From e9d33b625a8843f9fb9a20015b36045a4e7ba010 Mon Sep 17 00:00:00 2001 From: f Date: Tue, 25 Apr 2023 14:51:54 -0300 Subject: [PATCH 1/3] =?UTF-8?q?feat:=20encontrar=20el=20post=20a=20partir?= =?UTF-8?q?=20de=20su=20indexaci=C3=B3n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/models/indexed_post.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/app/models/indexed_post.rb b/app/models/indexed_post.rb index 7f6865f6..184cd05f 100644 --- a/app/models/indexed_post.rb +++ b/app/models/indexed_post.rb @@ -36,6 +36,15 @@ class IndexedPost < ApplicationRecord belongs_to :site + # Encuentra el post original + # + # @return [nil,Post] + def post + return if post_id.blank? + + @post ||= site.posts(lang: locale).find(post_id, uuid: true) + end + # Convertir locale a direccionario de PG # # @param [String,Symbol] From f38251af7a30ca65848c68971fe6aad10a7ef074 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 26 Apr 2023 15:15:56 -0300 Subject: [PATCH 2/3] fix: permisos para posts indexados #13266 --- app/policies/indexed_post_policy.rb | 66 +++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 app/policies/indexed_post_policy.rb diff --git a/app/policies/indexed_post_policy.rb b/app/policies/indexed_post_policy.rb new file mode 100644 index 00000000..e0151c7a --- /dev/null +++ b/app/policies/indexed_post_policy.rb @@ -0,0 +1,66 @@ +# frozen_string_literal: true + +# Política de acceso a artículos +class IndexedPostPolicy + attr_reader :indexed_post, :usuarie, :site + + def initialize(usuarie, indexed_post) + @usuarie = usuarie + @indexed_post = indexed_post + @site = indexed_post.site + end + + def index? + true + end + + # Les invitades solo pueden ver sus propios posts + def show? + site.usuarie?(usuarie) || site.indexed_posts.by_usuarie(usuarie.id).find_by_post_id(indexed_post.post_id).present? + end + + def preview? + show? + end + + def new? + create? + end + + def create? + true + end + + def edit? + update? + end + + # Les invitades solo pueden modificar sus propios artículos + def update? + show? + end + + # Solo las usuarias pueden eliminar artículos. Les invitades pueden + # borrar sus propios artículos + def destroy? + update? + end + + # Las usuarias pueden ver todos los posts + # + # Les invitades solo pueden ver sus propios posts + class Scope + attr_reader :usuarie, :scope + + def initialize(usuarie, scope) + @usuarie = usuarie + @scope = scope + end + + def resolve + return scope if scope&.first&.site&.usuarie? usuarie + + scope.by_usuarie(usuarie.id) + end + end +end From a9bce070e8753c28dc208e650366b30013f5d9fa Mon Sep 17 00:00:00 2001 From: f Date: Wed, 26 Apr 2023 15:25:09 -0300 Subject: [PATCH 3/3] fix: temporalmente deshabilitar el cambio de plantillas #13260 --- app/views/sites/_form.haml | 59 +++++++++++++++++++------------------- config/locales/en.yml | 2 +- config/locales/es.yml | 2 +- 3 files changed, 32 insertions(+), 31 deletions(-) diff --git a/app/views/sites/_form.haml b/app/views/sites/_form.haml index 69997ffa..0dcccbe3 100644 --- a/app/views/sites/_form.haml +++ b/app/views/sites/_form.haml @@ -46,36 +46,37 @@ .invalid-feedback= site.errors.messages[:description].join(', ') %hr/ - .form-group#design_id - %h2= t('.design.title') - %p.lead= t('.help.design') - - if invalid? site, :design_id - = render 'bootstrap/alert' do - = t('activerecord.errors.models.site.attributes.design_id.layout_incompatible.help', - layouts: site.incompatible_layouts.to_sentence) - .row.row-cols-1.row-cols-md-2.designs - -# Demasiado complejo para un f.collection_radio_buttons - - Design.all.order(priority: :desc).each do |design| - .design.col.d-flex.flex-column - .custom-control.custom-radio - = f.radio_button :design_id, design.id, - checked: design.id == site.design_id, - disabled: design.disabled, - required: true, class: 'custom-control-input' - = f.label "design_id_#{design.id}", design.name, - class: 'custom-control-label' - .flex-fill - = sanitize_markdown design.description, - tags: %w[p a strong em] + - unless site.persisted? + .form-group#design_id + %h2= t('.design.title') + %p.lead= t('.help.design') + - if invalid? site, :design_id + = render 'bootstrap/alert' do + = t('activerecord.errors.models.site.attributes.design_id.layout_incompatible.help', + layouts: site.incompatible_layouts.to_sentence) + .row.row-cols-1.row-cols-md-2.designs + -# Demasiado complejo para un f.collection_radio_buttons + - Design.all.order(priority: :desc).each do |design| + .design.col.d-flex.flex-column + .custom-control.custom-radio + = f.radio_button :design_id, design.id, + checked: design.id == site.design_id, + disabled: design.disabled, + required: true, class: 'custom-control-input' + = f.label "design_id_#{design.id}", design.name, + class: 'custom-control-label' + .flex-fill + = sanitize_markdown design.description, + tags: %w[p a strong em] - .btn-group{ role: 'group', 'aria-label': t('.design.actions') } - - if design.url - = link_to t('.design.url'), design.url, - target: '_blank', class: 'btn' - - if design.license - = link_to t('.design.license'), design.license, - target: '_blank', class: 'btn' - %hr/ + .btn-group{ role: 'group', 'aria-label': t('.design.actions') } + - if design.url + = link_to t('.design.url'), design.url, + target: '_blank', class: 'btn' + - if design.license + = link_to t('.design.license'), design.license, + target: '_blank', class: 'btn' + %hr/ .form-group.licenses#license_id %h2= t('.licencia.title') diff --git a/config/locales/en.yml b/config/locales/en.yml index 2628ffb1..1f46ffed 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -410,7 +410,7 @@ en: name: "The name of your site. It can only include numbers and letters." title: 'The title can be anything you want' description: 'You site description that appears in search engines. Between 50 and 160 characters.' - design: 'Select the design for your site. You can change it later. We add more designs from time to time!' + design: 'Select the design for your site. We add more designs from time to time!' licencia: 'Everything we publish has automatic copyright. This means nobody can use our works without explicit permission. By using licenses, we stablish conditions by which we want to share diff --git a/config/locales/es.yml b/config/locales/es.yml index 6ad61228..3630ea25 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -416,7 +416,7 @@ es: name: 'El nombre de tu sitio que formará parte de la dirección (**ejemplo**.sutty.nl). Solo puede contener letras minúsculas, números y guiones.' title: 'El título de tu sitio puede ser lo que quieras.' description: 'La descripción del sitio, que saldrá en buscadores. Entre 50 y 160 caracteres.' - design: 'Elegí el diseño que va a tener tu sitio aquí. Podés cambiarlo luego. De tanto en tanto vamos sumando diseños nuevos.' + design: 'Elegí el diseño que va a tener tu sitio aquí. De tanto en tanto vamos sumando diseños nuevos.' licencia: 'Todo lo que publicamos posee automáticamente derechos de autore. Esto significa que nadie puede hacer uso de nuestras obras sin permiso explícito. Con las licencias establecemos