folder - - attr_accessible :can_create, :can_read, :can_update, :can_delete end diff --git a/app/models/permitted_params.rb b/app/models/permitted_params.rb new file mode 100644 index 0000000..987edbb --- /dev/null +++ b/app/models/permitted_params.rb @@ -0,0 +1,31 @@ +class PermittedParams < Struct.new(:params, :current_user) + %w{folder group share_link user user_file}.each do |model_name| + define_method model_name do + params.require(model_name.to_sym).permit(*send("#{model_name}_attributes")) + end + end + + def folder_attributes + [:name] + end + + def group_attributes + [:name] + end + + def share_link_attributes + [:emails, :link_expires_at] + end + + def user_attributes + if current_user && current_user.member_of_admins? + [:name, :email, :password, :password_confirmation, :group_ids] + else + [:name, :email, :password, :password_confirmation] + end + end + + def user_file_attributes + [:attachment, :attachment_file_name] + end +end diff --git a/app/models/share_link.rb b/app/models/share_link.rb index 27ee007..a04a47b 100644 --- a/app/models/share_link.rb +++ b/app/models/share_link.rb @@ -1,8 +1,6 @@ class ShareLink < ActiveRecord::Base belongs_to :user_file - attr_accessible :emails, :link_expires_at - validates_presence_of :emails, :link_expires_at validates_length_of :emails, :maximum => 256 validate :format_of_emails diff --git a/app/models/user.rb b/app/models/user.rb index 9ed8695..b3db647 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -2,7 +2,6 @@ class User < ActiveRecord::Base has_and_belongs_to_many :groups attr_accessor :password_confirmation, :password_required, :dont_clear_reset_password_token - attr_accessible :name, :email, :password, :password_confirmation, :password_required validates_confirmation_of :password validates_length_of :password, :in => 6..20, :allow_blank => true @@ -46,7 +45,7 @@ def password=(new_password) end def member_of_admins? - !groups.find_by_name('Admins').blank? + groups.admins_group.present? end def refresh_reset_password_token diff --git a/app/models/user_file.rb b/app/models/user_file.rb index ec55007..01abe8e 100644 --- a/app/models/user_file.rb +++ b/app/models/user_file.rb @@ -4,8 +4,6 @@ class UserFile < ActiveRecord::Base belongs_to :folder has_many :share_links, :dependent => :destroy - attr_accessible :attachment, :attachment_file_name - validates_attachment_presence :attachment, :message => I18n.t(:blank, :scope => [:activerecord, :errors, :messages]) validates_presence_of :folder_id validates_uniqueness_of :attachment_file_name, :scope => 'folder_id', :message => I18n.t(:exists_already, :scope => [:activerecord, :errors, :messages]) diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb index 001391b..d93dd38 100644 --- a/app/views/users/_form.html.erb +++ b/app/views/users/_form.html.erb @@ -27,6 +27,7 @@ <% Group.all.each do |group| -%> <% if @user.is_admin && group.admins_group? -%> + <%= hidden_field_tag 'user[group_ids][]', group.id %> <%= group.name %> diff --git a/bin/bundle b/bin/bundle new file mode 100755 index 0000000..66e9889 --- /dev/null +++ b/bin/bundle @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) +load Gem.bin_path('bundler', 'bundle') diff --git a/bin/rails b/bin/rails new file mode 100755 index 0000000..728cd85 --- /dev/null +++ b/bin/rails @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby +APP_PATH = File.expand_path('../../config/application', __FILE__) +require_relative '../config/boot' +require 'rails/commands' diff --git a/bin/rake b/bin/rake new file mode 100755 index 0000000..1724048 --- /dev/null +++ b/bin/rake @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby +require_relative '../config/boot' +require 'rake' +Rake.application.run diff --git a/config/application.rb b/config/application.rb index ad6ef32..90dcbc7 100644 --- a/config/application.rb +++ b/config/application.rb @@ -2,12 +2,8 @@ require 'rails/all' -if defined?(Bundler) - # If you precompile assets before deploying to production, use this line - Bundler.require(*Rails.groups(:assets => %w(development test))) - # If you want your assets lazily compiled in production, use this line - # Bundler.require(:default, :assets, Rails.env) -end +# Assets should be precompiled for production (so we don't need the gems loaded then) +Bundler.require(*Rails.groups(assets: %w(development test))) module Boxroom class Application < Rails::Application @@ -15,48 +11,12 @@ class Application < Rails::Application # Application configuration should go into files in config/initializers # -- all .rb files in that directory are automatically loaded. - # Custom directories with classes and modules you want to be autoloadable. - # config.autoload_paths += %W(#{config.root}/extras) - - # Only