DFE-Digital · ebrett · Jan 17, 2022 · Dec 3, 2021 · Dec 3, 2021 · Dec 3, 2021
diff --git a/app/controllers/admin/content_assets_controller.rb b/app/controllers/admin/content_assets_controller.rb
@@ -0,0 +1,66 @@
+module Admin
+  class ContentAssetsController < AdminController
+    before_action :set_content_asset, only: %i[show edit update destroy]
+
+    def index
+      @content_assets = ContentAsset.all
+    end
+
+    def show; end
+
+    def new
+      @content_asset = ContentAsset.new
+    end
+
+    def edit
+      authorize @content_asset, :edit?
+    end
+
+    def create
+      @content_asset = ContentAsset.new(content_asset_params)
+
+      authorize @content_asset, :create?
+
+      if upload_rate_limit_exceeded?
+        redirect_to admin_content_assets_path, notice: "Only one upload is allowed in each 30 seconds, please wait..."
+      elsif @content_asset.save
+        redirect_to admin_content_asset_path(@content_asset), notice: "Content asset was successfully created."
+      else
+        render :new
+      end
+    end
+
+    def update
+      authorize @content_asset, :update?
+
+      if @content_asset.update(content_asset_params)
+        redirect_to admin_content_asset_path(@content_asset), notice: "Content asset was successfully updated."
+      else
+        render :edit
+      end
+    end
+
+    def destroy
+      authorize @content_asset, :destroy?
+
+      @content_asset.destroy!
+      redirect_to admin_content_assets_url, notice: "Content asset was successfully destroyed."
+    end
+
+  private
+
+    def upload_rate_limit_exceeded?
+      ContentAsset.where(updated_at: 30.seconds.ago..Time.zone.now).count.positive?
+    end
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_content_asset
+      @content_asset = ContentAsset.find(params[:id])
+    end
+
+    # Only allow a list of trusted parameters through.
+    def content_asset_params
+      params.require(:content_asset).permit(:title, :asset_file, :alt_text)
+    end
+  end
+end
diff --git a/app/controllers/admin/content_blocks_controller.rb b/app/controllers/admin/content_blocks_controller.rb
@@ -0,0 +1,55 @@
+module Admin
+  class ContentBlocksController < AdminController
+    before_action :set_content_block, only: %i[edit update]
+
+    def index
+      authorize User
+      @content_blocks = ContentBlock.all
+    end
+
+    def new
+      @content_block = ContentBlock.new
+    end
+
+    def edit; end
+
+    def create
+      @content_block = ContentBlock.new(content_block_params)
+      begin
+        authorize @content_block, :create?
+        if @content_block.save
+          redirect_to admin_content_blocks_path, notice: "Content block was successfully created."
+        else
+          render :new
+        end
+      rescue Pundit::NotAuthorizedError
+        @content_block.errors.add(:base, "You don't have permission to create a new block")
+        render :new
+      end
+    end
+
+    def update
+      authorize @content_block, :update?
+      if @content_block.update(content_block_params)
+        redirect_to admin_content_blocks_path, notice: "Content block was successfully updated."
+      else
+        render :edit
+      end
+    rescue Pundit::NotAuthorizedError
+      @content_block.errors.add(:base, "You don't have permission to edit blocks")
+      render :edit
+    end
+
+  private
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_content_block
+      @content_block = ContentBlock.find(params[:id])
+    end
+
+    # Only allow a list of trusted parameters through.
+    def content_block_params
+      params.require(:content_block).permit(:name, :description, :markdown)
+    end
+  end
+end
diff --git a/app/controllers/admin/content_page_versions_controller.rb b/app/controllers/admin/content_page_versions_controller.rb
@@ -0,0 +1,76 @@
+module Admin
+  class ContentPageVersionsController < AdminController
+    before_action :set_content_page_version, only: %i[destroy edit update preview_of_draft publish]
+
+    def destroy
+      authorize @content_page_version, :destroy?
+      authorize @content_page_version.content_page, :destroy?
+      @parent_page = @content_page_version.content_page
+
+      @content_page_version.destroy!
+
+      # There is a requirement to delete the ContentPage if it is unpublished and if
+      # the last of its ContentPageVersions have been removed
+      if !@parent_page.is_published && @parent_page.content_page_versions.count.zero?
