diff --git a/.gitignore b/.gitignore
index fc3f879..cf9f7df 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,3 @@
-# See http://help.github.com/ignore-files/ for more about ignoring files.
-#
-# If you find yourself ignoring temporary files generated by your text editor
-# or operating system, you probably want to add a global ignore instead:
-# git config --global core.excludesfile ~/.gitignore_global
-
# Ignore bundler config
/.bundle
diff --git a/Gemfile b/Gemfile
index 1b17bfc..6c64663 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,24 +1,25 @@
source 'https://rubygems.org'
-gem 'rails', '3.2.12'
+gem 'rails', '4.1.0'
gem 'mysql2'
gem 'jquery-rails'
gem 'therubyracer'
-gem 'bcrypt-ruby', '~> 3.0.0' # To use ActiveModel's has_secure_password
+gem 'bcrypt-ruby' # To use ActiveModel's has_secure_password
gem 'simple_form'
gem 'sanitize'
-gem 'github-markdown'
+gem 'redcarpet'
gem 'hirb' #pretty console output
-gem 'rb-readline', '~> 0.4.2'
+gem 'rb-readline'
gem 'rest-client'
+gem 'activerecord-session_store'
# Gems used only for assets and not required
# in production environments by default.
group :assets do
- gem 'sass-rails', '~> 3.2.3'
- gem 'coffee-rails', '~> 3.2.1'
- gem 'uglifier', '>= 1.0.3'
+ gem 'sass-rails'
+ gem 'coffee-rails'
+ gem 'uglifier'
end
group :development do
diff --git a/Gemfile.lock b/Gemfile.lock
index 776c09b..49b0e0d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,159 +1,163 @@
GEM
remote: https://rubygems.org/
specs:
- actionmailer (3.2.12)
- actionpack (= 3.2.12)
- mail (~> 2.4.4)
- actionpack (3.2.12)
- activemodel (= 3.2.12)
- activesupport (= 3.2.12)
- builder (~> 3.0.0)
+ actionmailer (4.1.0)
+ actionpack (= 4.1.0)
+ actionview (= 4.1.0)
+ mail (~> 2.5.4)
+ actionpack (4.1.0)
+ actionview (= 4.1.0)
+ activesupport (= 4.1.0)
+ rack (~> 1.5.2)
+ rack-test (~> 0.6.2)
+ actionview (4.1.0)
+ activesupport (= 4.1.0)
+ builder (~> 3.1)
erubis (~> 2.7.0)
- journey (~> 1.0.4)
- rack (~> 1.4.5)
- rack-cache (~> 1.2)
- rack-test (~> 0.6.1)
- sprockets (~> 2.2.1)
- activemodel (3.2.12)
- activesupport (= 3.2.12)
- builder (~> 3.0.0)
- activerecord (3.2.12)
- activemodel (= 3.2.12)
- activesupport (= 3.2.12)
- arel (~> 3.0.2)
- tzinfo (~> 0.3.29)
- activeresource (3.2.12)
- activemodel (= 3.2.12)
- activesupport (= 3.2.12)
- activesupport (3.2.12)
- i18n (~> 0.6)
- multi_json (~> 1.0)
- arel (3.0.2)
- bcrypt-ruby (3.0.1)
- better_errors (0.7.2)
+ activemodel (4.1.0)
+ activesupport (= 4.1.0)
+ builder (~> 3.1)
+ activerecord (4.1.0)
+ activemodel (= 4.1.0)
+ activesupport (= 4.1.0)
+ arel (~> 5.0.0)
+ activerecord-session_store (0.1.0)
+ actionpack (>= 4.0.0, < 5)
+ activerecord (>= 4.0.0, < 5)
+ railties (>= 4.0.0, < 5)
+ activesupport (4.1.0)
+ i18n (~> 0.6, >= 0.6.9)
+ json (~> 1.7, >= 1.7.7)
+ minitest (~> 5.1)
+ thread_safe (~> 0.1)
+ tzinfo (~> 1.1)
+ arel (5.0.0)
+ bcrypt (3.1.7)
+ bcrypt-ruby (3.1.5)
+ bcrypt (>= 3.1.3)
+ better_errors (1.1.0)
coderay (>= 1.0.0)
erubis (>= 2.6.6)
- binding_of_caller (0.7.1)
+ binding_of_caller (0.7.2)
debug_inspector (>= 0.0.1)
- builder (3.0.4)
+ builder (3.2.2)
choice (0.1.6)
- coderay (1.0.9)
- coffee-rails (3.2.2)
+ coderay (1.1.0)
+ coffee-rails (4.0.1)
coffee-script (>= 2.2.0)
- railties (~> 3.2.0)
+ railties (>= 4.0.0, < 5.0)
coffee-script (2.2.0)
coffee-script-source
execjs
- coffee-script-source (1.6.2)
+ coffee-script-source (1.7.0)
debug_inspector (0.0.2)
- epic-editor-rails (0.2.3)
- railties (>= 3.2, < 5.0)
erubis (2.7.0)
- execjs (1.4.0)
- multi_json (~> 1.0)
- github-markdown (0.5.5)
- hike (1.2.2)
+ execjs (2.0.2)
+ hike (1.2.3)
hirb (0.7.1)
- i18n (0.6.4)
- journey (1.0.4)
- jquery-rails (2.2.1)
+ i18n (0.6.9)
+ jquery-rails (3.1.0)
railties (>= 3.0, < 5.0)
thor (>= 0.14, < 2.0)
- json (1.8.0)
- libv8 (3.11.8.17)
- mail (2.4.4)
- i18n (>= 0.4.0)
+ json (1.8.1)
+ libv8 (3.16.14.3)
+ mail (2.5.4)
mime-types (~> 1.16)
treetop (~> 1.4.8)
- mime-types (1.23)
- multi_json (1.7.3)
+ mime-types (1.25.1)
+ mini_portile (0.5.3)
+ minitest (5.3.2)
+ multi_json (1.9.2)
mysql2 (0.3.15)
- nokogiri (1.5.9)
- polyglot (0.3.3)
- rack (1.4.5)