load the plugins named here, in the order given (default is alphabetical). - # :all can be used as a placeholder for all plugins not explicitly named. - # config.plugins = [ :exception_notification, :ssl_requirement, :all ] - - # Activate observers that should always be running. - # config.active_record.observers = :cacher, :garbage_collector, :forum_observer - # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. # config.time_zone = 'Central Time (US & Canada)' # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] - config.i18n.default_locale = :en - - # Configure the default encoding used in templates for Ruby 1.9. - config.encoding = "utf-8" - - # Configure sensitive parameters which will be filtered from the log file. - config.filter_parameters += [:password] - - # Enable escaping HTML in JSON. - config.active_support.escape_html_entities_in_json = true - - # Use SQL instead of Active Record's schema dumper when creating the database. - # This is necessary if your schema can't be completely dumped by the schema dumper, - # like if you have constraints or database-specific column types - # config.active_record.schema_format = :sql - - # Enforce whitelist mode for mass assignment. - # This will create an empty whitelist of attributes available for mass-assignment for all models - # in your app. As such, your models will need to explicitly whitelist or blacklist accessible - # parameters by using an attr_accessible or attr_protected declaration. - config.active_record.whitelist_attributes = true - - # Enable the asset pipeline - config.assets.enabled = true - - # Version of your assets, change this if you want to expire all your assets - config.assets.version = '1.0' + # config.i18n.default_locale = :de end end diff --git a/config/boot.rb b/config/boot.rb index 4489e58..3596736 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,5 +1,3 @@ -require 'rubygems' - # Set up gems listed in the Gemfile. ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) diff --git a/config/environments/development.rb b/config/environments/development.rb index a2f8569..87d1809 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,40 +1,30 @@ Boxroom::Application.configure do - # Settings specified here will take precedence over those in config/application.rb + # Settings specified here will take precedence over those in config/application.rb. # In the development environment your application's code is reloaded on # every request. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.cache_classes = false - # Log error messages when you accidentally call methods on nil. - config.whiny_nils = true + # Do not eager load code on boot. + config.eager_load = false - # Show full error reports and disable caching + # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false - # Don't care if the mailer can't send + # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false - # Print deprecation notices to the Rails logger + # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log - # Only use best-standards-support built into browsers - config.action_dispatch.best_standards_support = :builtin + # Raise an error on page load if there are pending migrations + config.active_record.migration_error = :page_load - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - - # Log the query plan for queries taking more than this (works - # with SQLite, MySQL, and PostgreSQL) - config.active_record.auto_explain_threshold_in_seconds = 0.5 - - # Do not compress assets - config.assets.compress = false - - # Expands the lines which load the assets + # Debug mode disables concatenation and preprocessing of assets. config.assets.debug = true - + # Mail settings # config.action_mailer.delivery_method = :smtp # config.action_mailer.smtp_settings = { diff --git a/config/environments/production.rb b/config/environments/production.rb index 950ac51..efd0317 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,69 +1,82 @@ Boxroom::Application.configure do - # Settings specified here will take precedence over those in config/application.rb + # Settings specified here will take precedence over those in config/application.rb. - # Code is not reloaded between requests + # Code is not reloaded between requests. config.cache_classes = true - # Full error reports are disabled and caching is turned on + # Eager load code on boot. This eager loads most of Rails and + # your application in memory, allowing both thread web servers + # and those relying on copy on write to perform better. + # Rake tasks automatically ignore this option for performance. + config.eager_load = true + + # Full error reports are disabled and caching is turned on. config.consider_all_requests_local = false