instiki/app/controllers/application.rb

# The filters added to this controller will be run for all controllers in the application.
# Likewise will all the methods added be available for all controllers.
class ApplicationController < ActionController::Base
#  require 'dnsbl_check'
  protect_forms_from_spam
  before_filter :dnsbl_check, :connect_to_model, :check_authorization, :setup_url_generator, :set_content_type_header, :set_robots_metatag
  after_filter :remember_location, :teardown_url_generator

  # For injecting a different wiki model implementation. Intended for use in tests
  def self.wiki=(the_wiki)
    # a global variable is used here because Rails reloads controller and model classes in the 
    # development environment; therefore, storing it as a class variable does not work
    # class variable is, anyway, not much different from a global variable
    #$instiki_wiki_service = the_wiki
    logger.debug("Wiki service: #{the_wiki.to_s}")
  end

  def self.wiki
    Wiki.new
  end

  protected

  def check_authorization
    if in_a_web? and authorization_needed? and not authorized?
      redirect_to :controller => 'wiki', :action => 'login', :web => @web_name
      return false
    end
  end

  def connect_to_model
    @action_name = params['action'] || 'index'
    @web_name = params['web']
    @wiki = wiki
    @author = cookies['author'] || 'AnonymousCoward'
    if @web_name
      @web = @wiki.webs[@web_name]
      if @web.nil?
        render(:status => 404, :text => "Unknown web '#{@web_name}'")
        return false 
      end
    end
  end

  FILE_TYPES = {
    '.exe' => 'application/octet-stream',
    '.gif' => 'image/gif',
    '.jpg' => 'image/jpeg',
    '.pdf' => 'application/pdf',
    '.png' => 'image/png',
    '.txt' => 'text/plain',
    '.zip' => 'application/zip'
  } unless defined? FILE_TYPES

  DISPOSITION = {
    'application/octet-stream' => 'attachment',
    'image/gif'                => 'inline',
    'image/jpeg'               => 'inline',
    'application/pdf'          => 'inline',
    'image/png'                => 'inline',
    'text/plain'               => 'inline',
    'application/zip'          => 'attachment'
  } unless defined? DISPOSITION
 
  def determine_file_options_for(file_name, original_options = {})
    original_options[:type] ||= (FILE_TYPES[File.extname(file_name)] or 'application/octet-stream')
    original_options[:disposition] ||= (DISPOSITION[original_options[:type]] or 'attachment')
    original_options[:stream] ||= false
    original_options
  end
  
  def send_file(file, options = {})
    determine_file_options_for(file, options)
    super(file, options)
  end

  def password_check(password)
    if password == @web.password
      cookies[CGI.escape(@web_name)] = password
      true
    else
      false
    end
  end

  def password_error(password)
    if password.nil? or password.empty?
      'Please enter the password.'
    else 
      'You entered a wrong password. Please enter the right one.'
    end
  end

  def redirect_home(web = @web_name)
    if web
      redirect_to_page('HomePage', web)
    else
      redirect_to_url '/'
    end
  end

  def redirect_to_page(page_name = @page_name, web = @web_name)
    redirect_to :web => web, :controller => 'wiki', :action => 'show', 
        :id => (page_name or 'HomePage')
  end

  def remember_location
    if request.method == :get and 
        response.headers['Status'] == '200 OK' and not
        %w(locked save back file pic import).include?(action_name)
      session[:return_to] = request.request_uri
      logger.debug "Session ##{session.object_id}: remembered URL '#{session[:return_to]}'"
    end
  end

  def rescue_action_in_public(exception)
    render :status => 500, :text => <<-EOL
      <html><body>
        <h2>Internal Error</h2>
        <p>An application error occurred while processing your request.</p>
        <!-- \n#{exception}\n#{exception.backtrace.join("\n")}\n -->
      </body></html>
    EOL
  end

  def return_to_last_remembered
    # Forget the redirect location
    redirect_target, session[:return_to] = session[:return_to], nil
    tried_home, session[:tried_home] = session[:tried_home], false