- rack-cache (1.2)
- rack (>= 0.4)
- rack-ssl (1.3.3)
- rack
+ nokogiri (1.6.1)
+ mini_portile (~> 0.5.0)
+ polyglot (0.3.4)
+ rack (1.5.2)
rack-test (0.6.2)
rack (>= 1.0)
- rails (3.2.12)
- actionmailer (= 3.2.12)
- actionpack (= 3.2.12)
- activerecord (= 3.2.12)
- activeresource (= 3.2.12)
- activesupport (= 3.2.12)
- bundler (~> 1.0)
- railties (= 3.2.12)
+ rails (4.1.0)
+ actionmailer (= 4.1.0)
+ actionpack (= 4.1.0)
+ actionview (= 4.1.0)
+ activemodel (= 4.1.0)
+ activerecord (= 4.1.0)
+ activesupport (= 4.1.0)
+ bundler (>= 1.3.0, < 2.0)
+ railties (= 4.1.0)
+ sprockets-rails (~> 2.0)
rails-erd (1.1.0)
activerecord (>= 3.0)
activesupport (>= 3.0)
choice (~> 0.1.6)
ruby-graphviz (~> 1.0.4)
- railties (3.2.12)
- actionpack (= 3.2.12)
- activesupport (= 3.2.12)
- rack-ssl (~> 1.3.2)
+ railties (4.1.0)
+ actionpack (= 4.1.0)
+ activesupport (= 4.1.0)
rake (>= 0.8.7)
- rdoc (~> 3.4)
- thor (>= 0.14.6, < 2.0)
- rake (10.0.4)
- rb-readline (0.4.2)
- rdoc (3.12.2)
- json (~> 1.4)
- ref (1.0.4)
+ thor (>= 0.18.1, < 2.0)
+ rake (10.2.2)
+ rb-readline (0.5.1)
+ redcarpet (3.1.1)
+ ref (1.0.5)
rest-client (1.6.7)
mime-types (>= 1.16)
ruby-graphviz (1.0.9)
- sanitize (2.0.3)
- nokogiri (>= 1.4.4, < 1.6)
- sass (3.2.9)
- sass-rails (3.2.6)
- railties (~> 3.2.0)
- sass (>= 3.1.10)
- tilt (~> 1.3)
- simple_form (2.1.0)
- actionpack (~> 3.0)
- activemodel (~> 3.0)
- sprockets (2.2.2)
+ sanitize (2.1.0)
+ nokogiri (>= 1.4.4)
+ sass (3.2.19)
+ sass-rails (4.0.3)
+ railties (>= 4.0.0, < 5.0)
+ sass (~> 3.2.0)
+ sprockets (~> 2.8, <= 2.11.0)
+ sprockets-rails (~> 2.0)
+ simple_form (3.0.2)
+ actionpack (~> 4.0)
+ activemodel (~> 4.0)
+ sprockets (2.11.0)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
- therubyracer (0.11.4)
- libv8 (~> 3.11.8.12)
+ sprockets-rails (2.1.3)
+ actionpack (>= 3.0)
+ activesupport (>= 3.0)
+ sprockets (~> 2.8)
+ therubyracer (0.12.1)
+ libv8 (~> 3.16.14.0)
ref
- thor (0.18.1)
+ thor (0.19.1)
+ thread_safe (0.3.3)
tilt (1.4.1)
- treetop (1.4.12)
+ treetop (1.4.15)
polyglot
polyglot (>= 0.3.1)
- tzinfo (0.3.37)
- uglifier (2.1.1)
+ tzinfo (1.1.0)
+ thread_safe (~> 0.1)
+ uglifier (2.5.0)
execjs (>= 0.3.0)
- multi_json (~> 1.0, >= 1.0.2)
+ json (>= 1.8.0)
webrick (1.3.1)
PLATFORMS
ruby
DEPENDENCIES
- bcrypt-ruby (~> 3.0.0)
+ activerecord-session_store
+ bcrypt-ruby
better_errors
binding_of_caller
- coffee-rails (~> 3.2.1)
- epic-editor-rails
- github-markdown
+ coffee-rails
hirb
jquery-rails
mysql2
- rails (= 3.2.12)
+ rails (= 4.1.0)
rails-erd
- rb-readline (~> 0.4.2)
+ rb-readline
+ redcarpet
rest-client
sanitize
- sass-rails (~> 3.2.3)
+ sass-rails
simple_form
therubyracer
- uglifier (>= 1.0.3)
+ uglifier
webrick
diff --git a/app/assets/javascripts/app.js b/app/assets/javascripts/app.js
index c93433c..45a6318 100644
--- a/app/assets/javascripts/app.js
+++ b/app/assets/javascripts/app.js
@@ -21,4 +21,15 @@ $(function(){
})
});
}, 4000);
+ var pressed = new Array(10);
+ var keys = [38,38,40,40,37,39,37,39,66,65];
+ $(document).keydown(function(e) {
+ pressed.push(e.keyCode);
+ pressed.shift();
+ if ( pressed.toString() == keys.toString() ) {
+ $('html').css('overflow-x', 'hidden');
+ $('body').css('animation', '1s alternate-reverse infinite wiggle');
+ $('img').css('transform', 'rotate(180deg)');
+ }
+ });
});
\ No newline at end of file
diff --git a/app/assets/stylesheets/screen.css.scss b/app/assets/stylesheets/screen.css.scss
index 1ba6182..83dc9ce 100644
--- a/app/assets/stylesheets/screen.css.scss
+++ b/app/assets/stylesheets/screen.css.scss
@@ -1,4 +1,12 @@
-/* CSS for PCs only */
+@keyframes wiggle {
+ 0% {transform: rotate(-3deg);}
+ 100% {transform: rotate(3deg);}
+}
+@-webkit-keyframes wiggle {
+ 0% {transform: rotate(-3deg);}
+ 100% {transform: rotate(3deg);}
+}
+
@media only screen
and (min-width: 0px) //TODO
@@ -59,7 +67,6 @@ and (min-width: 0px) //TODO
height: 50px;
border-bottom: 1px solid #363636;
position: relative;
- text-shadow: 0 1px 1px #222;
#logo {
width: 100px;
height: 100px;
@@ -81,7 +88,7 @@ and (min-width: 0px) //TODO
display: inline-block;
color: #fff;
&:hover {