config.action_controller.perform_caching = true - # Disable Rails's static asset server (Apache or nginx will already do this) + # Enable Rack::Cache to put a simple HTTP cache in front of your application + # Add `rack-cache` to your Gemfile before enabling this. + # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid. + # config.action_dispatch.rack_cache = true + + # Disable Rails's static asset server (Apache or nginx will already do this). config.serve_static_assets = false - # Compress JavaScripts and CSS - config.assets.compress = true + # Compress JavaScripts and CSS. + config.assets.js_compressor = :uglifier + # config.assets.css_compressor = :sass - # Don't fallback to assets pipeline if a precompiled asset is missed + # Whether to fallback to assets pipeline if a precompiled asset is missed. config.assets.compile = false - # Generate digests for assets URLs + # Generate digests for assets URLs. config.assets.digest = true - # Defaults to nil and saved in location specified by config.assets.prefix - # config.assets.manifest = YOUR_PATH + # Version of your assets, change this if you want to expire all your assets. + config.assets.version = '1.0' - # Specifies the header that your server uses for sending files + # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true - # See everything in the log (default is :info) - # config.log_level = :debug + # Set to :debug to see everything in the log. + config.log_level = :info - # Prepend all log lines with the following tags + # Prepend all log lines with the following tags. # config.log_tags = [ :subdomain, :uuid ] - # Use a different logger for distributed setups + # Use a different logger for distributed setups. # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) - # Use a different cache store in production + # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Enable serving of images, stylesheets, and JavaScripts from an asset server + # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.action_controller.asset_host = "http://assets.example.com" - # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added) + # Precompile additional assets. + # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. # config.assets.precompile += %w( search.js ) - # Disable delivery errors, bad email addresses will be ignored + # Ignore bad email addresses and do not raise email delivery errors. + # Set this to true and configure the email server for immediate delivery to raise delivery errors. # config.action_mailer.raise_delivery_errors = false - # Enable threaded mode - # config.threadsafe! - # Enable locale fallbacks for I18n (makes lookups for any locale fall back to - # the I18n.default_locale when a translation can not be found) + # the I18n.default_locale when a translation can not be found). config.i18n.fallbacks = true - # Send deprecation notices to registered listeners + # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify - # Log the query plan for queries taking more than this (works - # with SQLite, MySQL, and PostgreSQL) - # config.active_record.auto_explain_threshold_in_seconds = 0.5 + # Disable automatic flushing of the log to improve performance. + # config.autoflush_log = false + + # Use default logging formatter so that PID and timestamp are not suppressed. + config.log_formatter = ::Logger::Formatter.new # Mail settings # config.action_mailer.delivery_method = :smtp diff --git a/config/environments/test.rb b/config/environments/test.rb index 8e759ab..a56e6e3 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,5 +1,5 @@ Boxroom::Application.configure do - # Settings specified here will take precedence over those in config/application.rb + # Settings specified here will take precedence over those in config/application.rb. # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that @@ -7,21 +7,23 @@ # and recreated between test runs. Don't rely on the data there! config.cache_classes = true - # Configure static asset server for tests with Cache-Control for performance + # Do not eager load code on boot. This avoids loading your whole application + # just for the purpose of running a single test. If you are using a tool that + # preloads Rails for running tests, you may have to set it to true. + config.eager_load = false + + # Configure static asset server for tests with Cache-Control for performance. config.serve_static_assets = true config.static_cache_control = "public, max-age=3600" - # Log error messages when you accidentally call methods on nil - config.whiny_nils = true - - # Show full error reports and disable caching + # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false - # Raise exceptions instead of rendering exception templates + # Raise exceptions