    # then try to redirect to it
    if redirect_target.nil?
      if tried_home
        raise 'Application could not render the index page'
      else
        logger.debug("Session ##{session.object_id}: no remembered redirect location, trying home")
        redirect_home
      end
    else
      logger.debug("Session ##{session.object_id}: " +
          "redirect to the last remembered URL #{redirect_target}")
      redirect_to_url(redirect_target)
    end
  end

  def set_content_type_header
    if %w(rss_with_content rss_with_headlines).include?(action_name)
      response.headers['Content-Type'] = 'text/xml; charset=UTF-8'
    else
      response.headers['Content-Type'] = 'text/html; charset=UTF-8'
    end
  end

  def set_robots_metatag
    if controller_name == 'wiki' and %w(show published).include? action_name 
      @robots_metatag_value = 'index,follow'
    else
      @robots_metatag_value = 'noindex,nofollow'
    end
  end

  def setup_url_generator
    PageRenderer.setup_url_generator(UrlGenerator.new(self))
  end

  def teardown_url_generator
    PageRenderer.teardown_url_generator
  end

  def wiki
    self.class.wiki
  end

  private

  def in_a_web?
    not @web_name.nil?
  end

  def authorization_needed?
    not %w( login authenticate published rss_with_content rss_with_headlines ).include?(action_name)
  end

  def authorized?
    @web.nil? or
    @web.password.nil? or
    cookies[CGI.escape(@web_name)] == @web.password or
    password_check(params['password'])
  end

end
Initial import of the sources from SVN 2005-01-15 21:26:54 +01:00			`# The filters added to this controller will be run for all controllers in the application.`
			`# Likewise will all the methods added be available for all controllers.`
			`class ApplicationController < ActionController::Base`
ANTISPAM: included dnsbl_check - DNS Blackhole Lists check [thanks to joost from http://www.spacebabies.nl ] 2007-01-16 08:16:56 +01:00			`# require 'dnsbl_check'`
- AntiSPAM: included form-spam-protection rails plugin (Hivelogic Enkoder) - update: updated scripts and javascripts to rails 1.2.1 2007-02-13 14:24:03 +01:00			`protect_forms_from_spam`
ANTISPAM: included dnsbl_check - DNS Blackhole Lists check [thanks to joost from http://www.spacebabies.nl ] 2007-01-16 08:16:56 +01:00			`before_filter :dnsbl_check, :connect_to_model, :check_authorization, :setup_url_generator, :set_content_type_header, :set_robots_metatag`
Continue extracting URL generation logic from model classes 2005-09-10 13:07:40 +02:00			`after_filter :remember_location, :teardown_url_generator`
If there is a validation error, save action will redirect to the last known good location and set error message in a flash 2005-01-18 00:17:28 +01:00
Initial import of the sources from SVN 2005-01-15 21:26:54 +01:00			`# For injecting a different wiki model implementation. Intended for use in tests`
			`def self.wiki=(the_wiki)`
			`# a global variable is used here because Rails reloads controller and model classes in the`
			`# development environment; therefore, storing it as a class variable does not work`
			`# class variable is, anyway, not much different from a global variable`
move to AR 2005-08-09 04:20:28 +02:00			`#$instiki_wiki_service = the_wiki`
Initial import of the sources from SVN 2005-01-15 21:26:54 +01:00			`logger.debug("Wiki service: #{the_wiki.to_s}")`
			`end`
If there is a validation error, save action will redirect to the last known good location and set error message in a flash 2005-01-18 00:17:28 +01:00
Initial import of the sources from SVN 2005-01-15 21:26:54 +01:00			`def self.wiki`
move to AR 2005-08-09 04:20:28 +02:00			`Wiki.new`
Initial import of the sources from SVN 2005-01-15 21:26:54 +01:00			`end`
If there is a validation error, save action will redirect to the last known good location and set error message in a flash 2005-01-18 00:17:28 +01:00
			`protected`
Fixing FileController#import; sort of works, but fails on some interesting tests 2006-03-23 08:14:51 +01:00
File download (primitive implementation) 2005-01-22 03:49:52 +01:00			`def check_authorization`
Improved behavior of JavaScript in the author field [from I2 patch by court3nay] 2005-11-04 06:23:34 +01:00			`if in_a_web? and authorization_needed? and not authorized?`
RSS feeds are now smart about password-protected webs 2005-04-03 09:31:11 +02:00			`redirect_to :controller => 'wiki', :action => 'login', :web => @web_name`
File download (primitive implementation) 2005-01-22 03:49:52 +01:00			`return false`
			`end`
			`end`