- color: #bbb;
+ color: #f66;
}
}
li {
@@ -355,7 +362,7 @@ and (min-width: 0px) //TODO
background: #ddd;
border: none;
height: 3em;
- margin: 0;
+ margin: 4px 0 0 0;
padding: 0.5em 1em;
width: 100%;
}
@@ -399,7 +406,7 @@ and (min-width: 0px) //TODO
box-shadow: 0 0 5px #faa inset;
border-bottom: none;
}
- .validation-error {
+ .validation-error, .error {
display: inline-block;
padding: 0 1em;
width: 100%;
@@ -591,6 +598,10 @@ and (min-width: 0px) //TODO
font-weight: bold;
}
+ del {
+ background: rgba(255, 200, 200, 0.5);
+ }
+
.comment-counter {
float: right;
}
diff --git a/app/controllers/blogposts_controller.rb b/app/controllers/blogposts_controller.rb
index 92b450b..0baebee 100644
--- a/app/controllers/blogposts_controller.rb
+++ b/app/controllers/blogposts_controller.rb
@@ -29,7 +29,7 @@ class BlogpostsController < ApplicationController
def create
if mod?
- @post = Blogpost.new(params[:blogpost].slice(:title, :content))
+ @post = Blogpost.new(post_params)
@post.user_author = current_user
if @post.save
redirect_to @post, notice: 'Post has been created.'
@@ -47,7 +47,7 @@ class BlogpostsController < ApplicationController
@post = Blogpost.find(params[:id])
if mod? || @comment.author.is?(current_user)
@post.user_editor = current_user
- if @post.update_attributes(params[:blogpost].slice(:title, :content, :user_editor))
+ if @post.update_attributes(post_params([:user_editor]))
redirect_to @post, notice: 'Post has been updated.'
else
flash[:alert] = "There was a problem while updating the post"
@@ -69,4 +69,13 @@ class BlogpostsController < ApplicationController
end
redirect_to blogposts_path
end
-end
+
+
+ private
+
+ def post_params(add = [])
+ a = [:title, :content]
+ a += add
+ params.require(:blogpost).permit(a)
+ end
+end
\ No newline at end of file
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
index 68a229b..77e77cf 100644
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -11,12 +11,11 @@ class CommentsController < ApplicationController
def create
if confirmed?
- params[:comment].slice!("content") if params[:comment]
- @comment = Comment.new(params[:comment])
+ @comment = Comment.new(comment_params)
@comment.user_author = current_user
@comment.blogpost = Blogpost.find(params[:blogpost_id])
if @comment.save
- redirect_to @comment.blogpost, notice: 'Comment created!'
+ redirect_to blogpost_path(@comment.blogpost) + "#comment-#{@comment.id}", notice: 'Comment created!'
else
flash[:alert] = "Could not create comment."
redirect_to Blogpost.find(params[:blogpost_id])
@@ -30,10 +29,9 @@ class CommentsController < ApplicationController
def update
@comment = Comment.find(params[:id])
if mod? || @comment.author.is?(current_user)
- params[:comment].slice!("content") if params[:comment]
- if @comment.update_attributes(params[:comment])
+ if @comment.update_attributes(comment_params)
flash[:notice] = "Comment updated!"
- redirect_to @comment.blogpost
+ redirect_to blogpost_path(@comment.blogpost) + "#comment-#{@comment.id}"
else
flash[:alert] = "There was a problem while updating your comment"
render action: "edit"
@@ -57,4 +55,10 @@ class CommentsController < ApplicationController
end
redirect_to @comment.blogpost
end
+
+ private
+
+ def comment_params
+ params.require(:comment).permit(:content)
+ end
end
\ No newline at end of file
diff --git a/app/controllers/forumgroups_controller.rb b/app/controllers/forumgroups_controller.rb
index 87e3ff2..38fc38f 100644
--- a/app/controllers/forumgroups_controller.rb
+++ b/app/controllers/forumgroups_controller.rb
@@ -5,7 +5,7 @@ class ForumgroupsController < ApplicationController
end
def show
- redirect_to forums_path + "#forums-#{params[:id]}"
+ redirect_to forums_path + "#forum-#{params[:id]}"
end
def edit
@@ -19,7 +19,7 @@ class ForumgroupsController < ApplicationController
def update
if admin?
@group = Forumgroup.find(params[:id])
- if @group.update_attributes(params[:forumgroup])
+ if @group.update_attributes(group_params)
flash[:notice] = "Forum group updated"
redirect_to @group
else
@@ -42,7 +42,7 @@ class ForumgroupsController < ApplicationController
def create
if admin?