instead of rendering exception templates. config.action_dispatch.show_exceptions = false - # Disable request forgery protection in test environment + # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false # Tell Action Mailer not to deliver emails to the real world. @@ -29,9 +31,6 @@ # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - - # Print deprecation notices to the stderr + # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb new file mode 100644 index 0000000..4a994e1 --- /dev/null +++ b/config/initializers/filter_parameter_logging.rb @@ -0,0 +1,4 @@ +# Be sure to restart your server when you modify this file. + +# Configure sensitive parameters which will be filtered from the log file. +Rails.application.config.filter_parameters += [:password] diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index 9e8b013..ac033bf 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -1,10 +1,16 @@ # Be sure to restart your server when you modify this file. -# Add new inflection rules using the following format -# (all these examples are active by default): -# ActiveSupport::Inflector.inflections do |inflect| +# Add new inflection rules using the following format. Inflections +# are locale specific, and you may define rules for as many different +# locales as you wish. All of these examples are active by default: +# ActiveSupport::Inflector.inflections(:en) do |inflect| # inflect.plural /^(ox)$/i, '\1en' # inflect.singular /^(ox)en/i, '\1' # inflect.irregular 'person', 'people' # inflect.uncountable %w( fish sheep ) # end + +# These inflection rules are supported but not enabled by default: +# ActiveSupport::Inflector.inflections(:en) do |inflect| +# inflect.acronym 'RESTful' +# end diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index dc02844..33675db 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -2,6 +2,11 @@ # Your secret key for verifying the integrity of signed cookies. # If you change this key, all old signed cookies will become invalid! + # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. -Boxroom::Application.config.secret_token = '3e5168a5a756aa140ac4037af0d2329ed0bdab22fd1ad0ce7b7745dd21a6d6551bf0c26e37bbc3f8e6fee713956ef7d6a70b16682ee2f8db6390fb5204acdd6b' +# You can use `rake secret` to generate a secure secret key. + +# Make sure your secret_key_base is kept private +# if you're sharing your code publicly. +Boxroom::Application.config.secret_key_base = '625ce52f8e47c73f15baf2b39e8134f563e83a672f4ff161f82d7b7e376984b29f71e1072fc8bd3d43b9cf17668dfc9c1dd23116e6a29559de3e890eb5f75052' diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index ce4d444..4288e12 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,8 +1,3 @@ # Be sure to restart your server when you modify this file. -Boxroom::Application.config.session_store :cookie_store, :key => '_boxroom_session' - -# Use the database for sessions instead of the cookie-based default, -# which shouldn't be used to store highly confidential information -# (create the session table with "rake db:sessions:create") -# Boxroom::Application.config.session_store :active_record_store +Boxroom::Application.config.session_store :encrypted_cookie_store, :key => '_boxroom_session' diff --git a/config/initializers/strong_parameters.rb b/config/initializers/strong_parameters.rb new file mode 100644 index 0000000..394c1f5 --- /dev/null +++ b/config/initializers/strong_parameters.rb @@ -0,0 +1 @@ +ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection) diff --git a/config/initializers/wrap_parameters.rb b/config/initializers/wrap_parameters.rb new file mode 100644 index 0000000..33725e9 --- /dev/null +++ b/config/initializers/wrap_parameters.rb @@ -0,0 +1,14 @@ +# Be sure to restart your server when you modify this file. + +# This file contains settings for ActionController::ParamsWrapper which +# is enabled by default. + +# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. +ActiveSupport.on_load(:action_controller) do + wrap_parameters format: [:json] if respond_to?