Merge branch 'master' into oct-2021-release

Author: drusepth

Gemfile

@@ -42,7 +42,6 @@ gem 'paranoia'
 # Javascript
 gem 'coffee-rails'
 gem 'rails-jquery-autocomplete'
-gem 'animate-rails'
 gem 'webpacker'
 gem 'react-rails'
 

Gemfile.lock

@@ -108,8 +108,6 @@ GEM
       activerecord (>= 4.2)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    animate-rails (1.0.10)
-      rails
     authority (3.3.0)
       activesupport (>= 3.0.0)
     autoprefixer-rails (9.8.4)
@@ -1629,7 +1627,6 @@ PLATFORMS
 DEPENDENCIES
   active_storage_validations
   acts_as_list
-  animate-rails
   authority
   aws-sdk (~> 3.1)
   aws-sdk-s3

app/assets/stylesheets/application.css

@@ -13,7 +13,6 @@
  *= require font-awesome
  *= require medium-editor/medium-editor
  *= require medium-editor/themes/beagle
- *= require animate
  *= require tribute
  *= require_tree .
 */

app/assets/stylesheets/layout.scss

@@ -9,4 +9,5 @@
 .card-panel-title {
   font-size: 1.3em;
   font-weight: bold;
+  margin-top: 0.5em;
 }

app/authorizers/content_page_authorizer.rb

@@ -0,0 +1,48 @@
+class ContentPageAuthorizer < CoreContentAuthorizer
+  def self.creatable_by?(user)
+    return false unless user.present?
+    return false if ENV.key?('CONTENT_BLACKLIST') && ENV['CONTENT_BLACKLIST'].split(',').include?(user.email)
+
+    if resource.page_type == 'Universe'
+      return true if PermissionService.user_has_fewer_owned_universes_than_plan_limit?(user: user)
+
+    else
+      is_premium_page = Rails.application.config.content_types[:premium].include?(resource.page_type)
+      return true if !is_premium_page
+      return true if is_premium_page && PermissionService.user_is_on_premium_plan?(user: user)
+    end
+
+    return false
+  end
+
+  def readable_by?(user)
+    return true if PermissionService.content_is_public?(content: resource)
+    return true if PermissionService.user_owns_content?(user: user, content: resource)
+
+    if resource.page_type == 'Universe'
+      return true if PermissionService.user_can_contribute_to_universe?(user: user, universe: resource)
+    else
+      return true if PermissionService.user_can_contribute_to_containing_universe?(user: user, content: resource)
+    end
+
+    return false
+  end
+
+  def updatable_by?(user)
+    return true if PermissionService.user_owns_content?(user: user, content: resource)
+    
+    if resource.page_type == 'Universe'
+      return true if PermissionService.user_can_contribute_to_universe?(user: user, universe: resource)
+    else
+      return true if PermissionService.user_can_contribute_to_containing_universe?(user: user, content: resource)
+    end
+
+    return false
+  end
+
+  def deletable_by?(user)
+    [
+      PermissionService.user_owns_content?(user: user, content: resource)
+    ].any?
+  end
+end

app/authorizers/document_authorizer.rb

@@ -7,6 +7,7 @@ def self.creatable_by?(user)
 
   def readable_by?(user)
     return true if user && resource.user_id == user.id
+    return true if user && user.site_administrator?
     return true if resource.privacy == 'public'
     return true if resource.universe.present? && resource.universe.privacy == 'public'
     return true if user && resource.universe.present? && resource.universe.contributors.pluck(:user_id).include?(user.id)

app/controllers/application_controller.rb

@@ -1,11 +1,11 @@
+# frozen_string_literal: true
 class ApplicationController < ActionController::Base
   protect_from_forgery
 
   before_action :set_universe_session
   before_action :set_universe_scope
 
   before_action :cache_most_used_page_information
-  before_action :cache_forums_unread_counts
 