Fixed connect_to_model filter extension in wiki_controller (using inheritance here was daft); accelerated tests somewhat 2006-03-24 08:53:20 +01:00			`def connect_to_model`
Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-08 00:46:00 +02:00			`@action_name = params['action'] \|\| 'index'`
			`@web_name = params['web']`
File download (primitive implementation) 2005-01-22 03:49:52 +01:00			`@wiki = wiki`
Fixing FileController#import; sort of works, but fails on some interesting tests 2006-03-23 08:14:51 +01:00			`@author = cookies['author'] \|\| 'AnonymousCoward'`
Return HTTP404 to requests pointing to a non-existant web name 2005-03-26 00:40:03 +01:00			`if @web_name`
[BREAKS BUILD] Some work on File uploads, half-done, committing as a backup 2005-11-13 14:37:47 +01:00			`@web = @wiki.webs[@web_name]`
Return HTTP404 to requests pointing to a non-existant web name 2005-03-26 00:40:03 +01:00			`if @web.nil?`
Fixing FileController#import; sort of works, but fails on some interesting tests 2006-03-23 08:14:51 +01:00			`render(:status => 404, :text => "Unknown web '#{@web_name}'")`
			`return false`
Return HTTP404 to requests pointing to a non-existant web name 2005-03-26 00:40:03 +01:00			`end`
			`end`
File download (primitive implementation) 2005-01-22 03:49:52 +01:00			`end`

Actions that send files to browser smartly determine content-type HTTP header by the file name extnsion 2005-01-22 15:58:43 +01:00			`FILE_TYPES = {`
			`'.exe' => 'application/octet-stream',`
			`'.gif' => 'image/gif',`
			`'.jpg' => 'image/jpeg',`
			`'.pdf' => 'application/pdf',`
			`'.png' => 'image/png',`
			`'.txt' => 'text/plain',`
			`'.zip' => 'application/zip'`
Cleared another reload warning 2005-04-07 07:14:02 +02:00			`} unless defined? FILE_TYPES`
Actions that send files to browser smartly determine content-type HTTP header by the file name extnsion 2005-01-22 15:58:43 +01:00
Added disposition to HTTP headers for sending files 2006-03-12 05:53:39 +01:00			`DISPOSITION = {`
			`'application/octet-stream' => 'attachment',`
			`'image/gif' => 'inline',`
			`'image/jpeg' => 'inline',`
			`'application/pdf' => 'inline',`
			`'image/png' => 'inline',`
			`'text/plain' => 'inline',`
			`'application/zip' => 'attachment'`
			`} unless defined? DISPOSITION`

			`def determine_file_options_for(file_name, original_options = {})`
			`original_options[:type] \|\|= (FILE_TYPES[File.extname(file_name)] or 'application/octet-stream')`
			`original_options[:disposition] \|\|= (DISPOSITION[original_options[:type]] or 'attachment')`
			`original_options[:stream] \|\|= false`
			`original_options`
[BREAKS BUILD] Some work on File uploads, half-done, committing as a backup 2005-11-13 14:37:47 +01:00			`end`

Actions that send files to browser smartly determine content-type HTTP header by the file name extnsion 2005-01-22 15:58:43 +01:00			`def send_file(file, options = {})`
Added disposition to HTTP headers for sending files 2006-03-12 05:53:39 +01:00			`determine_file_options_for(file, options)`
Actions that send files to browser smartly determine content-type HTTP header by the file name extnsion 2005-01-22 15:58:43 +01:00			`super(file, options)`
			`end`

