From e8e61ba24585e1f6f7c4414417e3456c3cec7bd3 Mon Sep 17 00:00:00 2001
From: xsrust <xsrust@gmail.com>
Date: Mon, 24 Jul 2017 10:55:16 +0100
Subject: [PATCH 1/7] init coverpage for public export #436

---
 app/controllers/plans_controller.rb   | 6 ++++++
 app/views/plans/public_export.pdf.erb | 9 ++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/app/controllers/plans_controller.rb b/app/controllers/plans_controller.rb
index 8bedcbc0c2..5a0be7199e 100644
--- a/app/controllers/plans_controller.rb
+++ b/app/controllers/plans_controller.rb
@@ -308,6 +308,12 @@ def public_export
     @a_s_ids = Question.where(id: @a_q_ids).pluck(:section_id).uniq
     a_p_ids = Section.where(id: @a_s_ids).pluck(:phase_id).uniq
     @phases = Phase.includes(sections: :questions).where(id: a_p_ids).order(:number)
+    @creator_text = @plan.owner.name(false)
+    @plan.roles.administrator.not_creator.each do |co_owner|
+      @creator_text += ", " + co_owner.name(false)
+    end
+    @affiliation = @plan.owner.org.abbreviation
+
 
     begin
       @exported_plan.save!
diff --git a/app/views/plans/public_export.pdf.erb b/app/views/plans/public_export.pdf.erb
index ca7fb8312d..5458fdc5a3 100644
--- a/app/views/plans/public_export.pdf.erb
+++ b/app/views/plans/public_export.pdf.erb
@@ -18,7 +18,14 @@
       </style>
   </head>
   <body>
-    <h1><%= @plan.title %></h1>
+    <div style="text-align:center;">
+      <h1><%= @plan.title %></h1>
+      <p><em><%= _("A Data Management Plan created using ") + Rails.configuration.branding[:application][:name] + "." %></em></p>
+    </div>
+    </br>
+    <p><%= _("Creator(s): ") + @creator_text %></p>    <br>
+    <p><%= _("Affiliation: ") + @affiliation %></p>    <br>
+    <p><%= _("Last Updated: ") + @plan.updated_at.to_date.to_s %></p> <br>
 
 		<p><%= _("Copyright information: The above plan creator(s) have agreed that others may use as much of the text of this plan as they would like in their own plans, and customise it as necessary. You do not need to credit the creator(s) as the source of the language used, but using any of the plan's text does not imply that the creator(s) endorse, or have any relationship to, your project or proposal") %></p>
     <% @phases.each do |phase| %>

From 91b0583726b2f1252e00da1403c94198c1f8ce1d Mon Sep 17 00:00:00 2001
From: xsrust <xsrust@gmail.com>
Date: Mon, 24 Jul 2017 15:16:58 +0100
Subject: [PATCH 2/7] patch for public export auth

---
 app/controllers/plans_controller.rb |  3 ++-
 app/policies/plan_policy.rb         | 29 +++--------------------------
 2 files changed, 5 insertions(+), 27 deletions(-)

diff --git a/app/controllers/plans_controller.rb b/app/controllers/plans_controller.rb
index 5a0be7199e..a5e245b373 100644
--- a/app/controllers/plans_controller.rb
+++ b/app/controllers/plans_controller.rb
@@ -2,7 +2,7 @@ class PlansController < ApplicationController
   require 'pp'
   helper SettingsTemplateHelper
 
-  after_action :verify_authorized, except: ['public_index', 'public_export']
+  after_action :verify_authorized, except: ['public_index']
 
   def index
     authorize Plan
@@ -292,6 +292,7 @@ def export
   # -------------------------------------------------------------
   def public_export
     @plan = Plan.find(params[:id])
+    authorize @plan
     # If the plan has multiple phases we should export each
     @exported_plan = ExportedPlan.new.tap do |ep|
       ep.plan = @plan
diff --git a/app/policies/plan_policy.rb b/app/policies/plan_policy.rb
index 99d9865646..22fd1f9957 100644
--- a/app/policies/plan_policy.rb
+++ b/app/policies/plan_policy.rb
@@ -3,7 +3,7 @@ class PlanPolicy < ApplicationPolicy
   attr_reader :plan
 
   def initialize(user, plan)
-    raise Pundit::NotAuthorizedError, "must be logged in" unless user
+    raise Pundit::NotAuthorizedError, "must be logged in" unless user || plan.publicly_visible?
     @user = user
     @plan = plan
   end
@@ -52,33 +52,10 @@ def set_test?
     @plan.administerable_by?(@user.id)&& Role.find_by(user_id: @user.id, plan_id: @plan.id).active
   end
 
-# TODO: These routes are no lonmger used
-=begin
-  def section_answers?
-    @plan.readable_by?(@user.id)
+  def public_export?
+    @plan.publicly_visible?
   end
 
-  def locked?
-    @plan.readable_by?(@user.id)
-  end
-
-  def delete_recent_locks?
-    @plan.editable_by?(@user.id)
-  end
-
-  def unlock_all_sections?
-    @plan.editable_by?(@user.id)
-  end
-
-  def lock_section?
-    @plan.editable_by?(@user.id)
-  end
-
-  def unlock_section?
-    @plan.editable_by?(@user.id)
-  end
-=end
-
   def answer?
     @plan.readable_by?(@user.id) && Role.find_by(user_id: @user.id, plan_id: @plan.id).active
   end

From f436fff95c2a94275ef525ffe22dffdd670f1376 Mon Sep 17 00:00:00 2001
From: xsrust <xsrust@gmail.com>
Date: Tue, 25 Jul 2017 11:31:57 +0100
Subject: [PATCH 3/7] #436 added discussed changes to coversheet.

