Fixes for the review made by @javierm

this commit will be merged with the others when the chages are accepted
2018-08-24 15:11:54 +02:00
parent 88f0f14eab
commit d574657b77
10 changed files with 28 additions and 25 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -27,8 +27,16 @@ class ApplicationController < ActionController::Base
  respond_to :html
  helper_method :current_budget

+  before_action :set_user_for_ckeditor_pictures
+
  private

+    def set_user_for_ckeditor_pictures
+      if request.path == '/ckeditor/pictures' && request.request_method == 'POST'
+        params['user_id'] = current_user.id
+      end
+    end
+
    def authenticate_http_basic
      authenticate_or_request_with_http_basic do |username, password|
        username == Rails.application.secrets.http_basic_username && password == Rails.application.secrets.http_basic_password
--- a/app/controllers/ckeditor/pictures_controller.rb
+++ b/app/controllers/ckeditor/pictures_controller.rb
@@ -1,5 +1,7 @@
 class Ckeditor::PicturesController < Ckeditor::ApplicationController
+
  load_and_authorize_resource
+
  def index
    @pictures = Ckeditor.picture_adapter.find_all(ckeditor_pictures_scope)
    @pictures = Ckeditor::Paginatable.new(@pictures).page(params[:page])
@@ -10,7 +12,7 @@ class Ckeditor::PicturesController < Ckeditor::ApplicationController
  end

  def create
-    @picture = Ckeditor.picture_model.new
+    @picture = Ckeditor.picture_model.new(user_id: current_user.id)
    respond_with_asset(@picture)
  end

@@ -30,7 +32,7 @@ class Ckeditor::PicturesController < Ckeditor::ApplicationController
    end

    def authorize_resource
-      model = (@picture || Ckeditor.picture_model)
+      model = @picture || Ckeditor.picture_model
      @authorization_adapter.try(:authorize, params[:action], model)
    end
-end
+end
--- a/app/models/abilities/common.rb
+++ b/app/models/abilities/common.rb
@@ -5,6 +5,9 @@ module Abilities
    def initialize(user)
      merge Abilities::Everyone.new(user)

+      can :access, :ckeditor   # needed to access Ckeditor filebrowser
+      can [:access, :create, :destroy], Ckeditor::Picture, id: user.id
+
      can [:read, :update], User, id: user.id

      can :read, Debate
--- a/app/models/abilities/everyone.rb
+++ b/app/models/abilities/everyone.rb
@@ -3,10 +3,8 @@ module Abilities
    include CanCan::Ability

    def initialize(user)
-      can :access, :ckeditor   # needed to access Ckeditor filebrowser
-      can [:access, :read, :create, :destroy], Ckeditor::Picture
-      can [:access, :read, :create, :destroy], Ckeditor::AttachmentFile

+      can :read, Ckeditor::Picture
      can [:read, :map], Debate
      can [:read, :map, :summary, :share], Proposal
      can :read, Comment
--- a/app/models/ckeditor/attachment_file.rb
+++ b/app/models/ckeditor/attachment_file.rb
@@ -1,13 +0,0 @@
-class Ckeditor::AttachmentFile < Ckeditor::Asset
-  has_attached_file :data,
-                    url: '/ckeditor_assets/attachments/:id/:filename',
-                    path: ':rails_root/public/ckeditor_assets/attachments/:id/:filename'
-
-  validates_attachment_presence :data
-  validates_attachment_size :data, less_than: 100.megabytes
-  do_not_validate_attachment_file_type :data
-
-  def url_thumb
-    @url_thumb ||= Ckeditor::Utils.filethumb(filename)
-  end
-end
--- a/app/models/ckeditor/picture.rb
+++ b/app/models/ckeditor/picture.rb
@@ -4,9 +4,9 @@ class Ckeditor::Picture < Ckeditor::Asset
                    path: ':rails_root/public/ckeditor_assets/pictures/:id/:style_:basename.:extension',
                    styles: { content: '800>', thumb: '118x100#' }

-  validates_attachment_presence :data
-  validates_attachment_size :data, less_than: 2.megabytes
-  validates_attachment_content_type :data, content_type: /\Aimage/
+  # validates_attachment_presence :data
+  # validates_attachment_size :data, less_than: 2.megabytes
+  # validates_attachment_content_type :data, content_type: /\Aimage/

  def url_content
    url(:content)
--- a/config/initializers/ckeditor.rb
+++ b/config/initializers/ckeditor.rb
@@ -56,3 +56,5 @@ Ckeditor.setup do |config|
  # By default: "ckeditor/config.js"
  # config.js_config_url = 'ckeditor/config.js'
 end
+
+Ckeditor::PicturesController.send(:load_and_authorize_resource)
--- a/db/migrate/20180813141443_create_ckeditor_assets.rb
+++ b/db/migrate/20180813141443_create_ckeditor_assets.rb
@@ -7,10 +7,12 @@ class CreateCkeditorAssets < ActiveRecord::Migration
      t.string  :data_fingerprint
      t.string  :type, limit: 30

-      # Uncomment	it to save images dimensions, if your need it
+      # Uncomment	it to save images dimensions, if you need it
      t.integer :width
      t.integer :height

+      t.integer :user_id
+
      t.timestamps null: false
    end

--- a/db/schema.rb
+++ b/db/schema.rb
@@ -302,6 +302,7 @@ ActiveRecord::Schema.define(version: 20180813141443) do
    t.string   "type",              limit: 30
    t.integer  "width"
    t.integer  "height"
+    t.integer  "user_id"
    t.datetime "created_at",                   null: false
    t.datetime "updated_at",                   null: false
  end
--- a/lib/wysiwyg_sanitizer.rb
+++ b/lib/wysiwyg_sanitizer.rb
@@ -1,7 +1,7 @@
 class WYSIWYGSanitizer

-  ALLOWED_TAGS = %w(p ul ol li strong em u s)
-  ALLOWED_ATTRIBUTES = []
+  ALLOWED_TAGS = %w(p ul ol li strong em u s img a h1 h2 h3 h4 h6 pre addres div)
+  ALLOWED_ATTRIBUTES = %w(href style src alt)

  def sanitize(html)
    ActionController::Base.helpers.sanitize(html, tags: ALLOWED_TAGS, attributes: ALLOWED_ATTRIBUTES)