forked from mccabe615/ruby-metaprogramming-sec-issues
-
Notifications
You must be signed in to change notification settings - Fork 0
/
[CONSTANTIZE]entities_controllerfromFatFree.rb
210 lines (173 loc) · 7.13 KB
/
[CONSTANTIZE]entities_controllerfromFatFree.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
# Copyright (c) 2008-2013 Michael Dvorkin and contributors.
#
# Fat Free CRM is freely distributable under the terms of MIT license.
# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
#------------------------------------------------------------------------------
class EntitiesController < ApplicationController
before_filter :require_user
before_filter :set_current_tab, :only => [ :index, :show ]
before_filter :set_view, :only => [ :index, :show, :redraw ]
before_filter :set_options, :only => :index
before_filter :load_ransack_search, :only => :index
load_and_authorize_resource
after_filter :update_recently_viewed, :only => :show
helper_method :entity, :entities
# Common attach handler for all core controllers.
#----------------------------------------------------------------------------
def attach
@attachment = params[:assets].classify.constantize.find(params[:asset_id])
@attached = entity.attach!(@attachment)
entity.reload
respond_with(entity)
end
# Common discard handler for all core controllers.
#----------------------------------------------------------------------------
def discard
@attachment = params[:attachment].constantize.find(params[:attachment_id])
entity.discard!(@attachment)
entity.reload
respond_with(entity)
end
# Common subscribe handler for all core controllers.
#----------------------------------------------------------------------------
def subscribe
entity.subscribed_users += [current_user.id]
entity.save
respond_with(@entity) do |format|
format.js { render 'subscription_update', :entity => entity }
end
end
# Common unsubscribe handler for all core controllers.
#----------------------------------------------------------------------------
def unsubscribe
entity.subscribed_users -= [current_user.id]
entity.save
respond_with(entity) do |format|
format.js { render 'subscription_update', :entity => entity }
end
end
# GET /entities/contacts AJAX
#----------------------------------------------------------------------------
def contacts
end
# GET /entities/leads AJAX
#----------------------------------------------------------------------------
def leads
end
# GET /entities/opportunities AJAX
#----------------------------------------------------------------------------
def opportunities
end
# GET /entities/versions AJAX
#----------------------------------------------------------------------------
def versions
end
#----------------------------------------------------------------------------
def field_group
if @tag = Tag.find_by_name(params[:tag].strip)
if @field_group = FieldGroup.find_by_tag_id_and_klass_name(@tag.id, klass.to_s)
@asset = klass.find_by_id(params[:asset_id]) || klass.new
render 'fields/group' and return
end
end
render :text => ''
end
protected
#----------------------------------------------------------------------------
def entity=(entity)
instance_variable_set("@#{controller_name.singularize}", entity)
end
#----------------------------------------------------------------------------
def entity
instance_variable_get("@#{controller_name.singularize}")
end
#----------------------------------------------------------------------------
def entities=(entities)
instance_variable_set("@#{controller_name}", entities)
end
#----------------------------------------------------------------------------
def entities
instance_variable_get("@#{controller_name}") || klass.my
end
def set_options
unless params[:cancel].true?
klass = controller_name.classify.constantize
@per_page = current_user.pref[:"#{controller_name}_per_page"] || klass.per_page
@sort_by = current_user.pref[:"#{controller_name}_sort_by"] || klass.sort_by
end
end
private
def ransack_search
@ransack_search ||= load_ransack_search
@ransack_search.build_sort if @ransack_search.sorts.empty?
@ransack_search
end
# Get list of records for a given model class.
#----------------------------------------------------------------------------
def get_list_of_records(options = {})
options[:query] ||= params[:query] if params[:query]
self.current_page = options[:page] if options[:page]
query, tags = parse_query_and_tags(options[:query])
self.current_query = query
advanced_search = params[:q].present?
wants = request.format
scope = entities.merge(ransack_search.result(:distinct => true))
# Get filter from session, unless running an advanced search
unless advanced_search
filter = session[:"#{controller_name}_filter"].to_s.split(',')
scope = scope.state(filter) if filter.present?
end
scope = scope.text_search(query) if query.present?
scope = scope.tagged_with(tags, :on => :tags) if tags.present?
# Ignore this order when doing advanced search
unless advanced_search
order = current_user.pref[:"#{controller_name}_sort_by"] || klass.sort_by
scope = scope.order(order)
end
@search_results_count = scope.count
# Pagination is disabled for xls and csv requests
unless (wants.xls? || wants.csv?)
per_page = if options[:per_page]
options[:per_page] == 'all' ? @search_results_count : options[:per_page]
else
current_user.pref[:"#{controller_name}_per_page"]
end
scope = scope.paginate(:page => current_page, :per_page => per_page)
end
scope
end
#----------------------------------------------------------------------------
def update_recently_viewed
entity.versions.create(:event => :view, :whodunnit => PaperTrail.whodunnit)
end
# Somewhat simplistic parser that extracts query and hash-prefixed tags from
# the search string and returns them as two element array, for example:
#
# "#real Billy Bones #pirate" => [ "Billy Bones", "real, pirate" ]
#----------------------------------------------------------------------------
def parse_query_and_tags(search_string)
return ['', ''] if search_string.blank?
query, tags = [], []
search_string.strip.split(/\s+/).each do |token|
if token.starts_with?("#")
tags << token[1 .. -1]
else
query << token
end
end
[ query.join(" "), tags.join(", ") ]
end
#----------------------------------------------------------------------------
def timeline(asset)
(asset.comments + asset.emails).sort { |x, y| y.created_at <=> x.created_at }
end
# Sets the current template view for entities in this context
#----------------------------------------------------------------------------
def set_view
if params['view']
controller = params['controller']
action = (params['action'] == 'show') ? 'show' : 'index' # create update redraw filter index actions all use index view
current_user.pref[:"#{controller}_#{action}_view"] = params['view']
end
end
end