Fixed web password protection (was broken by earlier refactoring), also adcded some user-friendlines to it 2005-03-26 16:43:59 +01:00			`def password_check(password)`
			`if password == @web.password`
cookie fix: being logged in on more Webs at once works now [Jaques Distler] 2007-02-10 10:47:36 +01:00			`cookies[CGI.escape(@web_name)] = password`
Fixed web password protection (was broken by earlier refactoring), also adcded some user-friendlines to it 2005-03-26 16:43:59 +01:00			`true`
			`else`
			`false`
			`end`
			`end`

enhanced password checking behavior in remove_orphaned_pages; extracted password error to application 2005-02-05 14:34:12 +01:00			`def password_error(password)`
			`if password.nil? or password.empty?`
			`'Please enter the password.'`
			`else`
			`'You entered a wrong password. Please enter the right one.'`
			`end`
			`end`

Renamed redirect_show to redirect_to_page and redirect_home 2005-04-29 01:07:42 +02:00			`def redirect_home(web = @web_name)`
redirect_to_last_remembered raises an error when it fails to redirect to home - instead of trying retrying endlessly 2005-05-09 07:53:47 +02:00			`if web`
			`redirect_to_page('HomePage', web)`
			`else`
			`redirect_to_url '/'`
			`end`
Renamed redirect_show to redirect_to_page and redirect_home 2005-04-29 01:07:42 +02:00			`end`

			`def redirect_to_page(page_name = @page_name, web = @web_name)`
Extracted AdminController from WikiController 2005-01-28 02:24:31 +01:00			`redirect_to :web => web, :controller => 'wiki', :action => 'show',`
A bit of spit and polish 2005-11-02 10:04:53 +01:00			`:id => (page_name or 'HomePage')`
Extracted AdminController from WikiController 2005-01-28 02:24:31 +01:00			`end`

If there is a validation error, save action will redirect to the last known good location and set error message in a flash 2005-01-18 00:17:28 +01:00			`def remember_location`
Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-08 00:46:00 +02:00			`if request.method == :get and`
			`response.headers['Status'] == '200 OK' and not`
A bit of spit and polish 2005-11-02 10:04:53 +01:00			`%w(locked save back file pic import).include?(action_name)`
Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-08 00:46:00 +02:00			`session[:return_to] = request.request_uri`
			`logger.debug "Session ##{session.object_id}: remembered URL '#{session[:return_to]}'"`
If there is a validation error, save action will redirect to the last known good location and set error message in a flash 2005-01-18 00:17:28 +01:00			`end`
			`end`

HTML-escaping of error and info messages 2005-05-09 06:31:02 +02:00			`def rescue_action_in_public(exception)`
A bit of spit and polish 2005-11-02 10:04:53 +01:00			`render :status => 500, :text => <<-EOL`
Improved error handling in wiki/save (ticket:153) 2005-05-09 07:16:20 +02:00			`<html><body>`
A bit of spit and polish 2005-11-02 10:04:53 +01:00			`<h2>Internal Error</h2>`
Improved error handling in wiki/save (ticket:153) 2005-05-09 07:16:20 +02:00			`<p>An application error occurred while processing your request.</p>`
A bit of spit and polish 2005-11-02 10:04:53 +01:00			`<!-- \n#{exception}\n#{exception.backtrace.join("\n")}\n -->`
Improved error handling in wiki/save (ticket:153) 2005-05-09 07:16:20 +02:00			`</body></html>`
HTML-escaping of error and info messages 2005-05-09 06:31:02 +02:00			`EOL`
			`end`
Improved error handling in wiki/save (ticket:153) 2005-05-09 07:16:20 +02:00
If there is a validation error, save action will redirect to the last known good location and set error message in a flash 2005-01-18 00:17:28 +01:00			`def return_to_last_remembered`
			`# Forget the redirect location`
Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-08 00:46:00 +02:00			`redirect_target, session[:return_to] = session[:return_to], nil`
			`tried_home, session[:tried_home] = session[:tried_home], false`
redirect_to_last_remembered raises an error when it fails to redirect to home - instead of trying retrying endlessly 2005-05-09 07:53:47 +02:00
If there is a validation error, save action will redirect to the last known good location and set error message in a flash 2005-01-18 00:17:28 +01:00			`# then try to redirect to it`
			`if redirect_target.nil?`
redirect_to_last_remembered raises an error when it fails to redirect to home - instead of trying retrying endlessly 2005-05-09 07:53:47 +02:00			`if tried_home`
			`raise 'Application could not render the index page'`
			`else`
			`logger.debug("Session ##{session.object_id}: no remembered redirect location, trying home")`
			`redirect_home`
			`end`
If there is a validation error, save action will redirect to the last known good location and set error message in a flash 2005-01-18 00:17:28 +01:00			`else`
Unsuccessful save unlocks the page; some tweaks and debug-level logging in in return_to_last_remembered 2005-01-18 01:36:43 +01:00			`logger.debug("Session ##{session.object_id}: " +`
			`"redirect to the last remembered URL #{redirect_target}")`
If there is a validation error, save action will redirect to the last known good location and set error message in a flash 2005-01-18 00:17:28 +01:00			`redirect_to_url(redirect_target)`
			`end`
			`end`