---
 app/controllers/plans_controller.rb   | 39 +++++++++++++++++----------
 app/views/plans/public_export.pdf.erb | 15 +++++++++--
 2 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/app/controllers/plans_controller.rb b/app/controllers/plans_controller.rb
index a5e245b373..ecfd265bd5 100644
--- a/app/controllers/plans_controller.rb
+++ b/app/controllers/plans_controller.rb
@@ -38,13 +38,13 @@ def new
   def create
     @plan = Plan.new
     authorize @plan
-    
+
     @plan.principal_investigator = current_user.surname.blank? ? nil : "#{current_user.firstname} #{current_user.surname}"
     @plan.principal_investigator_email = current_user.email
-    
+
     orcid = current_user.identifier_for(IdentifierScheme.find_by(name: 'orcid'))
     @plan.principal_investigator_identifier = orcid.identifier unless orcid.nil?
-    
+
     @plan.funder_name = plan_params[:funder_name]
 
     @plan.visibility = (plan_params['visibility'].blank? ? Rails.application.config.default_plan_visibility :
@@ -127,7 +127,7 @@ def show
     @all_guidance_groups = @plan.get_guidance_group_options
     @all_ggs_grouped_by_org = @all_guidance_groups.sort.group_by(&:org)
     @selected_guidance_groups = @plan.guidance_groups
-    
+
     # Important ones come first on the page - we grab the user's org's GGs and "Organisation" org type GGs
     @important_ggs = []
     @important_ggs << [current_user.org, @all_ggs_grouped_by_org.delete(current_user.org)]
@@ -136,7 +136,7 @@ def show
         @important_ggs << [org,ggs]
         @all_ggs_grouped_by_org.delete(org)
       end
-      
+
       # If this is one of the already selected guidance groups its important!
       if !(ggs & @selected_guidance_groups).empty?
         @important_ggs << [org,ggs] unless @important_ggs.include?([org,ggs])
@@ -148,7 +148,7 @@ def show
     @important_ggs = @important_ggs.sort_by{|org,gg| (org.nil? ? '' : org.name)}
     @all_ggs_grouped_by_org = @all_ggs_grouped_by_org.sort_by {|org,gg| (org.nil? ? '' : org.name)}
     @selected_guidance_groups = @selected_guidance_groups.collect{|gg| gg.id}
-    
+
     @based_on = (@plan.template.customization_of.nil? ? @plan.template : Template.where(dmptemplate: @plan.template.customization_of).first)
 
     respond_to :html
@@ -175,7 +175,7 @@ def update
       end
     end
   end
-  
+
   def share
     @plan = Plan.find(params[:id])
     authorize @plan
@@ -288,12 +288,16 @@ def export
     end
   end
 
-  # GET /plans/[:plan_slug]/public_export
+  # GET /plans/[:plan_id]/public_export
   # -------------------------------------------------------------
   def public_export
     @plan = Plan.find(params[:id])
     authorize @plan
-    # If the plan has multiple phases we should export each
+    # This creates exported_plans with no user.
+    # Note for reviewers, The ExportedPlan model actually serves no purpose, except
+    # to store preferences for PDF export.  These preferences could be moved into
+    # the prefs table for individual users, and a more semsible structure implimented
+    # to track the exports & formats(html/pdf/ect) of users.
     @exported_plan = ExportedPlan.new.tap do |ep|
       ep.plan = @plan
       ep.phase_id = @plan.phases.first.id
@@ -309,11 +313,18 @@ def public_export
     @a_s_ids = Question.where(id: @a_q_ids).pluck(:section_id).uniq
     a_p_ids = Section.where(id: @a_s_ids).pluck(:phase_id).uniq
     @phases = Phase.includes(sections: :questions).where(id: a_p_ids).order(:number)
+    # name of owner and any co-owners
     @creator_text = @plan.owner.name(false)
     @plan.roles.administrator.not_creator.each do |co_owner|
       @creator_text += ", " + co_owner.name(false)
     end
-    @affiliation = @plan.owner.org.abbreviation
+    # Org name of plan owner
+    @affiliation = @plan.owner.org.name
+    # set the funder name
+    @funder = @plan.template.org.funder? ? @plan.template.org.name : nil
+    # set the template name and customizer name if applicable
+    @template = @plan.template.title
+    @customizer = @plan.template.customization_of.present? ? _(" Customised By: ") + @plan.template.org.name : ""
 
 
     begin
@@ -356,7 +367,7 @@ def duplicate
       end
     end
   end
-  
+
   # AJAX access to update the plan's visibility
   # POST /plans/:id
   def visibility
@@ -369,7 +380,7 @@ def visibility
       render status: :bad_request, json: {msg: _("Unable to change the plan's status")}
     end
   end
-  
+
   def set_test
     plan = Plan.find(params[:id])
     authorize plan
@@ -380,7 +391,7 @@ def set_test
       render status: :bad_request, json: {msg: _("Unable to change the plan's test status")}
     end
   end
-  
+
 
   private
 
@@ -409,7 +420,7 @@ def save_guidance_selections(guidance_group_ids)
     end
     @plan.save
   end
-  
+
 
