2021-06-01 12:20:20 +00:00
|
|
|
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
|
|
|
|
2016-11-11 15:57:25 +00:00
|
|
|
class NotificationFactory::Renderer
|
|
|
|
|
|
|
|
=begin
|
|
|
|
|
|
|
|
examples how to use
|
|
|
|
|
|
|
|
message_subject = NotificationFactory::Renderer.new(
|
2019-02-10 11:01:38 +00:00
|
|
|
objects: {
|
2016-11-11 15:57:25 +00:00
|
|
|
ticket: Ticket.first,
|
|
|
|
},
|
2019-02-10 11:01:38 +00:00
|
|
|
locale: 'de-de',
|
|
|
|
timezone: 'America/Port-au-Prince',
|
|
|
|
template: 'some template <b>#{ticket.title}</b> {config.fqdn}',
|
2021-09-23 10:04:18 +00:00
|
|
|
escape: false,
|
|
|
|
trusted: false, # Allow ERB tags in the template?
|
2016-11-11 15:57:25 +00:00
|
|
|
).render
|
|
|
|
|
|
|
|
message_body = NotificationFactory::Renderer.new(
|
2019-02-10 11:01:38 +00:00
|
|
|
objects: {
|
2016-11-11 15:57:25 +00:00
|
|
|
ticket: Ticket.first,
|
|
|
|
},
|
2019-02-10 11:01:38 +00:00
|
|
|
locale: 'de-de',
|
|
|
|
timezone: 'America/Port-au-Prince',
|
|
|
|
template: 'some template <b>#{ticket.title}</b> #{config.fqdn}',
|
2016-11-11 15:57:25 +00:00
|
|
|
).render
|
|
|
|
|
|
|
|
=end
|
|
|
|
|
2021-09-23 10:04:18 +00:00
|
|
|
def initialize(objects:, template:, locale: nil, timezone: nil, escape: true, trusted: false) # rubocop:disable Metrics/ParameterLists
|
2020-01-27 09:28:17 +00:00
|
|
|
@objects = objects
|
|
|
|
@locale = locale || Locale.default
|
2019-02-10 11:01:38 +00:00
|
|
|
@timezone = timezone || Setting.get('timezone_default')
|
2021-09-23 10:04:18 +00:00
|
|
|
@template = NotificationFactory::Template.new(template, escape, trusted)
|
2016-11-11 15:57:25 +00:00
|
|
|
@escape = escape
|
|
|
|
end
|
|
|
|
|
|
|
|
def render
|
|
|
|
ERB.new(@template.to_s).result(binding)
|
|
|
|
end
|
|
|
|
|
|
|
|
# d - data of object
|
|
|
|
# d('user.firstname', htmlEscape)
|
|
|
|
def d(key, escape = nil)
|
|
|
|
|
2019-07-31 08:23:48 +00:00
|
|
|
# do validation, ignore some methods
|
2016-11-12 10:19:15 +00:00
|
|
|
return "\#{#{key} / not allowed}" if !data_key_valid?(key)
|
|
|
|
|
2016-11-13 18:33:12 +00:00
|
|
|
# aliases
|
|
|
|
map = {
|
|
|
|
'article.body' => 'article.body_as_text_with_quote.text2html',
|
2021-05-07 14:25:31 +00:00
|
|
|
'ticket.tags' => 'ticket.tag_list',
|
2016-11-13 18:33:12 +00:00
|
|
|
}
|
|
|
|
if map[key]
|
|
|
|
key = map[key]
|
|
|
|
end
|
|
|
|
|
|
|
|
# escape in html mode
|
|
|
|
if escape
|
|
|
|
no_escape = {
|
2018-12-19 17:31:51 +00:00
|
|
|
'article.body_as_html' => true,
|
2016-11-13 18:33:12 +00:00
|
|
|
'article.body_as_text_with_quote.text2html' => true,
|
|
|
|
}
|
|
|
|
if no_escape[key]
|
|
|
|
escape = false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-11-12 10:19:15 +00:00
|
|
|
value = nil
|
|
|
|
object_methods = key.split('.')