- @group = Forumgroup.new(params[:forumgroup])
+ @group = Forumgroup.new(group_params)
if @group.save
flash[:notice] = "Forum group created."
redirect_to @group
@@ -56,6 +56,11 @@ class ForumgroupsController < ApplicationController
end
end
+ private
+ def group_params(add = [])
+ a = [:name, :position, :role_read, :role_write] + add
+ params.require(:forumgroup).permit(a)
+ end
end
\ No newline at end of file
diff --git a/app/controllers/forums_controller.rb b/app/controllers/forums_controller.rb
index 9d82b27..df3cf6c 100644
--- a/app/controllers/forums_controller.rb
+++ b/app/controllers/forums_controller.rb
@@ -1,9 +1,8 @@
class ForumsController < ApplicationController
- before_filter :check_permission, only: [:show]
+ before_filter :check_permission, only: [:show, :edit, :update]
def index
- @groups = Forumgroup.all
- @groups.select!{|g| g.can_read?(current_user) }
+ @groups = Forumgroup.select {|g| g.can_read?(current_user) }
@groups.sort_by!{|g| g[:position]}
end
@@ -11,19 +10,36 @@ class ForumsController < ApplicationController
@threads = @forum.forumthreads.order("sticky desc, updated_at desc")
end
+ def edit
+ end
+
def new
if admin?
- @group = Forumgroup.find(params[:forumgroup])
@forum = Forum.new(forumgroup: @group)
+ @forum.forumgroup = Forumgroup.find(params[:forumgroup])
else
flash[:alert] = "You are not allowed to create a forum."
redirect_to forums_path
end
end
+ def update
+ if admin?
+ if @forum.update_attributes(forum_params)
+ flash[:notice] = "Forum updated"
+ redirect_to @forum
+ else
+ flash[:alert] = "Something went wrong"
+ end
+ else
+ flash[:alert] = "You are not allowed to change a forum"
+ redirect_to @forum
+ end
+ end
+
def create
if admin?
- @forum = Forum.new(params[:forum])
+ @forum = Forum.new(forum_params)
@forum.forumgroup = Forumgroup.find(params[:forum][:forumgroup_id])
if @forum.save
flash[:notice] = "Forum created."
@@ -49,5 +65,8 @@ class ForumsController < ApplicationController
end
end
-
+ def forum_params(add = [])
+ a = [:name, :position, :role_read, :role_write] + add
+ params.require(:forum).permit(a)
+ end
end
\ No newline at end of file
diff --git a/app/controllers/forumthreads_controller.rb b/app/controllers/forumthreads_controller.rb
index b3b0ecc..40e9413 100644
--- a/app/controllers/forumthreads_controller.rb
+++ b/app/controllers/forumthreads_controller.rb
@@ -12,7 +12,7 @@ class ForumthreadsController < ApplicationController
def update
if mod? || @thread.author.is?(current_user)
@thread.user_editor = current_user
- if @thread.update_attributes(params[:forumthread].slice(:title, :content, :user_editor))
+ if @thread.update_attributes thread_params([:user_editor])
redirect_to @thread, notice: 'Post has been updated.'
else
flash[:alert] = "There was a problem while updating the post"
@@ -28,16 +28,15 @@ class ForumthreadsController < ApplicationController
end
def new
- @forum = Forum.find(params[:forum_id])
- unless @forum.can_write?(current_user)
- flash[:alert] = "You are not allowed to view this forum"
+ @thread = Forumthread.new(forum: Forum.find(params[:forum]))
+ unless @thread.forum.can_write?(current_user)
+ flash[:alert] = "You are not allowed to write in this forum"
redirect_to forums_path
end
- @thread = Forumthread.new(forum: @forum)
end
def create
- @thread = Forumthread.new(mod? ? params[:forumthread] : params[:forumthread].slice(:title, :content))
+ @thread = Forumthread.new(mod? ? thread_params([:sticky, :locked]) : thread_params)
if @thread.can_write?(current_user)
@thread.user_author = current_user
@thread.forum = @thread.forum
@@ -69,5 +68,9 @@ class ForumthreadsController < ApplicationController
end
end
-
+ def thread_params(add = [])
+ a = [:title, :content]
+ a += add
+ params.require(:Forumthread).permit(a)
+ end
end
\ No newline at end of file
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 0532fc4..661536b 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,6 +1,6 @@
class UsersController < ApplicationController
-require 'open-uri'
+ require 'open-uri'
def index
if params[:role]
@@ -10,10 +10,10 @@ require 'open-uri'
@users = User.find_all_by_role_id(Role.get(params[:role]))
end
else
- @users = User.all
- @users.shift() #Remove first user
+ @users = User.all.to_a
+ @users.shift #Remove first user
end
- @users = @users.sort_by{|u| u.role}.reverse!
+ @users = @users.to_a.sort_by{|u| u.role}.reverse!
end
def show
@@ -80,7 +80,7 @@ require 'open-uri'
flash[:notice] = "You are already signed up!"
redirect_to current_user
else
- @user = User.new(params[:user] ? params[:user].slice(:ign, :email, :password, :password_confirmation) : {} )
+ @user = User.new(user_params)
user_profile = @user.get_profile
if user_profile
@user.uuid = user_profile["id"]
@@ -125,7 +125,7 @@ require 'open-uri'
def update
@user = User.find(params[:id])
if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?)