   # different versions of the same template have the same dmptemplate_id
   # but different version numbers so for each set of templates with the
diff --git a/app/views/plans/public_export.pdf.erb b/app/views/plans/public_export.pdf.erb
index 5458fdc5a3..d039149158 100644
--- a/app/views/plans/public_export.pdf.erb
+++ b/app/views/plans/public_export.pdf.erb
@@ -25,11 +25,22 @@
     </br>
     <p><%= _("Creator(s): ") + @creator_text %></p>    <br>
     <p><%= _("Affiliation: ") + @affiliation %></p>    <br>
+    <% if @funder.present? %>
+      <p><%= _("Funder: ") + @funder %></p>   <br>
+    <% else %>
+      <p><%= _("Template: ") + @template + @customizer %></p>
+    <% end %>
+    <% if @plan.grant_number.present? %>
+      <p><%= _("Grant Number: ") + @plan.grant_number %></p>
+    <% end %>
+    <% if @plan.description.present? %>
+      <p><%= _("Description: ") + @plan.description %></p>
+    <% end %>
     <p><%= _("Last Updated: ") + @plan.updated_at.to_date.to_s %></p> <br>
 
 		<p><%= _("Copyright information: The above plan creator(s) have agreed that others may use as much of the text of this plan as they would like in their own plans, and customise it as necessary. You do not need to credit the creator(s) as the source of the language used, but using any of the plan's text does not imply that the creator(s) endorse, or have any relationship to, your project or proposal") %></p>
     <% @phases.each do |phase| %>
-      <div style="page-break-before:always;"></div> <!-- Page break before each phase, keeping cover sheet in mind -->
+      <div style="page-break-before:always;"></div> <!-- Page break before each phase -->
       <h1><%= phase.title %></h1>
       <% Section.where(phase_id: phase.id, id: @a_s_ids).order(:number).each do |section| %>
         <h2><%= section.title %></h2>
@@ -65,4 +76,4 @@
       <% end %>
     <% end %>
   </body>
-</html>
\ No newline at end of file
+</html>

From b35fd25a4166d9ccfe0488e8ff59c7cfae413bc4 Mon Sep 17 00:00:00 2001
From: xsrust <xsrust@gmail.com>
Date: Wed, 26 Jul 2017 09:50:18 +0100
Subject: [PATCH 4/7] created template pdf pages, moved public pages to new
 controller, revised auth for public pages

---
 app/controllers/plans_controller.rb           |  68 +---------
 app/controllers/public_pages_controller.rb    | 120 ++++++++++++++++++
 app/controllers/templates_controller.rb       |   2 +-
 app/policies/public_page_policy.rb            |  24 ++++
 app/policies/template_policy.rb               |   6 +-
 app/views/layouts/_navigation.html.erb        |  17 ++-
 .../plan_export.pdf.erb}                      |   6 +-
 .../plan_index.html.erb}                      |  10 +-
 .../public_pages/template_export.docx.erb     |  30 +++++
 .../public_pages/template_export.pdf.erb      |  52 ++++++++
 .../public_pages/template_index.html.erb      |  45 +++++++
 app/views/templates/export.pdf.erb            |  23 ----
 config/routes.rb                              |   6 +-
 13 files changed, 300 insertions(+), 109 deletions(-)
 create mode 100644 app/controllers/public_pages_controller.rb
 create mode 100644 app/policies/public_page_policy.rb
 rename app/views/{plans/public_export.pdf.erb => public_pages/plan_export.pdf.erb} (94%)
 rename app/views/{plans/public_index.html.erb => public_pages/plan_index.html.erb} (89%)
 create mode 100644 app/views/public_pages/template_export.docx.erb
 create mode 100644 app/views/public_pages/template_export.pdf.erb
 create mode 100644 app/views/public_pages/template_index.html.erb
 delete mode 100644 app/views/templates/export.pdf.erb

diff --git a/app/controllers/plans_controller.rb b/app/controllers/plans_controller.rb
index ecfd265bd5..0f4d59b8b3 100644
--- a/app/controllers/plans_controller.rb
+++ b/app/controllers/plans_controller.rb
@@ -2,19 +2,13 @@ class PlansController < ApplicationController
   require 'pp'
   helper SettingsTemplateHelper
 
-  after_action :verify_authorized, except: ['public_index']
+  after_action :verify_authorized
 
   def index
     authorize Plan
     @plans = current_user.active_plans
   end
 
-  # GET /plans/public_index
-  # ------------------------------------------------------------------------------------
-  def public_index
-    @plans = Plan.publicly_visible
-  end
-
   # GET /plans/new
   # ------------------------------------------------------------------------------------
   def new
@@ -288,67 +282,7 @@ def export
     end
   end
 
-  # GET /plans/[:plan_id]/public_export
-  # -------------------------------------------------------------
-  def public_export
-    @plan = Plan.find(params[:id])
-    authorize @plan
-    # This creates exported_plans with no user.
-    # Note for reviewers, The ExportedPlan model actually serves no purpose, except
-    # to store preferences for PDF export.  These preferences could be moved into
-    # the prefs table for individual users, and a more semsible structure implimented
-    # to track the exports & formats(html/pdf/ect) of users.
-    @exported_plan = ExportedPlan.new.tap do |ep|
-      ep.plan = @plan
-      ep.phase_id = @plan.phases.first.id
-      ep.format = :pdf
-      plan_settings = @plan.settings(:export)
-
-      Settings::Template::DEFAULT_SETTINGS.each do |key, value|
-        ep.settings(:export).send("#{key}=", plan_settings.send(key))
-      end
-    end
-    # need to determine which phases to export
-    @a_q_ids = Answer.where(plan_id: @plan.id).pluck(:question_id).uniq
-    @a_s_ids = Question.where(id: @a_q_ids).pluck(:section_id).uniq
-    a_p_ids = Section.where(id: @a_s_ids).pluck(:phase_id).uniq
-    @phases = Phase.includes(sections: :questions).where(id: a_p_ids).order(:number)
-    # name of owner and any co-owners
-    @creator_text = @plan.owner.name(false)
-    @plan.roles.administrator.not_creator.each do |co_owner|
-      @creator_text += ", " + co_owner.name(false)
-    end
-    # Org name of plan owner
-    @affiliation = @plan.owner.org.name
-    # set the funder name
-    @funder = @plan.template.org.funder? ? @plan.template.org.name : nil
-    # set the template name and customizer name if applicable
-    @template = @plan.template.title
-    @customizer = @plan.template.customization_of.present? ? _(" Customised By: ") + @plan.template.org.name : ""
-
-
-    begin
-      @exported_plan.save!
-      file_name = @plan.title.gsub(/ /, "_")
 