|
|
|
|
object_name = object_methods.shift
|
|
|
|
|
|
|
|
# if no object is given, just return
|
2017-11-23 08:09:44 +00:00
|
|
|
return '#{no such object}' if object_name.blank? # rubocop:disable Lint/InterpolationCheck
|
2018-10-09 06:17:41 +00:00
|
|
|
|
2016-11-12 10:19:15 +00:00
|
|
|
object_refs = @objects[object_name] || @objects[object_name.to_sym]
|
2016-11-11 15:57:25 +00:00
|
|
|
|
2019-07-31 08:23:48 +00:00
|
|
|
# if object is not in available objects, just return
|
2016-11-12 10:19:15 +00:00
|
|
|
return "\#{#{object_name} / no such object}" if !object_refs
|
|
|
|
|
|
|
|
# if content of method is a complex datatype, just return
|
2017-11-23 08:09:44 +00:00
|
|
|
if object_methods.blank? && object_refs.class != String && object_refs.class != Float && object_refs.class != Integer
|
2016-11-12 10:19:15 +00:00
|
|
|
return "\#{#{key} / no such method}"
|
|
|
|
end
|
2018-10-09 06:17:41 +00:00
|
|
|
|
2018-09-26 11:08:18 +00:00
|
|
|
previous_object_refs = ''
|
2016-11-11 15:57:25 +00:00
|
|
|
object_methods_s = ''
|
2017-10-01 12:25:52 +00:00
|
|
|
object_methods.each do |method_raw|
|
2016-11-11 15:57:25 +00:00
|
|
|
|
|
|
|
method = method_raw.strip
|
|
|
|
|
2018-09-26 11:08:18 +00:00
|
|
|
if method == 'value'
|
|
|
|
temp = object_refs
|
|
|
|
object_refs = display_value(previous_object_refs, method, object_methods_s, object_refs)
|
|
|
|
previous_object_refs = temp
|
|
|
|
end
|
|
|
|
|
2016-11-11 15:57:25 +00:00
|
|
|
if object_methods_s != ''
|
|
|
|
object_methods_s += '.'
|
|
|
|
end
|
|
|
|
object_methods_s += method
|
|
|
|
|
2018-09-26 11:08:18 +00:00
|
|
|
next if method == 'value'
|
|
|
|
|
2016-11-12 10:19:15 +00:00
|
|
|
if object_methods_s == ''
|
|
|
|
value = "\#{#{object_name}.#{object_methods_s} / no such method}"
|
|
|
|
break
|
|
|
|
end
|
|
|
|
|
2018-10-16 08:45:15 +00:00
|
|
|
arguments = nil
|
2021-05-12 11:37:44 +00:00
|
|
|
if %r{\A(?<method_id>[^(]+)\((?<parameter>[^)]+)\)\z} =~ method
|
2018-10-16 08:45:15 +00:00
|
|
|
|
|
|
|
if parameter != parameter.to_i.to_s
|
|
|
|
value = "\#{#{object_name}.#{object_methods_s} / invalid parameter: #{parameter}}"
|
|
|
|
break
|
|
|
|
end
|
|
|
|
|
|
|
|
begin
|
|
|
|
arguments = Array(parameter.to_i)
|
|
|
|
method = method_id
|
|
|
|
rescue
|
|
|
|
value = "\#{#{object_name}.#{object_methods_s} / #{e.message}}"
|
|
|
|
break
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-11-11 15:57:25 +00:00
|
|
|
# if method exists
|
2016-11-12 10:19:15 +00:00
|
|
|
if !object_refs.respond_to?(method.to_sym)
|
2016-11-11 15:57:25 +00:00
|
|
|
value = "\#{#{object_name}.#{object_methods_s} / no such method}"
|
|
|
|
break
|
|
|
|
end
|
2016-11-13 18:33:12 +00:00
|
|
|
begin
|
2018-09-26 11:08:18 +00:00
|
|
|
previous_object_refs = object_refs
|
2018-10-16 08:45:15 +00:00
|
|
|
object_refs = object_refs.send(method.to_sym, *arguments)
|
2019-02-10 08:40:55 +00:00
|
|
|
|
|
|
|
# body_as_html should trigger the cloning of all inline attachments from the parent article (issue #2399)
|
|
|
|