(:wrap_parameters) +end + +# To enable root element in JSON for ActiveRecord objects. +# ActiveSupport.on_load(:active_record) do +# self.include_root_in_json = true +# end diff --git a/config/locales/en.yml b/config/locales/en.yml index 205f9a4..70da3c9 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -152,7 +152,7 @@ inclusion: "is not included in the list" exclusion: "is reserved" invalid: "is invalid" - confirmation: "doesn't match confirmation" + confirmation: "doesn't match" accepted: "must be accepted" empty: "can't be empty" blank: "can't be blank" diff --git a/db/schema.rb b/db/schema.rb index a9e678d..8d48cf6 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -9,29 +9,29 @@ # from scratch. The latter is a flawed and unsustainable approach (the more migrations # you'll amass, the slower it'll run and the greater likelihood for issues). # -# It's strongly recommended to check this file into your version control system. +# It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(:version => 20130307082111) do +ActiveRecord::Schema.define(version: 20130307082111) do - create_table "folders", :force => true do |t| + create_table "folders", force: true do |t| t.string "name" t.integer "parent_id" - t.datetime "created_at", :null => false - t.datetime "updated_at", :null => false + t.datetime "created_at" + t.datetime "updated_at" end - create_table "groups", :force => true do |t| + create_table "groups", force: true do |t| t.string "name" - t.datetime "created_at", :null => false - t.datetime "updated_at", :null => false + t.datetime "created_at" + t.datetime "updated_at" end - create_table "groups_users", :id => false, :force => true do |t| + create_table "groups_users", id: false, force: true do |t| t.integer "group_id" t.integer "user_id" end - create_table "permissions", :force => true do |t| + create_table "permissions", force: true do |t| t.integer "folder_id" t.integer "group_id" t.boolean "can_create" @@ -40,40 +40,40 @@ t.boolean "can_delete" end - create_table "share_links", :force => true do |t| + create_table "share_links", force: true do |t| t.string "emails" t.string "link_token" t.datetime "link_expires_at" t.integer "user_file_id" - t.datetime "created_at", :null => false - t.datetime "updated_at", :null => false + t.datetime "created_at" + t.datetime "updated_at" end - create_table "user_files", :force => true do |t| + create_table "user_files", force: true do |t| t.string "attachment_file_name" t.string "attachment_content_type" t.integer "attachment_file_size" t.datetime "attachment_updated_at" t.integer "folder_id" - t.datetime "created_at", :null => false - t.datetime "updated_at", :null => false + t.datetime "created_at" + t.datetime "updated_at" end - create_table "users", :force => true do |t| + create_table "users", force: true do |t| t.string "name" t.string "email" t.string "hashed_password" t.string "password_salt" - t.boolean "is_admin", :limit => 255 + t.boolean "is_admin", limit: 255 t.string "remember_token" t.string "reset_password_token" t.datetime "reset_password_token_expires_at" - t.datetime "created_at", :null => false - t.datetime "updated_at", :null => false + t.datetime "created_at" + t.datetime "updated_at" t.string "signup_token" t.datetime "signup_token_expires_at" end - add_index "users", ["signup_token"], :name => "index_users_on_signup_token" + add_index "users", ["signup_token"], name: "index_users_on_signup_token" end diff --git a/script/rails b/script/rails deleted file mode 100755 index f8da2cf..0000000 --- a/script/rails +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env ruby -# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. - -APP_PATH = File.expand_path('../../config/application', __FILE__) -require File.expand_path('../../config/boot', __FILE__) -require 'rails/commands' diff --git a/test/unit/clipboard_test.rb b/test/unit/clipboard_test.rb index 8238eee..4aaa02d 100644 --- a/test/unit/clipboard_test.rb +++ b/test/unit/clipboard_test.rb @@ -91,7 +91,7 @@ class ClipboardTest < ActiveSupport::TestCase clipboard.add(file) assert_not_equal clipboard.files.first.attachment_file_name, 'Name changed' - file.update_attributes({ :attachment_file_name => 'Name changed' }, :without_protection => true) + file.update_attributes(:attachment_file_name => 'Name changed') assert_equal clipboard.files.first.attachment_file_name, 'Name changed' end diff --git a/test/unit/user_file_test.rb b/test/unit/user_file_test.rb index b0a7084..8e53163 100644 --- a/test/unit/user_file_test.rb +++ b/test/unit/user_file_test.rb @@ -42,7 +42,7 @@ class UserFileTest < ActiveSupport::TestCase test 'attachment file name is unique' do file = create(:user_file) - file.update_attributes({ :attachment_file_name => 'Test' }, :without_protection => true) + file.update_attributes(:attachment_file_name => 'Test') assert UserFile.exists?(:attachment_file_name => 'Test') folder = create(:folder) @@ -124,10 +124,10 @@ class UserFileTest < ActiveSupport::TestCase file = create(:user_file) assert_equal file.extension, 'txt' - file.update_attributes({ :attachment_file_name => 'test.pdf' }, :without_protection => true) + file.update_attributes(:attachment_file_name => 'test.pdf') assert_equal file.extension, 'pdf' - file.update_attributes({ :attachment_file_name => 'test' }, :without_protection => true) + file.update_attributes(:attachment_file_name => 'test') assert file.extension.blank? end end