-      respond_to do |format|
-        format.pdf do
-          @formatting = @plan.settings(:export).formatting
-          render pdf: file_name,
-            margin: @formatting[:margin],
-            footer: {
-              center:    _('This document was generated by %{application_name}') % {application_name: Rails.configuration.branding[:application][:name]},
-              font_size: 8,
-              spacing:   (@formatting[:margin][:bottom] / 2) - 4,
-              right:     '[page] of [topage]'
-            }
-        end
-      end
-    rescue ActiveRecord::RecordInvalid => e
-      @phase_options = @plan.phases.order(:number).pluck(:title,:id)
-      redirect_to show_export_plan_path(@plan), alert: _('Unable to download the DMP at this time.')
-    end
-  end
 
   def duplicate
     plan = Plan.find(params[:id])
diff --git a/app/controllers/public_pages_controller.rb b/app/controllers/public_pages_controller.rb
new file mode 100644
index 0000000000..3ffcb8e6cf
--- /dev/null
+++ b/app/controllers/public_pages_controller.rb
@@ -0,0 +1,120 @@
+class PublicPagesController < ApplicationController
+  after_action :verify_authorized
+
+  # GET template_index
+  # -----------------------------------------------------
+  def template_index
+    authorize :public_page
+    template_ids = Template.where(org_id: Org.funders.pluck(:id)).valid.pluck(:dmptemplate_id).uniq << Template.where(is_default: true).pluck(:dmptemplate_id)
+    @templates = []
+    template_ids.each do |tid|
+      t = Template.live(tid)
+      @templates << t unless t.nil?
+    end
+  end
+
+  # GET template_export/:id
+  # -----------------------------------------------------
+  def template_export
+    # only export live templates, id passed is dmptemplate_id
+    @template = Template.live(params[:id])
+    # covers authorization for this action.  Pundit dosent support passing objects into scoped policies
+    raise Pundit::NotAuthorizedError unless PublicPagePolicy.new( @template).template_export?
+    skip_authorization
+    # now with prefetching (if guidance is added, prefetch annottaions/guidance)
+    @template = Template.includes(:org, phases: {sections:{questions:[:question_options, :question_format]}}).find(@template.id)
+
+    begin
+      file_name = @template.title.gsub(/ /, "_")
+      respond_to do |format|
+        format.docx { render docx: 'template_export', filename: "#{file_name}.docx" }
+        format.pdf do
+          @formatting = Settings::Template::DEFAULT_SETTINGS[:formatting]
+          render pdf: file_name,
+          margin: @formatting[:margin],
+          footer: {
+            center:    _('This document was generated by %{application_name}') % {application_name: Rails.configuration.branding[:application][:name]},
+            font_size: 8,
+            spacing:   (@formatting[:margin][:bottom] / 2) - 4,
+            right:     '[page] of [topage]'
+          }
+        end
+      end
+    rescue ActiveRecord::RecordInvalid => e  # What scenario is this triggered in? it's common to our export pages
+      #send back to public_index page
+      redirect_to template_index_path, alert: _('Unable to download the DMP Template at this time.')
+    end
+
+  end
+
+  # GET plan_export/:id
+  # -------------------------------------------------------------
+  def plan_export
+    @plan = Plan.find(params[:id])
+    # covers authorization for this action.  Pundit dosent support passing objects into scoped policies
+    raise Pundit::NotAuthorizedError unless PublicPagePolicy.new( @plan).plan_export?
+    skip_authorization
+    # This creates exported_plans with no user.
+    # Note for reviewers, The ExportedPlan model actually serves no purpose, except
+    # to store preferences for PDF export.  These preferences could be moved into
+    # the prefs table for individual users, and a more semsible structure implimented
+    # to track the exports & formats(html/pdf/ect) of users.
+    @exported_plan = ExportedPlan.new.tap do |ep|
+      ep.plan = @plan
+      ep.phase_id = @plan.phases.first.id
+      ep.format = :pdf
+      plan_settings = @plan.settings(:export)
+
+      Settings::Template::DEFAULT_SETTINGS.each do |key, value|
+        ep.settings(:export).send("#{key}=", plan_settings.send(key))
+      end
+    end
+    # need to determine which phases to export
+    @a_q_ids = Answer.where(plan_id: @plan.id).pluck(:question_id).uniq
+    @a_s_ids = Question.where(id: @a_q_ids).pluck(:section_id).uniq
+    a_p_ids = Section.where(id: @a_s_ids).pluck(:phase_id).uniq
+    @phases = Phase.includes(sections: :questions).where(id: a_p_ids).order(:number)
+    # name of owner and any co-owners
+    @creator_text = @plan.owner.name(false)
+    @plan.roles.administrator.not_creator.each do |co_owner|
+      @creator_text += ", " + co_owner.name(false)
+    end
+    # Org name of plan owner
+    @affiliation = @plan.owner.org.name
+    # set the funder name
+    @funder = @plan.template.org.funder? ? @plan.template.org.name : nil
+    # set the template name and customizer name if applicable
+    @template = @plan.template.title
+    @customizer = @plan.template.customization_of.present? ? _(" Customised By: ") + @plan.template.org.name : ""
+
+
+    begin
+      @exported_plan.save!
+      file_name = @plan.title.gsub(/ /, "_")
+
+      respond_to do |format|
+        format.pdf do
+          @formatting = @plan.settings(:export).formatting
+          render pdf: file_name,
+            margin: @formatting[:margin],
+            footer: {
+              center:    _('This document was generated by %{application_name}') % {application_name: Rails.configuration.branding[:application][:name]},
+              font_size: 8,
+              spacing:   (@formatting[:margin][:bottom] / 2) - 4,
+              right:     '[page] of [topage]'
+            }
+        end
+      end
+    rescue ActiveRecord::RecordInvalid => e
+      # send to the public_index page
+      redirect_to public_index_plan_path, alert: _('Unable to download the DMP at this time.')
+    end
+  end
+
+  # GET /plans_index
+  # ------------------------------------------------------------------------------------
+  def plan_index
+    authorize :public_page
+    @plans = Plan.publicly_visible
+  end
+end
diff --git a/app/controllers/templates_controller.rb b/app/controllers/templates_controller.rb
index c20380f9c6..4001bbeb1a 100644
--- a/app/controllers/templates_controller.rb
+++ b/app/controllers/templates_controller.rb
@@ -3,7 +3,7 @@
 # [+Copyright:+] Digital Curation Centre and University of California Curation Center
 