   before_action :set_metadata
 
@@ -27,7 +27,7 @@ def set_universe_session
         session.delete(:universe_id)
       elsif params[:universe].is_a?(String) && params[:universe].to_i.to_s == params[:universe]
         found_universe = Universe.find_by(id: params[:universe])
-        found_universe = nil unless current_user.universes.include?(found_universe) || current_user.contributable_universes.include?(found_universe)
+        found_universe = nil unless found_universe.user_id == current_user.id || found_universe.contributors.pluck(:user_id).include?(current_user.id)
         session[:universe_id] = found_universe.id if found_universe
       end
     end
@@ -36,52 +36,116 @@ def set_universe_session
   def set_universe_scope
     if user_signed_in? && session.key?(:universe_id)
       @universe_scope = Universe.find_by(id: session[:universe_id])
-      @universe_scope = nil unless current_user.universes.include?(@universe_scope) || current_user.contributable_universes.include?(@universe_scope)
+
+      if @universe_scope && @universe_scope.user_id != current_user.try(:id)
+        # Verify the current user has access to this universe by looking up their
+        # universe contributorship
+        contributorship = Contributor.find_by(
+          user:     current_user,
+          universe: @universe_scope
+        )
+
+        if contributorship.nil?
+          # If the user doesn't have current contributor access to this universe,
+          # then revert back to unscoped universe actions
+          @universe_scope = nil
+        end
+      end
+
     else
       @universe_scope = nil
     end
   end
 
-  # Cache some super-common stuff we need for every page. For example, content lists for the side nav.
+  # Cache some super-common stuff we need for every page. For example, content lists for the side nav. This is a catch-all for most pages that render
+  # UI, but methods are also free to skip this filter and call the individual cache methods they need instead.
   def cache_most_used_page_information
+    return unless user_signed_in?
+
+    cache_activated_content_types
+    cache_current_user_content
+    cache_notifications
+    cache_recently_edited_pages
+    cache_forums_unread_counts
+  end
+
+  def cache_activated_content_types
+    @activated_content_types ||= if user_signed_in?
+      (
+        # Use config to dictate order, but AND to only include what a user has turned on
+        Rails.application.config.content_type_names[:all] & current_user.user_content_type_activators.pluck(:content_type)
+      )
+    else
+      []
+    end
+  end
+
+  def cache_current_user_content
+    return if @current_user_content
+
     @current_user_content = {}
     return unless user_signed_in?
 
-    @activated_content_types = (
-      Rails.application.config.content_types[:all].map(&:name) & # Use config to dictate order, but AND to only include what a user has turned on
-      current_user.user_content_type_activators.pluck(:content_type)
-    )
+    cache_activated_content_types
 
     # We always want to cache Universes, even if they aren't explicitly turned on.
-    @current_user_content = current_user.content(content_types: @activated_content_types + ['Universe'], universe_id: @universe_scope.try(:id))
+    @current_user_content = current_user.content(
+      content_types: @activated_content_types + [Universe.name], 
+      universe_id:   @universe_scope.try(:id)
+    )
 
     # Likewise, we should also always cache Timelines & Documents
     if @universe_scope
       @current_user_content['Timeline'] = current_user.timelines.where(universe_id: @universe_scope.try(:id)).to_a
-      @current_user_content['Document'] = current_user.linkable_documents.includes([:user]).where(universe_id: @universe_scope.try(:id)).order('updated_at DESC').to_a
+      @current_user_content['Document'] = current_user.documents.where(universe_id: @universe_scope.try(:id)).order('updated_at DESC').to_a
     else
       @current_user_content['Timeline'] = current_user.timelines.to_a
-      @current_user_content['Document'] = current_user.linkable_documents.includes([:user]).order('updated_at DESC').to_a
+      @current_user_content['Document'] = current_user.documents.order('updated_at DESC').to_a
+    end
+  end
+
+  def cache_notifications
+    @user_notifications ||= if user_signed_in?
+      current_user.notifications.order('happened_at DESC').limit(100)
+    else
+      []
     end
+  end
 
-    # Fetch notifications
-    @user_notifications = current_user.notifications.order('happened_at DESC').limit(100)
+  def cache_recently_created_pages(amount=50)
+    cache_current_user_content
 
