Xsrust/mvp #436, #158

app/controllers/plans_controller.rb

@@ -2,19 +2,13 @@ class PlansController < ApplicationController
   require 'pp'
   helper SettingsTemplateHelper
 
-  after_action :verify_authorized, except: ['public_index']
+  after_action :verify_authorized
 
   def index
     authorize Plan
     @plans = current_user.active_plans
   end
 
-  # GET /plans/public_index
-  # ------------------------------------------------------------------------------------
-  def public_index
-    @plans = Plan.publicly_visible
-  end
-
   # GET /plans/new
   # ------------------------------------------------------------------------------------
   def new
@@ -38,13 +32,13 @@ def new
   def create
     @plan = Plan.new
     authorize @plan
-    
+
     @plan.principal_investigator = current_user.surname.blank? ? nil : "#{current_user.firstname} #{current_user.surname}"
     @plan.principal_investigator_email = current_user.email
-    
+
     orcid = current_user.identifier_for(IdentifierScheme.find_by(name: 'orcid'))
     @plan.principal_investigator_identifier = orcid.identifier unless orcid.nil?
-    
+
     @plan.funder_name = plan_params[:funder_name]
 
     @plan.visibility = (plan_params['visibility'].blank? ? Rails.application.config.default_plan_visibility :
@@ -127,7 +121,7 @@ def show
     @all_guidance_groups = @plan.get_guidance_group_options
     @all_ggs_grouped_by_org = @all_guidance_groups.sort.group_by(&:org)
     @selected_guidance_groups = @plan.guidance_groups
-    
+
     # Important ones come first on the page - we grab the user's org's GGs and "Organisation" org type GGs
     @important_ggs = []
     @important_ggs << [current_user.org, @all_ggs_grouped_by_org.delete(current_user.org)]
@@ -136,7 +130,7 @@ def show
         @important_ggs << [org,ggs]
         @all_ggs_grouped_by_org.delete(org)
       end
-      
+
       # If this is one of the already selected guidance groups its important!
       if !(ggs & @selected_guidance_groups).empty?
         @important_ggs << [org,ggs] unless @important_ggs.include?([org,ggs])
@@ -148,7 +142,7 @@ def show
     @important_ggs = @important_ggs.sort_by{|org,gg| (org.nil? ? '' : org.name)}
     @all_ggs_grouped_by_org = @all_ggs_grouped_by_org.sort_by {|org,gg| (org.nil? ? '' : org.name)}
     @selected_guidance_groups = @selected_guidance_groups.collect{|gg| gg.id}
-    
+
     @based_on = (@plan.template.customization_of.nil? ? @plan.template : Template.where(dmptemplate: @plan.template.customization_of).first)
 
     respond_to :html
@@ -175,7 +169,7 @@ def update
       end
     end
   end
-  
+
   def share
     @plan = Plan.find(params[:id])
     authorize @plan
@@ -288,50 +282,6 @@ def export
     end
   end
 
-  # GET /plans/[:plan_slug]/public_export
-  # -------------------------------------------------------------
-  def public_export
-    @plan = Plan.find(params[:id])
-    authorize @plan
-    # If the plan has multiple phases we should export each
-    @exported_plan = ExportedPlan.new.tap do |ep|
-      ep.plan = @plan
-      ep.phase_id = @plan.phases.first.id
-      ep.format = :pdf
-      plan_settings = @plan.settings(:export)
-
-      Settings::Template::DEFAULT_SETTINGS.each do |key, value|
-        ep.settings(:export).send("#{key}=", plan_settings.send(key))
-      end
-    end
-    # need to determine which phases to export
-    @a_q_ids = Answer.where(plan_id: @plan.id).pluck(:question_id).uniq
-    @a_s_ids = Question.where(id: @a_q_ids).pluck(:section_id).uniq
-    a_p_ids = Section.where(id: @a_s_ids).pluck(:phase_id).uniq
-    @phases = Phase.includes(sections: :questions).where(id: a_p_ids).order(:number)
-
-    begin
-      @exported_plan.save!
-      file_name = @plan.title.gsub(/ /, "_")
-
-      respond_to do |format|
-        format.pdf do
-          @formatting = @plan.settings(:export).formatting
-          render pdf: file_name,
-            margin: @formatting[:margin],
-            footer: {
-              center:    _('This document was generated by %{application_name}') % {application_name: Rails.configuration.branding[:application][:name]},
-              font_size: 8,
-              spacing:   (@formatting[:margin][:bottom] / 2) - 4,
-              right:     '[page] of [topage]'
-            }
-        end
-      end
-    rescue ActiveRecord::RecordInvalid => e
-      @phase_options = @plan.phases.order(:number).pluck(:title,:id)
-      redirect_to show_export_plan_path(@plan), alert: _('Unable to download the DMP at this time.')
-    end
-  end
 