 class TemplatesController < ApplicationController
-  respond_to :html
+  #respond_to :html
   after_action :verify_authorized
 
   # GET /org/admin/templates/:id/admin_index
diff --git a/app/policies/public_page_policy.rb b/app/policies/public_page_policy.rb
new file mode 100644
index 0000000000..e4b237b0a7
--- /dev/null
+++ b/app/policies/public_page_policy.rb
@@ -0,0 +1,24 @@
+class PublicPagePolicy < ApplicationPolicy
+
+  def initialize( object)
+    # no requirement for users to be signed in here
+    @object = object
+  end
+
+  def plan_index?
+    true
+  end
+
+  def template_index?
+    true
+  end
+
+  def template_export?
+    @object.is_default || @object.org.funder?
+  end
+
+  def plan_export?
+    @object.publicly_visible?
+  end
+
+end
diff --git a/app/policies/template_policy.rb b/app/policies/template_policy.rb
index 006ed23170..6d524bce62 100644
--- a/app/policies/template_policy.rb
+++ b/app/policies/template_policy.rb
@@ -2,7 +2,7 @@ class TemplatePolicy < ApplicationPolicy
   attr_reader :user, :template
 
   def initialize(user, template)
-    raise Pundit::NotAuthorizedError, "must be logged in" unless user
+    raise Pundit::NotAuthorizedError, "must be logged in" unless user || template.is_default || template.org.funder?
     @user = user
     @template = template
   end
@@ -17,6 +17,10 @@ def admin_index?
     user.can_modify_templates?
   end
 
+  def admin_export?
+
+  end
+
   def admin_template?
     user.can_modify_templates?  &&  (template.org_id == user.org_id)
   end
diff --git a/app/views/layouts/_navigation.html.erb b/app/views/layouts/_navigation.html.erb
index 718f023a09..04d047e5f3 100644
--- a/app/views/layouts/_navigation.html.erb
+++ b/app/views/layouts/_navigation.html.erb
@@ -1,5 +1,5 @@
 <ul class="nav">
-  
+
   <li>
     <a class="dropdown left-indent" id="explore" href="#"><%= _('Explore') %> <span class="fa fa-sort-desc" style="color: inherit;"><span></a>
 
@@ -12,11 +12,14 @@
       <li <%= 'class=active' if isActivePage(public_plans_path) %>>
         <%= link_to _('Public DMPs'), public_plans_path %>
       </li>
+      <li <%= 'class=active' if isActivePage(public_templates_path) %>>
+        <%= link_to _('DMP Templates'), public_templates_path %>
+      </li>
     </ul>
   </li>
-  
+
   <% if user_signed_in? %>
-  
+
     <!-- Navigation for organisation admin -->
     <% if current_user.can_org_admin? && action_name.include?("admin_") %>
       <% if current_user.can_modify_templates? %>
@@ -31,7 +34,7 @@
       <% end %>
       <% if current_user.can_modify_org_details? %>
           <li <%= 'class=active' if isActivePage(admin_edit_org_path(current_user.org_id)) %>>
-            <%= link_to _('Organisation details'), admin_edit_org_path(current_user.org_id) %> 
+            <%= link_to _('Organisation details'), admin_edit_org_path(current_user.org_id) %>
           </li>
       <% end %>
       <% if current_user.can_grant_permissions? %>
@@ -55,10 +58,10 @@
       <%= link_to _('My Dashboard'), plans_path %>
     </li>
 