-    # Cache recently-edited pages
-    @recently_edited_pages = @current_user_content.values.flatten
-      .sort_by(&:updated_at)
-      .last(50)
-      .reverse
+    @recently_created_pages = if user_signed_in?
+      @current_user_content.values.flatten
+        .sort_by(&:created_at)
+        .last(amount)
+        .reverse
+    else
+      []
+    end
+  end
+
+  def cache_recently_edited_pages(amount=50)
+    cache_current_user_content
+
+    @recently_edited_pages ||= if user_signed_in?
+      @current_user_content.values.flatten
+        .sort_by(&:updated_at)
+        .last(amount)
+        .reverse
+    else
+      []
+    end
   end
 
   def cache_forums_unread_counts
-    @unread_threads = if user_signed_in?
+    @unread_threads ||= if user_signed_in?
       Thredded::Topic.unread_followed_by(current_user).count
     else
       0
     end
 
-    @unread_private_messages = if user_signed_in?
+    @unread_private_messages ||= if user_signed_in?
       Thredded::PrivateTopic
         .for_user(current_user)
         .unread(current_user)
@@ -91,33 +155,60 @@ def cache_forums_unread_counts
     end
   end
 
-  def cache_linkable_content_for_each_content_type
-    linkable_classes = Rails.application.config.content_types[:all].map(&:name) & current_user.user_content_type_activators.pluck(:content_type)
-    linkable_classes += %w(Document Timeline)
+  def cache_contributable_universe_ids
+    cache_current_user_content
 
-    @linkables_cache = {}
-    @linkables_raw   = {}
-    linkable_classes.each do |class_name|
-      # class_name = "Character"
+    @contributable_universe_ids ||= if user_signed_in?
+      current_user.contributable_universe_ids + @current_user_content.fetch('Universe', []).map(&:id)
+    else
+      []
+    end
+  end
 
-      @linkables_cache[class_name] = current_user
-        .send("linkable_#{class_name.downcase.pluralize}")
-        .in_universe(@universe_scope)
+  def cache_linkable_content_for_each_content_type
+    cache_contributable_universe_ids
+    cache_current_user_content
+    
+    linkable_classes = @activated_content_types
+    linkable_classes += %w(Document Timeline)
 
-      if @content.present? && @content.persisted?
-        @linkables_cache[class_name] = @linkables_cache[class_name]
-          .in_universe(@content.universe)
-          .reject { |content| content.class.name == class_name && content.id == @content.id }
+    @linkables_cache = {} # Cache is list of [[page_name, page_id], [page_name, page_id], ...]
+    @linkables_raw   = {} # Raw is list of objects [#{page}, #{page}, ...]
+
+    @current_user_content.each do |page_type, content_list|
+      # We already have our own list of content by the current user in @current_user_content,
+      # so all we need to grab is additional pages in contributable universes
+      @linkables_raw[page_type] = @current_user_content[page_type]
+
+      if !@universe_scope && @contributable_universe_ids.any?
+        existing_page_ids = @linkables_raw[page_type].map(&:id)
+
+        pages_to_add = if page_type == Universe.name
+          page_type.constantize.where(id: @contributable_universe_ids)
+                               .where.not(id: existing_page_ids)
+        else
+          page_type.constantize.where(universe_id: @contributable_universe_ids)
+                               .where.not(id: existing_page_ids)
+        end
+
+        filtered_fields = ContentPage.polymorphic_content_fields.map(&:to_s)
+        filtered_fields.push 'universe_id' unless page_type == Universe.name
+        pages_to_add.each do |page_data|
+          filtered_page_data = page_data.attributes.slice(*filtered_fields)
+          @linkables_raw[page_type].push ContentPage.new(filtered_page_data)
+        end
       end
 
-      @linkables_raw[class_name] = @linkables_cache[class_name]
-        .sort_by { |p| p.name.downcase }
-        .compact
+      # We can't properly display or @-mention content without a name set, so we explicitly
+      # reject it here. However, this is a bit of a code-smell: why is there content without
+      # a name set?
+      @linkables_raw[page_type].reject!  { |page| page.name.nil? }
+
+      # Finally, we want to sort our linkables cache once so we don't have to sort it again
+      @linkables_raw[page_type].sort_by! { |page| page.name.downcase }.compact!
 
-      @linkables_cache[class_name] = @linkables_cache[class_name]
-        .sort_by { |p| p.name.downcase }
-        .map { |c| [c.name, c.id] }
-        .compact
+      # Lastly, build our name/id cache as well
+      @linkables_cache[page_type] = @linkables_raw[page_type].map { |page| [page.name, page.id] }
     end
   end
 end