if method.to_sym == :body_as_html && previous_object_refs.respond_to?(:should_clone_inline_attachments)
|
|
|
|
previous_object_refs.should_clone_inline_attachments = true
|
|
|
|
end
|
2016-11-13 18:33:12 +00:00
|
|
|
rescue => e
|
2018-10-16 08:45:15 +00:00
|
|
|
value = "\#{#{object_name}.#{object_methods_s} / #{e.message}}"
|
|
|
|
break
|
2016-11-13 18:33:12 +00:00
|
|
|
end
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2020-11-05 16:31:00 +00:00
|
|
|
placeholder = value || object_refs
|
2019-02-10 11:01:38 +00:00
|
|
|
|
|
|
|
escaping(convert_to_timezone(placeholder), escape)
|
2016-11-11 15:57:25 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# c - config
|
|
|
|
# c('fqdn', htmlEscape)
|
|
|
|
def c(key, escape = nil)
|
|
|
|
config = Setting.get(key)
|
|
|
|
escaping(config, escape)
|
|
|
|
end
|
|
|
|
|
|
|
|
# t - translation
|
|
|
|
# t('yes', htmlEscape)
|
|
|
|
def t(key, escape = nil)
|
|
|
|
translation = Translation.translate(@locale, key)
|
|
|
|
escaping(translation, escape)
|
|
|
|
end
|
|
|
|
|
|
|
|
# h - htmlEscape
|
2019-02-10 11:01:38 +00:00
|
|
|
# h(htmlEscape)
|
|
|
|
def h(value)
|
|
|
|
return value if !value
|
2018-10-09 06:17:41 +00:00
|
|
|
|
2019-02-10 11:01:38 +00:00
|
|
|
CGI.escapeHTML(convert_to_timezone(value).to_s)
|
2016-11-11 15:57:25 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2019-02-10 11:01:38 +00:00
|
|
|
def convert_to_timezone(value)
|
2020-10-22 13:57:01 +00:00
|
|
|
return Translation.timestamp(@locale, @timezone, value) if value.instance_of?(ActiveSupport::TimeWithZone)
|
|
|
|
return Translation.date(@locale, value) if value.instance_of?(Date)
|
2019-02-10 11:01:38 +00:00
|
|
|
|
|
|
|
value
|
|
|
|
end
|
|
|
|
|
2016-11-11 15:57:25 +00:00
|
|
|
def escaping(key, escape)
|
2021-05-07 14:25:31 +00:00
|
|
|
return escaping(key.join(', '), escape) if key.respond_to?(:join)
|
2016-11-11 15:57:25 +00:00
|
|
|
return key if escape == false
|
|
|
|
return key if escape.nil? && !@escape
|
2018-10-09 06:17:41 +00:00
|
|
|
|
2016-11-11 15:57:25 +00:00
|
|
|
h key
|
|
|
|
end
|
2016-11-12 10:19:15 +00:00
|
|
|
|
|
|
|
def data_key_valid?(key)
|
2021-05-12 11:37:44 +00:00
|
|
|
return false if key =~ %r{`|\.(|\s*)(save|destroy|delete|remove|drop|update|create|new|all|where|find|raise|dump|rollback|freeze)}i && key !~ %r{(update|create)d_(at|by)}i
|
2018-10-09 06:17:41 +00:00
|
|
|
|
2016-11-12 10:19:15 +00:00
|
|
|
true
|
|
|
|
end
|
|
|
|
|
2018-09-26 11:08:18 +00:00
|
|
|
def display_value(object, method_name, previous_method_names, key)
|
|
|
|
return key if method_name != 'value' ||
|
|
|
|
!key.instance_of?(String)
|
|
|
|
|
|
|
|
attributes = ObjectManager::Attribute
|
|
|
|
.where(object_lookup_id: ObjectLookup.by_name(object.class.to_s))
|
|
|
|
.where(name: previous_method_names.split('.').last)
|
|
|
|
|
|
|
|
return key if attributes.count.zero? || attributes.first.data_type != 'select'
|
|
|
|
|
|
|
|
attributes.first.data_option['options'][key] || key
|
|
|
|
end
|
2016-11-11 15:57:25 +00:00
|
|
|
end
|