-    <% 
+    <%
     if current_user.can_org_admin? && !current_user.org_id.nil? && !action_name.include?("admin_")
       link = nil
-      
+
       if current_user.can_modify_org_details? && current_user.org.abbreviation.blank?
         link = admin_edit_org_path(current_user.org_id)
       elsif  current_user.can_modify_templates?
@@ -78,4 +81,4 @@
       </li>
     <% end %>
   <% end %>
-</ul>
\ No newline at end of file
+</ul>
diff --git a/app/views/plans/public_export.pdf.erb b/app/views/public_pages/plan_export.pdf.erb
similarity index 94%
rename from app/views/plans/public_export.pdf.erb
rename to app/views/public_pages/plan_export.pdf.erb
index d039149158..af374d6077 100644
--- a/app/views/plans/public_export.pdf.erb
+++ b/app/views/public_pages/plan_export.pdf.erb
@@ -28,13 +28,13 @@
     <% if @funder.present? %>
       <p><%= _("Funder: ") + @funder %></p>   <br>
     <% else %>
-      <p><%= _("Template: ") + @template + @customizer %></p>
+      <p><%= _("Template: ") + @template + @customizer %></p> <br>
     <% end %>
     <% if @plan.grant_number.present? %>
-      <p><%= _("Grant Number: ") + @plan.grant_number %></p>
+      <p><%= _("Grant Number: ") + @plan.grant_number %></p> <br>
     <% end %>
     <% if @plan.description.present? %>
-      <p><%= _("Description: ") + @plan.description %></p>
+      <p><%= _("Description: ") + @plan.description %></p> <br>
     <% end %>
     <p><%= _("Last Updated: ") + @plan.updated_at.to_date.to_s %></p> <br>
 
diff --git a/app/views/plans/public_index.html.erb b/app/views/public_pages/plan_index.html.erb
similarity index 89%
rename from app/views/plans/public_index.html.erb
rename to app/views/public_pages/plan_index.html.erb
index 5f0fdaeb4e..b3353fbcb1 100644
--- a/app/views/plans/public_index.html.erb
+++ b/app/views/public_pages/plan_index.html.erb
@@ -15,14 +15,14 @@
   </p>
 <% end %>
 