- userdata = params[:user] ? params[:user].slice(:name, :ign, :role_id, :skype, :skype_public, :youtube, :twitter, :about, :password, :password_confirmation) : {}
+ userdata = user_params([:name, :role_id, :skype, :skype_public, :youtube, :twitter, :about])
if userdata[:role_id]
role = Role.find(userdata[:role_id])
if (mod? && role <= current_user.role)
@@ -235,4 +235,8 @@ require 'open-uri'
user_token && user_token.token == token
end
+ def user_params(add = [])
+ a = [:ign, :email, :password, :password_confirmation] + add
+ params.require(:user).permit(a)
+ end
end
\ No newline at end of file
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 01c328a..89b444d 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -14,4 +14,53 @@ module ApplicationHelper
end
return isopen
end
+
+ def render_md(content)
+ renderer = Redcarpet::Render::HTML.new({
+ filter_html: true,
+ no_styles: true,
+ safe_links_only: true,
+ hard_wrap: true,
+ link_attributes: {target: "_blank", rel: "nofollow"}
+ })
+ md = Redcarpet::Markdown.new(renderer, {
+ no_intra_emphasis: true,
+ tables: true,
+ fenced_code_blocks: true,
+ autolink: true,
+ strikethrough: true,
+ lax_spacing: true,
+ disable_indented_code_blocks: false,
+ space_after_headers: false,
+ underline: true,
+ highlight: true,
+ footnotes: true
+ })
+ md.render(content)
+ end
+
+ def render_mini_md(content)
+ renderer = Redcarpet::Render::HTML.new({
+ filter_html: true,
+ no_images: true,
+ no_styles: true,
+ safe_links_only: true,
+ hard_wrap: false,
+ link_attributes: {target: "_blank", rel: "nofollow"}
+ })
+ md = Redcarpet::Markdown.new(renderer, {
+ no_intra_emphasis: true,
+ tables: false,
+ fenced_code_blocks: false,
+ autolink: true,
+ strikethrough: true,
+ lax_spacing: false,
+ disable_indented_code_blocks: true,
+ space_after_headers: true,
+ underline: true,
+ highlight: true,
+ footnotes: false
+ })
+ md.render(content)
+ end
end
\ No newline at end of file
diff --git a/app/models/blogpost.rb b/app/models/blogpost.rb
index c6a1409..61351c4 100644
--- a/app/models/blogpost.rb
+++ b/app/models/blogpost.rb
@@ -1,5 +1,5 @@
class Blogpost < ActiveRecord::Base
- attr_accessible :title, :content, :author, :editor
+
validates_presence_of :title, :content, :author
belongs_to :user_author, class_name: "User", foreign_key: "user_author_id"
belongs_to :user_editor, class_name: "User", foreign_key: "user_editor_id"
diff --git a/app/models/comment.rb b/app/models/comment.rb
index fb6265b..afc9114 100644
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -1,5 +1,5 @@
class Comment < ActiveRecord::Base
- attr_accessible :content, :author, :blogpost, :post
+
validates_presence_of :content, :author, :blogpost
validates_length_of :content, in: 4..1000
diff --git a/app/models/forum.rb b/app/models/forum.rb
index 4d04427..3d22689 100644
--- a/app/models/forum.rb
+++ b/app/models/forum.rb
@@ -4,8 +4,6 @@ class Forum < ActiveRecord::Base
belongs_to :role_read, class_name: "Role", foreign_key: "role_read_id"
belongs_to :role_write, class_name: "Role", foreign_key: "role_write_id"
- attr_accessible :name, :position, :role_read, :role_write, :role_read_id, :role_write_id, :forumgroup, :forumgroup_id
-
def to_s
name
end
diff --git a/app/models/forumgroup.rb b/app/models/forumgroup.rb
index a3f8e2b..b15e01f 100644
--- a/app/models/forumgroup.rb
+++ b/app/models/forumgroup.rb
@@ -4,7 +4,7 @@ class Forumgroup < ActiveRecord::Base
belongs_to :role_write, class_name: "Role", foreign_key: "role_write_id"
accepts_nested_attributes_for :forums
- attr_accessible :name, :position, :role_read, :role_write, :role_read_id, :role_write_id
+
validates_presence_of :name, :position
validates_length_of :name, in: 2..20
diff --git a/app/models/forumthread.rb b/app/models/forumthread.rb
index 7fd34a5..0af46bd 100644
--- a/app/models/forumthread.rb
+++ b/app/models/forumthread.rb
@@ -4,7 +4,7 @@ class Forumthread < ActiveRecord::Base
belongs_to :user_editor, class_name: "User", foreign_key: "user_editor_id"
has_many :threadreplies
- attr_accessible :title, :content, :sticky, :locked, :user_author, :user_editor, :forum
+
validates_presence_of :title, :author, :forum
validates_presence_of :content
diff --git a/app/models/role.rb b/app/models/role.rb
index 3c28de9..cd93ad9 100644
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -1,7 +1,7 @@
class Role < ActiveRecord::Base
include Comparable
has_many :users
- attr_accessible :name, :value
+
def to_s
self.name
diff --git a/app/models/threadreply.rb b/app/models/threadreply.rb
index 03b28d3..bd6e57b 100644
--- a/app/models/threadreply.rb
+++ b/app/models/threadreply.rb
@@ -3,7 +3,7 @@ class Threadreply < ActiveRecord::Base
belongs_to :user_author, class_name: "User", foreign_key: "user_author_id"
belongs_to :user_editor, class_name: "User", foreign_key: "user_editor_id"
- attr_accessible :title, :content, :sticky, :locked, :user_author, :user_editor, :forumthread
+
validates_presence_of :content
validates_length_of :content, in: 2..10000
diff --git a/app/models/user.rb b/app/models/user.rb
index 0245424..95fc8df 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -3,7 +3,7 @@ class User < ActiveRecord::Base
include Rails.application.routes.url_helpers
belongs_to :role
- attr_accessible :uuid, :confirmed, :name, :password, :password_confirmation, :ign, :email, :email_token, :about, :last_ip, :skype, :skype_public, :youtube, :youtube_channelname, :twitter, :last_seen, :role, :role_id
+
has_secure_password
@@ -17,8 +17,8 @@ class User < ActiveRecord::Base
validates_length_of :about, maximum: 5000
validates_length_of :ign, minimum: 2, maximum: 16
- validates :email, uniqueness: {case_sensitive: false}, format: {with: /^.+@.+\..{2,}$/i, message: "That doesn't look like an email adress."}
- validates :ign, uniqueness: {case_sensitive: false}, format: {with: /^[a-z\d_]+$/i, message: "That is probably not your username."}
+ validates :email, uniqueness: {case_sensitive: false}, format: {with: /\A.+@.+\..{2,}\z/i, message: "That doesn't look like an email adress."}
+ validates :ign, uniqueness: {case_sensitive: false}, format: {with: /\A[a-z\d_]+\z/i, message: "That is probably not your username."}
validate :has_paid, :if => lambda {|user| user.ign_changed? }
@@ -101,12 +101,10 @@ class User < ActiveRecord::Base
response = open("https://sessionserver.mojang.com/session/minecraft/profile/#{CGI.escape(self.uuid)}", read_timeout: 0.5)
if response.status[0] == "200"
session_profile = JSON.load(response.read)
- if session_profile["legacy"] == true
- return open("https://minecraft.net/haspaid.jsp?#{{user: self.ign}.to_query}", read_timeout: 0.5).read == "true"
- else
- return true
- end
+ # unpaid accounts are called 'demo' accounts
+ return session_profile["demo"] == true
elsif response.status[0] == "204"
+ # user doesn't exist
return false
else
puts "---"
diff --git a/app/views/blogposts/edit.html.erb b/app/views/blogposts/edit.html.erb
index 35fa6b8..1f7f428 100644
--- a/app/views/blogposts/edit.html.erb
+++ b/app/views/blogposts/edit.html.erb
@@ -2,7 +2,7 @@
Note: You can use <%= link_to "Markdown", "https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet", target: "_blank" %>!
