Merge pull request #389 from srogers/develop

Release v096

app/controllers/events_controller.rb

@@ -19,7 +19,7 @@ def index
     if params[:q].present?
       # Presentations uses this for picking event in case where a presentation is created without an event, then associated later.
       # Allows search by year or name segment. This is tricky because so many events have nearly the same name.
-      if params[:q].length == 4
+      if params[:q].length == 4 && params[:q].to_i.to_s == params[:q] # ensure that it's a number
         @conferences = @conferences.where("Extract(year FROM start_date) = ?", params[:q])
       else
         @conferences = @conferences.where("conferences.name ILIKE ?", '%' + params[:q] + '%')

app/controllers/pages_controller.rb

@@ -11,4 +11,9 @@ def privacy_policy
     get_passages
     @current_user.set_privacy_policy_current if @current_user.present?
   end
+
+  def terms_of_service
+    get_passages
+    # Currently not tracking user views or redirecting users based on TOS updates
+  end
 end

app/models/passage.rb

@@ -6,10 +6,11 @@ class Passage < ApplicationRecord
 
   MAJOR = 'major'
   MINOR = 'minor'
-  UPDATE_TYPES = [MAJOR, MINOR]
+  UPDATE_TYPES = [MINOR, MAJOR] # make minor the first in the drop-down (thus the default)
 
   # the special entry for the privacy policy - we have to be able to find it
   PRIVACY_POLICY = { name: 'Privacy Policy', assign_var: 'privacy_policy', view: 'pages/privacy_policy' }
+  TERMS_OF_SERVICE = { name: 'Terms of Service', assign_var: 'terms_of_service', view: 'pages/terms_of_service' }
 
   validates :name, :view, :assign_var, :content, :creator_id, presence: true
   validates :update_type,  inclusion: { in: UPDATE_TYPES, message: "%{value} is not a recognized update type", allow_blank: true }     # only present on update
@@ -44,8 +45,9 @@ def version
     end
   end
 
+  # Don't allow Privacy Policy or Terms of Service to be deleted
   def deletable?
-    name != PRIVACY_POLICY[:name]
+    ![PRIVACY_POLICY[:name], TERMS_OF_SERVICE[:name]].include? name
   end
 
   # Of all the versioned text entries, the Privacy Policy is a first-class citizen, wired into other models.
@@ -55,6 +57,7 @@ def self.current_privacy_policy_version
 
   # This gets called at boot time to ensure that the Privacy Policy record exists with the right name.
   def self.ensure_privacy_policy
+    return if Rails.env.test?
     begin
       if Passage.where(PRIVACY_POLICY).present?
         logger.debug "Privacy Policy present"
@@ -67,4 +70,20 @@ def self.ensure_privacy_policy
       logger.error "Error checking for privacy policy: #{ e }"
     end
   end
+
+  # This gets called at boot time to ensure that the Privacy Policy record exists with the right name.
+  def self.ensure_terms_of_service
+    return if Rails.env.test?
+    begin
+      if Passage.where(TERMS_OF_SERVICE).present?
+        logger.debug "Terms of Service present"
+      else
+        logger.debug "Creating Terms of Service base entry"
+        passage = create TERMS_OF_SERVICE.merge(creator: User.find_by_role_id(Role.admin.id), content: "Base Terms of Service - complete manually")
+        logger.error "Error creating base Terms of Service: #{ passage.errors.full_messages}" if passage.errors.present?
+      end
+    rescue Exception => e
+      logger.error "Error checking for terms of service: #{ e }"
+    end
+  end
 end

app/views/pages/_menu.html.haml

@@ -6,4 +6,5 @@
     %li.nav-item= link_to 'Who?', supporters_users_path, class: 'nav-link'  + tab_active?('supporters')
     %li.nav-item= link_to 'Tips', tips_path, class: 'nav-link' + tab_active?('tips')
     %li.nav-item= link_to 'Privacy Policy', privacy_policy_path, class: 'nav-link' + tab_active?('privacy_policy')
+    %li.nav-item= link_to 'Terms of Service', terms_of_service_path, class: 'nav-link' + tab_active?('terms_of_service')
     %li.nav-item= link_to 'Contact', contact_path, class: 'nav-link' + tab_active?('contact')