-<% if @plans.count > 0 %>    
+<% if @plans.count > 0 %>
 <div class="content">
   <table id="dmp_table" class="dmp_table tablesorter">
     <thead>
       <% if @plans.count > 10 %>
         <tr>
           <td colspan="5" class="td-as-th">
-            <%= render(partial: "shared/table_filter", 
+            <%= render(partial: "shared/table_filter",
                        locals: {path: public_plans_path, placeholder: _('Filter plans')}) %>
           </td>
         </tr>
@@ -43,8 +43,8 @@
           <td><%= (plan.owner.nil? || plan.owner.org.nil? ? _('Not Applicable') : plan.owner.org.name) %></td>
           <td><%= (plan.owner.nil? ? _('Unknown') : plan.owner.name(false)) %></td>
           <td class="dmp_td_medium centered">
-            <%= link_to _('PDF'), 
-                        public_export_path(plan, format: :pdf), 
+            <%= link_to _('PDF'),
+                        plan_export_path(plan, format: :pdf), 
                         class: "dmp_table_link" %>
           </td>
         </tr>
@@ -52,4 +52,4 @@
     </tbody>
   </table>
 </div>
-<% end %>
\ No newline at end of file
+<% end %>
diff --git a/app/views/public_pages/template_export.docx.erb b/app/views/public_pages/template_export.docx.erb
new file mode 100644
index 0000000000..b2932b6c72
--- /dev/null
+++ b/app/views/public_pages/template_export.docx.erb
@@ -0,0 +1,30 @@
+<div style="text-align:center;">
+  <h1><%= @template.title %></h1>
+  <p><em><%= _("A Data Management Plan created using ") + Rails.configuration.branding[:application][:name] + "." %></em></p>
+</div>
+<p><%= _("Organisation: ") + @template.org.name %></p> <br>
+<% if @template.description.present? %>
+  <p><%= _("Description: ")%><%= raw(@template.description)  %></p> <br>
+<% end %>
+<br style="page-break-before: always">
+
+<% @template.phases.each do |phase| %>
+  <!-- page break before each phase -->
+  <br style="page-break-before: always">
+  <h2><%= phase.title %></h2>
+  <% phase.sections.each do |section| %>
+    <h3><%= section.title %></h3>
+    <% section.questions.each do |question|%>
+      <p><%= raw question.text %></p>
+      <% q_format = question.question_format %>
+      <% if q_format.option_based? %>
+        <ul>
+          <% question.question_options.each do |option| %>
+            <li><%= option.text %></li>
+          <% end %>
+        </ul>
+      <% end %>
+      <br>
+    <% end %>
+  <% end %>
+<% end %>
diff --git a/app/views/public_pages/template_export.pdf.erb b/app/views/public_pages/template_export.pdf.erb
new file mode 100644
index 0000000000..3252a603e3
--- /dev/null
+++ b/app/views/public_pages/template_export.pdf.erb
@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+    <title>
+      <%= @template.title %>
+    </title>
+    <style>
+      html { font-family: <%= @formatting[:font_face].tr('"', '') -%>; font-size: <%= @formatting[:font_size] -%>pt; }
+        h1 { font-size: <%= @formatting[:font_size] + 2 -%>pt; font-face:bold; padding: 0;}
+        h2 { font-size: <%= @formatting[:font_size] + 1 -%>pt; font-face:bold; padding: 0; margin: 1em 0 0 0;}
+        h3 { font-size: <%= @formatting[:font_size] + 0 -%>pt; font-face:bold; padding: 0; margin: 1em 0 0 0;}
+        h2 + div.question > h3 { margin: 0; }
+        table, tr, td, th, tbody, thead, tfoot { page-break-inside: avoid !important; }
+        table { border-collapse: collapse; }
+        th, td { border: 1px solid black !important; padding: 2px; }
+        p { margin: 0.25em 0; }
+    </style>
+  </head>
+  <body>
+    <div style="text-align:center;">
+      <h1><%= @template.title %></h1>
+      <p><em><%= _("A Data Management Plan created using ") + Rails.configuration.branding[:application][:name] + "." %></em></p>
+    </div>
+    <br>
+    <p><%= _("Organisation: ") + @template.org.name %></p> <br>
+    <% if @template.description.present? %>
+      <p><%= _("Description: ")%><%= raw(@template.description)  %></p>
+    <% end %>
+
+    <% @template.phases.each do |phase| %>
+      <div style="page-break-before:always;"></div> <!-- Page break before each phase -->
+      <h1><%= phase.title %></h1>
+      <% phase.sections.each do |section| %>
+        <h2><%= section.title %></h2>
+        <% section.questions.each do |question| %>
+        <div class="question">
+          <h3><%= raw question.text %></h3>
+          <% q_format = question.question_format %>
+          <% if q_format.option_based? %>
+            <ul>
+            <% question.question_options.each do |option| %>
+              <li><%= option.text %></li>
+            <% end %>
+            </ul>
+          <% end %>
+        </div>
+        <% end %>
+      <% end %>
+    <% end %>
+  </body>
+</html>
diff --git a/app/views/public_pages/template_index.html.erb b/app/views/public_pages/template_index.html.erb
new file mode 100644
index 0000000000..903dcc8e89
--- /dev/null
+++ b/app/views/public_pages/template_index.html.erb
@@ -0,0 +1,45 @@
+<%- model_class = Template -%>
+
+<h1>
+  <%= raw _('DMP Templates') %>
+</h1>
+
+
+<% if @templates.count > 0 %>
+  <p><%= _('Templates are provided by a funder, an institution, or a trusted party.') %></p>
+<% else %>
+  <p><%= _('There are currently no public Templates.')%></p>
+<% end %>
+
+<% if @templates.count > 0 %>
+  <div class="content">
+  <table id="dmp_table" class="dmp_table tablesorter">
+    <thead>
+      <% if @templates.count > 10 %>
+        <tr>
+          <td colspan="5" class="td-as-th">
+            <%= render(partial: "shared/table_filter",
+                      locals: {path: public_templates_path, placeholder: _('Filter templates')}) %>
+          </td>
+        </tr>
+      <% end %>
+      <tr>
+        <th class="col-large"><%= _('Template Name') %></th>
+        <th class="col-large"><%= _('Organisation Name') %></th>
+        <th class="col-small sorter-false centered"><%= _('Download') %></th>
+      </tr>
+    </thead>
+    <tbody>
+      <% @templates.each do |template| %>
+        <tr class="table-data">
+          <td><%= template.title %></td>
+          <td><%= template.org.name %></td>
+          <td class="dmp_td_small centered">
+            <%= link_to _('DOCX'), template_export_path(template.dmptemplate_id, format: :docx) %>
+            <%= link_to _('PDF'), template_export_path(template.dmptemplate_id, format: :pdf) %>
+          </td>
+        </tr>
+      <% end %>
+  </table>
+  </div>
+<% end %>
diff --git a/app/views/templates/export.pdf.erb b/app/views/templates/export.pdf.erb
deleted file mode 100644
index 3726b39a6a..0000000000
--- a/app/views/templates/export.pdf.erb
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
-    <title>
-      <%= @template.title %>
-    </title>
-    <style>
-      html { font-family: <%= @formatting[:font_face].tr('"', '') -%>; font-size: <%= @formatting[:font_size] -%>pt; }
-        h1 { font-size: <%= @formatting[:font_size] + 2 -%>pt; font-face:bold; padding: 0;}
-        h2 { font-size: <%= @formatting[:font_size] + 1 -%>pt; font-face:bold; padding: 0; margin: 1em 0 0 0;}
-        h3 { font-size: <%= @formatting[:font_size] + 0 -%>pt; font-face:bold; padding: 0; margin: 1em 0 0 0;}
-        h2 + div.question > h3 { margin: 0; }
-        table, tr, td, th, tbody, thead, tfoot { page-break-inside: avoid !important; }
-        table { border-collapse: collapse; }
-        th, td { border: 1px solid black !important; padding: 2px; }
-        p { margin: 0.25em 0; }
-    </style>
-  </head>
-  <body>
-    <h1><%= @template.title %></h1>
-  </body>
-</html>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index defb261070..cdc56881bf 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -83,8 +83,10 @@
     get "help" => 'static_pages#help'
     get "roadmap" => 'static_pages#roadmap'
     get "terms" => 'static_pages#termsuse'
-    get "public_plans" => 'plans#public_index'
-    get "public_export/:id" => 'plans#public_export', as: 'public_export'
+    get "public_plans" => 'public_pages#plan_index'
+    get "public_templates" => 'public_pages#template_index'
+    get "template_export/:id" => 'public_pages#template_export', as: 'template_export'
+    get "plan_export/:id" => 'public_pages#plan_export', as: 'plan_export'
     get "existing_users" => 'existing_users#index'
 
     #post 'contact_form' => 'contacts', as: 'localized_contact_creation'

From 6cc9b7be2ebc864c4615557ccf5576ba8719c84f Mon Sep 17 00:00:00 2001
From: xsrust <xsrust@gmail.com>
Date: Wed, 26 Jul 2017 11:44:47 +0100
Subject: [PATCH 5/7] fixup plan and template policies