<%= simple_form_for @post do |f|%>
<%= f.input :title, :label => false %>
- <%= f.hidden_field :content, :label => false, input_html: {class: "full-width vertical"} %>
- <%= f.submit "Update Post", class: "btn blue left" %>
+ <%= f.text_area :content, :label => false, input_html: {class: "full-width vertical"} %>
+ <%= f.submit "Update Post", class: "btn blue left" %>
<% end %>
-<%= button_to "Delete post", @post, :method => "delete", :confirm => "Delete post & comments forever?", class: "btn red right" %>
\ No newline at end of file
+<%= button_to "Delete post", @post, :method => "delete", :confirm => "Delete post & comments forever?", class: "btn red right" %>
\ No newline at end of file
diff --git a/app/views/blogposts/index.atom.builder b/app/views/blogposts/index.atom.builder
index aee43de..5f1c05e 100644
--- a/app/views/blogposts/index.atom.builder
+++ b/app/views/blogposts/index.atom.builder
@@ -11,7 +11,7 @@ atom_feed do |feed|
end
entry.url blogpost_url(post)
entry.title post.title
- entry.content Sanitize.clean(GitHub::Markdown.render_gfm(post.content), Sanitize::Config::RELAXED).html_safe, :type => 'html'
+ entry.content Sanitize.clean(render_md(post.content), Sanitize::Config::RELAXED).html_safe, :type => 'html'
end
end
end
\ No newline at end of file
diff --git a/app/views/blogposts/index.html.erb b/app/views/blogposts/index.html.erb
index 5bcd690..e973d02 100644
--- a/app/views/blogposts/index.html.erb
+++ b/app/views/blogposts/index.html.erb
@@ -1,3 +1,4 @@
+News
<%= link_to 'Make new Post', new_blogpost_path, class: "btn blue" if mod? %>
<% @posts.each do |p| %>
@@ -12,7 +13,7 @@
<%= link_to truncate(p.title, length: 60, omission: " …"), p %>
- <%= Sanitize.clean(GitHub::Markdown.render_gfm(p.content), Sanitize::Config::RELAXED).html_safe %>
+ <%= Sanitize.clean(render_md(p.content), Sanitize::Config::RELAXED).html_safe %>
New Post
-Note: You can use <%= link_to "Markdown", "https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet", target: "_blank" %>!
<%= simple_form_for @post do |f|%>
<%= f.input :title, placeholder: "Title" %>
- <%= f.hidden_field :content, placeholder: "Text", input_html: {class: "full-width vertical"} %>
- <%= f.submit "Create Post", class: "btn blue left" %>
+ Note: You can use <%= link_to "Markdown", "https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet", target: "_blank" %>!