app/views/pages/privacy_policy.html.haml

@@ -9,6 +9,6 @@
   .col-md-12
     %p
       Version
-      = @privacy_policy&.version
+      = [@privacy_policy&.version, ','].join
       Last updated
       = pretty_date(@privacy_policy.updated_at)

app/views/pages/terms_of_service.html.haml

@@ -0,0 +1,14 @@
+= render partial: 'menu'
+- title 'Terms of Service'
+
+.row
+  .col-md-12
+    = safe_list_sanitizer.sanitize(@terms_of_service&.content).try(:html_safe)
+
+.row.mt-4
+  .col-md-12
+    %p
+      Version
+      = [@terms_of_service&.version, ','].join
+      Last updated
+      = pretty_date(@terms_of_service&.updated_at)

app/views/passages/_header.html.haml

@@ -1,12 +1,14 @@
 .row.mb-2
-  .col
+  .col-md-2
     = sorting_header 'Name', :passages_path, 'passages.name'
+  .col-md-2.text-right
+    Version
   .col
     = sorting_header 'View', :passages_path, 'passages.view'
   .col
     = sorting_header 'Instance Var', :passages_path, 'passages.assign_var'
 
 
   - if can? :edit, Passage
-    .col
+    .col-md-3.text-right
        

app/views/passages/_passage.html.haml

@@ -1,5 +1,6 @@
 .row.mb-2
-  .col= link_to passage.name, passage_path(passage)
+  .col-md-2= link_to passage.name, passage_path(passage)
+  .col-md-2.text-right= passage.version
   .col= passage.view
   .col= passage.assign_var
 

config/initializers/legal_passages.rb

@@ -0,0 +1,4 @@
+# This ensures there is an entry in Passages for the Privacy Policy and Terms of Service, even if they are just blank,
+# so that the Name and details are locked in.
+Passage.ensure_privacy_policy
+Passage.ensure_terms_of_service

config/routes.rb

@@ -11,6 +11,7 @@
   get '/contact', to: 'pages#contact',         as: :contact
   get '/robots',  to: 'pages#robots',          as: :robots
   get '/privacy_policy', to: 'pages#privacy_policy', as: :privacy_policy
+  get '/terms_of_service', to: 'pages#terms_of_service', as: :terms_of_service
 
   get '/activate/:id',              to: 'activations#create', as: :activation
   get '/register/:activation_code', to: 'activations#new',    as: :registration

spec/controllers/pages_controller_spec.rb

@@ -1,23 +1,52 @@
 require 'rails_helper'
 
-RSpec.describe PassagesController, type: :controller do
+RSpec.describe PagesController, type: :controller do
   fixtures :roles
   setup :activate_authlogic
 
   let(:user) { create :user }
 
-  before do
-    @current_user = user
-    log_in @current_user
+  describe "GET #privacy_policy" do
+
+    let!(:passage) { create :passage, Passage::PRIVACY_POLICY.merge(creator: user) }
+
+    it "finds the passage by controller/action and assigns it as @passage" do
+      get :privacy_policy
+      expect(assigns(:privacy_policy).name).to eq('Privacy Policy')
+    end
+
+    context "with authenticated user" do
+      before do
+        @current_user = user
+        log_in @current_user
+      end
+
+      it "finds the passage by controller/action and assigns it as @passage" do
+        get :privacy_policy
+        expect(assigns(:privacy_policy).name).to eq('Privacy Policy')
+      end
+    end
   end
 
-  describe "GET #privacy_policy" do
+  describe "GET #terms_of_service" do
+
+    let!(:passage) { create :passage, Passage::TERMS_OF_SERVICE.merge(creator: user) }
+
+    it "finds the passage by controller/action and assigns it as @passage" do
+      get :terms_of_service
+      expect(assigns(:terms_of_service).name).to eq('Terms of Service')
+    end
 
-    let!(:passage) { create :passage }
+    context "with authenticated user" do
+      before do
+        @current_user = user
+        log_in @current_user
+      end
 
-    it "assigns the requested passage as @passage" do
-      get :show, params: {id: passage.to_param}
-      expect(assigns(:passage)).to eq(passage)
+      it "finds the passage by controller/action and assigns it as @passage" do
+        get :terms_of_service
+        expect(assigns(:terms_of_service).name).to eq('Terms of Service')
+      end
     end
   end
 end