   def duplicate
     plan = Plan.find(params[:id])
@@ -350,7 +300,7 @@ def duplicate
       end
     end
   end
-  
+
   # AJAX access to update the plan's visibility
   # POST /plans/:id
   def visibility
@@ -363,7 +313,7 @@ def visibility
       render status: :bad_request, json: {msg: _("Unable to change the plan's status")}
     end
   end
-  
+
   def set_test
     plan = Plan.find(params[:id])
     authorize plan
@@ -374,7 +324,7 @@ def set_test
       render status: :bad_request, json: {msg: _("Unable to change the plan's test status")}
     end
   end
-  
+
 
   private
 
@@ -403,7 +353,7 @@ def save_guidance_selections(guidance_group_ids)
     end
     @plan.save
   end
-  
+
 
   # different versions of the same template have the same dmptemplate_id
   # but different version numbers so for each set of templates with the

app/controllers/public_pages_controller.rb

@@ -0,0 +1,125 @@
+class PublicPagesController < ApplicationController
+  after_action :verify_authorized
+
+  # GET template_index
+  # -----------------------------------------------------
+  def template_index
+    authorize :public_page
+    template_ids = Template.where(org_id: Org.funders.pluck(:id)).valid.pluck(:dmptemplate_id).uniq << Template.where(is_default: true).pluck(:dmptemplate_id)
+    @templates = []
+    template_ids.each do |tid|
+      t = Template.live(tid)
+      @templates << t unless t.nil?
+    end
+  end
+
+  # GET template_export/:id
+  # -----------------------------------------------------
+  def template_export
+    # only export live templates, id passed is dmptemplate_id
+    @template = Template.live(params[:id])
+    # covers authorization for this action.  Pundit dosent support passing objects into scoped policies
+    raise Pundit::NotAuthorizedError unless PublicPagePolicy.new( @template).template_export?
+    skip_authorization
+    # now with prefetching (if guidance is added, prefetch annottaions/guidance)
+    @template = Template.includes(:org, phases: {sections:{questions:[:question_options, :question_format]}}).find(@template.id)
+
+    begin
+      file_name = @template.title.gsub(/ /, "_")
+      respond_to do |format|
+        format.docx { render docx: 'template_export', filename: "#{file_name}.docx" }
+        format.pdf do
+          @formatting = Settings::Template::DEFAULT_SETTINGS[:formatting]
+          render pdf: file_name,
+          margin: @formatting[:margin],
+          footer: {
+            center:    _('This document was generated by %{application_name}') % {application_name: Rails.configuration.branding[:application][:name]},
+            font_size: 8,
+            spacing:   (@formatting[:margin][:bottom] / 2) - 4,
+            right:     '[page] of [topage]'
+          }
+        end
+      end
+    rescue ActiveRecord::RecordInvalid => e  # What scenario is this triggered in? it's common to our export pages
+      #send back to public_index page
+      redirect_to template_index_path, alert: _('Unable to download the DMP Template at this time.')
+    end
+
+  end
+
+  # GET plan_export/:id
+  # -------------------------------------------------------------
+  def plan_export
+    @plan = Plan.find(params[:id])
+    # covers authorization for this action.  Pundit dosent support passing objects into scoped policies
+    raise Pundit::NotAuthorizedError unless PublicPagePolicy.new( @plan).plan_export?
+    skip_authorization
+    # This creates exported_plans with no user.
+    # Note for reviewers, The ExportedPlan model actually serves no purpose, except
+    # to store preferences for PDF export.  These preferences could be moved into
+    # the prefs table for individual users, and a more semsible structure implimented
+    # to track the exports & formats(html/pdf/ect) of users.
+    @exported_plan = ExportedPlan.new.tap do |ep|
+      ep.plan = @plan
+      ep.phase_id = @plan.phases.first.id
+      ep.format = :pdf
+      plan_settings = @plan.settings(:export)
+
+      Settings::Template::DEFAULT_SETTINGS.each do |key, value|
+        ep.settings(:export).send("#{key}=", plan_settings.send(key))
+      end
+    end
+    # need to determine which phases to export
+    @a_q_ids = Answer.where(plan_id: @plan.id).pluck(:question_id).uniq
+    @a_s_ids = Question.where(id: @a_q_ids).pluck(:section_id).uniq
+    a_p_ids = Section.where(id: @a_s_ids).pluck(:phase_id).uniq
+    @phases = Phase.includes(sections: :questions).where(id: a_p_ids).order(:number)
+    # name of owner and any co-owners
+    @creator_text = @plan.owner.name(false)
+    @plan.roles.administrator.not_creator.each do |co_owner|
+      @creator_text += ", " + co_owner.name(false)
+    end
+    # Org name of plan owner
+    @affiliation = @plan.owner.org.name
+    # set the funder name
+    @funder = @plan.template.org.funder? ? @plan.template.org.name : nil
+    # set the template name and customizer name if applicable
+    @template = @plan.template.title
+    @customizer = ""
+    cust_questions = @plan.questions.where(modifiable: true).pluck(:id)
+    # if the template is customized, and has custom answered questions
+    if @plan.template.customization_of.present? && Answer.where(plan_id: @plan.id, question_id: cust_questions).present?
+      @customizer = _(" Customised By: ") + @plan.template.org.name
+    end
+
+
+    begin
+      @exported_plan.save!
+      file_name = @plan.title.gsub(/ /, "_")
+
+      respond_to do |format|
+        format.pdf do
+          @formatting = @plan.settings(:export).formatting
+          render pdf: file_name,
+            margin: @formatting[:margin],
+            footer: {
+              center:    _('This document was generated by %{application_name}') % {application_name: Rails.configuration.branding[:application][:name]},
+              font_size: 8,
+              spacing:   (@formatting[:margin][:bottom] / 2) - 4,
+              right:     '[page] of [topage]'
+            }
+        end
+      end
+    rescue ActiveRecord::RecordInvalid => e
+      # send to the public_index page
+      redirect_to public_index_plan_path, alert: _('Unable to download the DMP at this time.')
+    end
+  end
+
+  # GET /plans_index
+  # ------------------------------------------------------------------------------------
+  def plan_index
+    authorize :public_page
+    @plans = Plan.publicly_visible
+  end
+end