+ <%= f.text_area :content, placeholder: "Text", input_html: {class: "full-width vertical"} %>
+ <%= f.submit "Create Post", class: "btn blue left" %>
<% end %>
diff --git a/app/views/blogposts/show.html.erb b/app/views/blogposts/show.html.erb
index e860717..8941018 100644
--- a/app/views/blogposts/show.html.erb
+++ b/app/views/blogposts/show.html.erb
@@ -1,3 +1,4 @@
+<%= link_to "News", blogposts_path %> → <%= link_to @post.title %>
<%= link_to(image_tag(@post.author.avatar_url(64), class: "avatar"), @post.author, title: @post.author.ign) %>
\ No newline at end of file
diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb
index e8eb16e..7f77747 100644
--- a/app/views/comments/_comment.html.erb
+++ b/app/views/comments/_comment.html.erb
@@ -6,7 +6,7 @@
- <%= h(c.content).gsub(/(\s*?[\r\n]){3,}/, "\n\n").gsub("\n", "
").html_safe %>
+ <%= Sanitize.clean(render_mini_md(c.content.gsub(/([\r\n]+\s*?){3,}/, "\n\n")), Sanitize::Config::BASIC).html_safe %>
\ No newline at end of file
diff --git a/app/views/comments/_new.html.erb b/app/views/comments/_new.html.erb
index 2fad495..67729ba 100644
--- a/app/views/comments/_new.html.erb
+++ b/app/views/comments/_new.html.erb
@@ -1,6 +1,7 @@
<% if current_user %>
New comment
<%= simple_form_for [@post, @comment] do |f| %>
+ > quote | _underline_ | *italic* | **bold** | `code` | [link](https://example.com)
<%= f.input :content, :label => false, :as => "text", :placeholder => "Comment", input_html: {class: "comment"} %>
<%= f.submit class: "btn blue" %>
<% end %>
diff --git a/app/views/comments/edit.html.erb b/app/views/comments/edit.html.erb
index a29b07c..857e3ec 100644
--- a/app/views/comments/edit.html.erb
+++ b/app/views/comments/edit.html.erb
@@ -2,6 +2,6 @@
<%= simple_form_for [@comment.blogpost, @comment] do |f| %>
<%= f.input :content, label: false, as: "text", placeholder: "Comment" %>
- <%= f.submit "Update Comment", class: "btn blue left" %>
+
<%= f.submit "Update Comment", class: "btn blue left" %>
<% end %>
-<%= button_to "Delete comment", [@comment.blogpost, @comment] , method: "delete", confirm: "Delete comment forever?", class: "btn red right" %>
\ No newline at end of file
+<%= button_to "Delete comment", [@comment.blogpost, @comment] , method: "delete", confirm: "Delete comment forever?", class: "btn red right" %>
\ No newline at end of file
diff --git a/app/views/forumgroups/edit.html.erb b/app/views/forumgroups/edit.html.erb
index 85a7132..5f94ff2 100644
--- a/app/views/forumgroups/edit.html.erb
+++ b/app/views/forumgroups/edit.html.erb
@@ -1,4 +1,17 @@
-Edit forum group
+Manage Forums
+
+
+
+ <% @group.forums.each do |forum| %>
+ <%= link_to forum.name, edit_forum_path(forum), class: "item" %>
+ <% end %>
+
<%= link_to "Add Forum", new_forum_path(forumgroup: @group), class: "btn blue" %>
+
+
+Edit Forum Group
<% role_selection = Role.all_from_to(:normal, :admin).collect{|p|[p.name, p.id]} %>
<%= form_for @group do |f|%>
@@ -19,6 +32,6 @@
| <%= f.select :role_write_id, role_selection, include_blank: false %> |
- <%= f.submit "Update group", class: "btn blue" %>
+ <%= f.submit "Update group", class: "btn blue" %>
<% end %>
-<%= button_to "Delete group", @post, :method => "delete", :confirm => "Delete group?\nForums + Threads will not be accessible!", class: "btn red right" %>
\ No newline at end of file
+<%= button_to "Delete group", @post, :method => "delete", :confirm => "Delete group?\nForums + Threads will not be accessible!", class: "btn red right" %>
\ No newline at end of file
diff --git a/app/views/forumgroups/new.html.erb b/app/views/forumgroups/new.html.erb
index 4c8fc27..5a6b971 100644
--- a/app/views/forumgroups/new.html.erb
+++ b/app/views/forumgroups/new.html.erb
@@ -19,5 +19,5 @@
<%= f.select :role_write_id, role_selection, include_blank: false %> |
- <%= f.submit "Create group", class: "btn blue" %>
+ <%= f.submit "Create group", class: "btn blue" %>
<% end %>
\ No newline at end of file
diff --git a/app/views/forums/edit.html.erb b/app/views/forums/edit.html.erb
new file mode 100644
index 0000000..b338bec
--- /dev/null
+++ b/app/views/forums/edit.html.erb
@@ -0,0 +1,24 @@
+<%= link_to @forum.group, forumgroup_path(@forum.group) %> → <%= link_to @forum.name, @forum %>
+Edit Forum
+<% role_selection = Role.all_from_to(:normal, :admin).collect{|p|[p.name, p.id]} %>
+<%= form_for @forum do |f|%>
+
+
+ | <%= f.label :name %> |
+ <%= f.text_field :name, placeholder: "Name" %> |
+
+
+ | <%= f.label :position %> |
+ <%= f.number_field :position, placeholder: "Position" %> |
+
+
+ | <%= f.label :role_read_id, "Min. read role" %> |
+ <%= f.select :role_read_id, role_selection, include_blank: "None" %> |
+
+
+ | <%= f.label :role_write_id, "Min. write role" %> |
+ <%= f.select :role_write_id, role_selection, include_blank: false %> |
+
+
+ <%= f.submit "Update forum", class: "btn blue" %>
+<% end %>
\ No newline at end of file
diff --git a/app/views/forums/index.html.erb b/app/views/forums/index.html.erb
index 69c5959..9a4739a 100644
--- a/app/views/forums/index.html.erb
+++ b/app/views/forums/index.html.erb
@@ -1,10 +1,9 @@
<% @groups.each do |group| %>
-
+
diff --git a/app/views/forums/new.html.erb b/app/views/forums/new.html.erb
index 4c962d7..db2eab4 100644
--- a/app/views/forums/new.html.erb
+++ b/app/views/forums/new.html.erb
@@ -1,5 +1,5 @@
-<%= link_to @group, forumgroup_path(@group) %> → New forum
-
New forum forum
+<%= link_to @forum.group, forumgroup_path(@forum.group) %> → New forum
+
New Forum
<% role_selection = Role.all_from_to(:normal, :admin).collect{|p|[p.name, p.id]} %>
<%= form_for @forum do |f|%>
@@ -20,6 +20,6 @@
| <%= f.select :role_write_id, role_selection, include_blank: false %> |
- <%= f.hidden_field :forumgroup_id, value: @group.id %>
- <%= f.submit "Create forum", class: "btn blue" %>
+ <%= f.hidden_field :forumgroup_id, value: @forum.group.id %>
+
<%= f.submit "Create forum", class: "btn blue" %>
<% end %>
\ No newline at end of file
diff --git a/app/views/forums/show.html.erb b/app/views/forums/show.html.erb
index ac38a8f..e3fe5ae 100644
--- a/app/views/forums/show.html.erb
+++ b/app/views/forums/show.html.erb
@@ -17,4 +17,6 @@
<% end %>
-
<%= link_to "New thread", new_forumthread_path(forum_id: @forum), class: "btn blue" %>
\ No newline at end of file
+<% if @forum.can_write?(current_user) %>
+
<%= link_to "New thread", new_forumthread_path(forum: @forum), class: "btn blue" %>
+<% end %>
\ No newline at end of file
diff --git a/app/views/forumthreads/edit.html.erb b/app/views/forumthreads/edit.html.erb
index 8a96246..8b5d74b 100644
--- a/app/views/forumthreads/edit.html.erb
+++ b/app/views/forumthreads/edit.html.erb
@@ -2,7 +2,7 @@
Note: You can use <%= link_to "Markdown", "https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet", target: "_blank" %>!