---
 app/policies/plan_policy.rb     |  8 ++------
 app/policies/template_policy.rb | 12 ++++--------
 2 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/app/policies/plan_policy.rb b/app/policies/plan_policy.rb
index 22fd1f9957..b3630bc07b 100644
--- a/app/policies/plan_policy.rb
+++ b/app/policies/plan_policy.rb
@@ -3,7 +3,7 @@ class PlanPolicy < ApplicationPolicy
   attr_reader :plan
 
   def initialize(user, plan)
-    raise Pundit::NotAuthorizedError, "must be logged in" unless user || plan.publicly_visible?
+    raise Pundit::NotAuthorizedError, "must be logged in" unless user
     @user = user
     @plan = plan
   end
@@ -43,7 +43,7 @@ def possible_templates?
   def duplicate?
     @plan.editable_by?(@user.id) && Role.find_by(user_id: @user.id, plan_id: @plan.id).active
   end
-  
+
   def visibility?
     @plan.administerable_by?(@user.id) && Role.find_by(user_id: @user.id, plan_id: @plan.id).active
   end
@@ -52,10 +52,6 @@ def set_test?
     @plan.administerable_by?(@user.id)&& Role.find_by(user_id: @user.id, plan_id: @plan.id).active
   end
 
-  def public_export?
-    @plan.publicly_visible?
-  end
-
   def answer?
     @plan.readable_by?(@user.id) && Role.find_by(user_id: @user.id, plan_id: @plan.id).active
   end
diff --git a/app/policies/template_policy.rb b/app/policies/template_policy.rb
index 6d524bce62..feb94b6414 100644
--- a/app/policies/template_policy.rb
+++ b/app/policies/template_policy.rb
@@ -2,7 +2,7 @@ class TemplatePolicy < ApplicationPolicy
   attr_reader :user, :template
 
   def initialize(user, template)
-    raise Pundit::NotAuthorizedError, "must be logged in" unless user || template.is_default || template.org.funder?
+    raise Pundit::NotAuthorizedError, "must be logged in" unless user
     @user = user
     @template = template
   end
@@ -17,22 +17,18 @@ def admin_index?
     user.can_modify_templates?
   end
 
-  def admin_export?
-
-  end
-
   def admin_template?
     user.can_modify_templates?  &&  (template.org_id == user.org_id)
   end
-  
+
   def admin_customize?
     user.can_modify_templates?
   end
-  
+
   def admin_publish?
     user.can_modify_templates?  &&  (template.org_id == user.org_id)
   end
-  
+
   def admin_unpublish?
     user.can_modify_templates?  &&  (template.org_id == user.org_id)
   end

From 04e4ffa7c3ad1f0959cf6d62c09ff36df3f50ce0 Mon Sep 17 00:00:00 2001
From: xsrust <xsrust@gmail.com>
Date: Wed, 26 Jul 2017 12:30:45 +0100
Subject: [PATCH 6/7] updated display logic on public plan pdf export #436

---
 app/controllers/public_pages_controller.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/controllers/public_pages_controller.rb b/app/controllers/public_pages_controller.rb
index 3ffcb8e6cf..63513c652c 100644
--- a/app/controllers/public_pages_controller.rb
+++ b/app/controllers/public_pages_controller.rb
@@ -85,7 +85,12 @@ def plan_export
     @funder = @plan.template.org.funder? ? @plan.template.org.name : nil
     # set the template name and customizer name if applicable
     @template = @plan.template.title
-    @customizer = @plan.template.customization_of.present? ? _(" Customised By: ") + @plan.template.org.name : ""
+    @customizer = ""
+    cust_questions = @plan.questions.where(modifiable: true).pluck(:id)
+    # if the template is customized, and has custom answered questions
+    if @plan.template.customization_of.present? && Answer.where(plan_id: @plan.id, question_id: cust_questions).present?
+      @customizer = _(" Customised By: ") + @plan.template.org.name
+    end
 
 
     begin

From 741c92e43c41418b07e6f0094aa1bb7162485546 Mon Sep 17 00:00:00 2001
From: xsrust <xsrust@gmail.com>
Date: Thu, 27 Jul 2017 12:26:41 +0100
Subject: [PATCH 7/7] forgot part of merge conflict

---
 app/controllers/plans_controller.rb | 25 -------------------------
 1 file changed, 25 deletions(-)

diff --git a/app/controllers/plans_controller.rb b/app/controllers/plans_controller.rb
index 212d0145c1..476c6cc389 100644
--- a/app/controllers/plans_controller.rb
+++ b/app/controllers/plans_controller.rb
@@ -282,31 +282,6 @@ def export
     end
   end
 
-<<<<<<< HEAD
-=======
-  # GET /plans/[:plan_slug]/public_export
-  # -------------------------------------------------------------
-  def public_export
-    @plan = Plan.find(params[:id])
-    authorize @plan
-    # If the plan has multiple phases we should export each
-    @exported_plan = ExportedPlan.new.tap do |ep|
-      ep.plan = @plan
-      ep.phase_id = @plan.phases.first.id
-      ep.format = :pdf
-      plan_settings = @plan.settings(:export)
-
-      Settings::Template::DEFAULT_SETTINGS.each do |key, value|
-        ep.settings(:export).send("#{key}=", plan_settings.send(key))
-      end
-    end
-    # need to determine which phases to export
-    @a_q_ids = Answer.where(plan_id: @plan.id).pluck(:question_id).uniq
-    @a_s_ids = Question.where(id: @a_q_ids).pluck(:section_id).uniq
-    a_p_ids = Section.where(id: @a_s_ids).pluck(:phase_id).uniq
-    @phases = Phase.includes(sections: :questions).where(id: a_p_ids).order(:number)
->>>>>>> upstream/CDL-MVP
-
 
   def duplicate
     plan = Plan.find(params[:id])