app/controllers/templates_controller.rb

@@ -3,7 +3,7 @@
 # [+Copyright:+] Digital Curation Centre and University of California Curation Center
 
 class TemplatesController < ApplicationController
-  respond_to :html
+  #respond_to :html
   after_action :verify_authorized
 
   # GET /org/admin/templates/:id/admin_index

app/policies/plan_policy.rb

@@ -43,7 +43,7 @@ def possible_templates?
   def duplicate?
     @plan.editable_by?(@user.id) && Role.find_by(user_id: @user.id, plan_id: @plan.id).active
   end
-  
+
   def visibility?
     @plan.administerable_by?(@user.id) && Role.find_by(user_id: @user.id, plan_id: @plan.id).active
   end
@@ -52,10 +52,6 @@ def set_test?
     @plan.administerable_by?(@user.id)&& Role.find_by(user_id: @user.id, plan_id: @plan.id).active
   end
 
-  def public_export?
-    @plan.publicly_visible?
-  end
-
   def answer?
     @plan.readable_by?(@user.id) && Role.find_by(user_id: @user.id, plan_id: @plan.id).active
   end

app/policies/public_page_policy.rb

@@ -0,0 +1,24 @@
+class PublicPagePolicy < ApplicationPolicy
+
+  def initialize( object)
+    # no requirement for users to be signed in here
+    @object = object
+  end
+
+  def plan_index?
+    true
+  end
+
+  def template_index?
+    true
+  end
+
+  def template_export?
+    @object.is_default || @object.org.funder?
+  end
+
+  def plan_export?
+    @object.publicly_visible?
+  end
+
+end

app/policies/template_policy.rb

@@ -20,15 +20,15 @@ def admin_index?
   def admin_template?
     user.can_modify_templates?  &&  (template.org_id == user.org_id)
   end
-  
+
   def admin_customize?
     user.can_modify_templates?
   end
-  
+
   def admin_publish?
     user.can_modify_templates?  &&  (template.org_id == user.org_id)
   end
-  
+
   def admin_unpublish?
     user.can_modify_templates?  &&  (template.org_id == user.org_id)
   end