<%= simple_form_for [@thread.forum, @thread] do |f|%>
<%= f.input :title, label: false %>
- <%= f.hidden_field :content, label: false, input_html: {class: "full-width vertical"} %>
+ <%= f.text_area :content, label: false, input_html: {class: "full-width vertical"} %>
<%= f.submit "Update thread", class: "btn blue left" %>
<% end %>
<%= button_to "Delete thread", [@thread.forum, @thread], :method => "delete", :confirm => "Delete thread & comments forever?", class: "btn red right" %>
\ No newline at end of file
diff --git a/app/views/forumthreads/new.html.erb b/app/views/forumthreads/new.html.erb
index 2d515dc..92d211b 100644
--- a/app/views/forumthreads/new.html.erb
+++ b/app/views/forumthreads/new.html.erb
@@ -1,6 +1,6 @@
-<%= link_to @forum.group, forumgroup_path(@forum.group) %> → <%= link_to @forum, @forum %> → New thread
+<%= link_to @thread.forum.group, forumgroup_path(@thread.forum.group) %> → <%= link_to @thread.forum, @thread.forum %> → New thread
New thread
-<%= form_for [@forum, @thread] do |f|%>
+<%= form_for @thread do |f|%>
<% if mod? %>
@@ -16,6 +16,6 @@
<%= f.text_field :title, placeholder: "Title" %>
- <%= f.hidden_field :content, placeholder: "Text" %>
+ <%= f.text_area :content, placeholder: "Text" %>
<%= f.submit "Create thread", class: "btn blue" %>
<% end %>
\ No newline at end of file
diff --git a/app/views/forumthreads/show.html.erb b/app/views/forumthreads/show.html.erb
index 8138159..9821d0a 100644
--- a/app/views/forumthreads/show.html.erb
+++ b/app/views/forumthreads/show.html.erb
@@ -8,7 +8,7 @@
<%= link_to truncate(@thread.title, length: 60, omission: " …"), p %>
- <%= Sanitize.clean(GitHub::Markdown.render_gfm(@thread.content), Sanitize::Config::RELAXED).html_safe %>
+ <%= Sanitize.clean(render_md(@thread.content), Sanitize::Config::RELAXED).html_safe %>
diff --git a/app/views/redstoner_mailer/register_mail.html.erb b/app/views/redstoner_mailer/register_mail.html.erb
index ce02398..6c35c8c 100644
--- a/app/views/redstoner_mailer/register_mail.html.erb
+++ b/app/views/redstoner_mailer/register_mail.html.erb
@@ -21,7 +21,7 @@ Hi <%= @user.name %>!
Please click this link to confirm your registration:
- <%= link_to "confirm my email", confirm_user_path(@user, code: @user.email_token, only_path: false), style: "text-decoration: none; color: #f2f2f2; padding: 0.5em 2em; background-color: #4096EE; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; display: inline-block; text-transform: uppercase;" %>
+ <%= link_to "confirm registration", confirm_user_path(@user, code: @user.email_token, only_path: false), style: "text-decoration: none; color: #f2f2f2; padding: 0.5em 2em; background-color: #4096EE; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; display: inline-block; text-transform: uppercase;" %>
diff --git a/config/application.rb b/config/application.rb
index ac556e0..e452eca 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -59,11 +59,6 @@ module Site
# like if you have constraints or database-specific column types
# config.active_record.schema_format = :sql
- # Enforce whitelist mode for mass assignment.
- # This will create an empty whitelist of attributes available for mass-assignment for all models
- # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
- # parameters by using an attr_accessible or attr_protected declaration.
- config.active_record.whitelist_attributes = true
# Enable the asset pipeline
config.assets.enabled = true
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 9d07dfd..d0e3153 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -29,9 +29,6 @@ Site::Application.configure do
# ActionMailer::Base.deliveries array.
config.action_mailer.delivery_method = :test
- # Raise exception on mass assignment protection for Active Record models
- config.active_record.mass_assignment_sanitizer = :strict
-
# Print deprecation notices to the stderr
config.active_support.deprecation = :stderr
end
diff --git a/config/routes.rb b/config/routes.rb
index bc668e3..1fe7e54 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -27,7 +27,7 @@ Site::Application.routes.draw do
resources :forumthreads, path: '/forums/threads'
resources :forumgroups, path: 'forums/groups'
- match '/status' => 'status#show'
+ get '/status' => 'status#show'
get "logout" => 'sessions#destroy'
get 'login' => 'sessions#new'
<%= "#{pluralize(@post.comments.length, 'comment')}." %>
<% @post.comments.each do |c| %> - <%= render "comments/comment", :c => c %> + <%= render "comments/comment", c: c %> <% end %> <%= render "comments/new" %>