Fixed caching of RSS feeds; changed from caches_page to caches_action to make authentication and other filters work 2005-09-12 03:12:00 +02:00			`def set_content_type_header`
			`if %w(rss_with_content rss_with_headlines).include?(action_name)`
Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-08 00:46:00 +02:00			`response.headers['Content-Type'] = 'text/xml; charset=UTF-8'`
Fixed caching of RSS feeds; changed from caches_page to caches_action to make authentication and other filters work 2005-09-12 03:12:00 +02:00			`else`
Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-08 00:46:00 +02:00			`response.headers['Content-Type'] = 'text/html; charset=UTF-8'`
Fixed caching of RSS feeds; changed from caches_page to caches_action to make authentication and other filters work 2005-09-12 03:12:00 +02:00			`end`
Setting Content-Type to UTF-8, to be consistent with meta-data in the HTML itself 2005-01-21 20:41:46 +01:00			`end`

Added meta robots tag to the default layout; added error handling to published pages 2005-11-01 08:31:44 +01:00			`def set_robots_metatag`
			`if controller_name == 'wiki' and %w(show published).include? action_name`
			`@robots_metatag_value = 'index,follow'`
			`else`
			`@robots_metatag_value = 'noindex,nofollow'`
			`end`
			`end`

Continue extracting URL generation logic from model classes 2005-09-10 13:07:40 +02:00			`def setup_url_generator`
			`PageRenderer.setup_url_generator(UrlGenerator.new(self))`
			`end`

			`def teardown_url_generator`
			`PageRenderer.teardown_url_generator`
			`end`

File download (primitive implementation) 2005-01-22 03:49:52 +01:00			`def wiki`
move to AR 2005-08-09 04:20:28 +02:00			`self.class.wiki`
Beginnings of a FileController (serving the file upload feature) 2005-01-22 02:35:00 +01:00			`end`

Improved behavior of JavaScript in the author field [from I2 patch by court3nay] 2005-11-04 06:23:34 +01:00			`private`

			`def in_a_web?`
			`not @web_name.nil?`
			`end`

A bit of spit and polish 2005-11-02 10:04:53 +01:00			`def authorization_needed?`
			`not %w( login authenticate published rss_with_content rss_with_headlines ).include?(action_name)`
RSS feeds are now smart about password-protected webs 2005-04-03 09:31:11 +02:00			`end`

Improved behavior of JavaScript in the author field [from I2 patch by court3nay] 2005-11-04 06:23:34 +01:00			`def authorized?`
Fixed an NPE in ApplicationController#authorized? 2006-01-23 07:56:30 +01:00			`@web.nil? or`
Improved behavior of JavaScript in the author field [from I2 patch by court3nay] 2005-11-04 06:23:34 +01:00			`@web.password.nil? or`
cookie fix: being logged in on more Webs at once works now [Jaques Distler] 2007-02-10 10:47:36 +01:00			`cookies[CGI.escape(@web_name)] == @web.password or`
Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-08 00:46:00 +02:00			`password_check(params['password'])`
Improved behavior of JavaScript in the author field [from I2 patch by court3nay] 2005-11-04 06:23:34 +01:00			`end`

Initial import of the sources from SVN 2005-01-15 21:26:54 +01:00			`end`