+        @parent_page.destroy!
+      end
+
+      redirect_to admin_content_pages_path, notice: "Draft successfuly deleted"
+    end
+
+    def edit; end
+
+    def update
+      authorize @content_page_version, :update?
+      @content_page_version.author = current_user.name
+
+      if @content_page_version.update(content_page_version_params)
+        redirect_to versions_admin_content_page_path(@content_page_version.content_page), notice: "This version was successfully updated"
+      else
+        render :edit
+      end
+    rescue Pundit::NotAuthorizedError
+      @content_page_version.errors.add(:base, "You don't have permission to change versions of pages")
+      render :edit
+    end
+
+    def preview_of_draft
+      @page = ContentPage.new(title: @content_page_version.title,
+                              markdown: @content_page_version.markdown,
+                              position: 22,
+                              description: @content_page_version.description,
+                              previous_id: @content_page_version.content_page.id,
+                              next_id: @content_page_version.content_page.id)
+
+      render layout: "application"
+    end
+
+    def publish
+      @page = @content_page_version.content_page
+      @page.update!(
+        markdown: @content_page_version.markdown,
+        is_published: true,
+        author: current_user.name,
+        title: @content_page_version.title,
+        description: @content_page_version.description,
+      )
+
+      # Delete the version that this page was published from
+      @content_page_version.destroy!
+
+      redirect_to versions_admin_content_page_path(@page), notice: "Published"
+    end
+
+  private
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_content_page_version
+      @content_page_version = ContentPageVersion.find(params[:id])
+    end
+
+    # Only allow a list of trusted parameters through.
+    def content_page_version_params
+      params.require(:content_page_version).permit(:title, :markdown, :author, :description)
+    end
+  end
+end
diff --git a/app/controllers/admin/content_pages_controller.rb b/app/controllers/admin/content_pages_controller.rb
@@ -0,0 +1,122 @@
+module Admin
+  class ContentPagesController < AdminController
+    before_action :set_content_page, only: %i[show edit update destroy versions unpublish]
+
+    def index
+      @content_pages = ContentPage.top_level.order_by_position
+    end
+
+    def show
+      unless @content_page.is_published
+        redirect_to("/404")
+      end
+    end
+
+    def new
+      # If the new page is a child, pass through its parent id
+      # Pages with a nil parent_id are top_level
+      next_position = ContentPage.maximum("position") ? (ContentPage.maximum("position") + 1) : 1
+      @content_page = ContentPage.new(parent_id: params[:parent_id], position: next_position)
+    end
+
+    def create
+      @content_page = ContentPage.new(content_page_params)
+      @content_page.author = current_user.name
+      @content_page.is_published = false
+
+      begin
+        authorize @content_page, :create?
+
+        if @content_page.save
+          redirect_to "#{admin_content_page_path(@content_page)}/versions", notice: "A new version was successfully created"
+        else
+          render :new
+        end
+      rescue Pundit::NotAuthorizedError
+        @content_page.errors.add(:base, "You don't have permission to create pages")
+        render :new
+      end
+    end
+
+    def edit; end
+
+    # ContentPage markdown is never directly updated.  Changes happen to markdown
+    # as ContentPageVersions are created, edited and published
+    # Changes to position are applied directly to the published page, position has
+    # no meaning for drafts
+    # This update method does not do things the normal Rails way
+    def update
+      authorize @content_page, :update?
+
+      # If the position has changed, honour it. Versions do not have positions
+      if content_page_params[:position] != @content_page.position
+        @content_page.position = content_page_params[:position]
+        if @content_page.valid?
+          @content_page.save!
+        end
+      end
+
+      # This will not be saved, just doing it to take advantage of
+      # ContentPage validation, before the same values are used to
+      # create the ContentPageVersion
+      @content_page.markdown = content_page_params[:markdown]
+      if content_page_params[:title]
+        @content_page.title = content_page_params[:title]
+      end
+
+      if @content_page.valid?
+        ContentPageVersion.create!(title: @content_page.title,
+                                   markdown: content_page_params[:markdown],
+                                   author: current_user.name,
+                                   content_page: @content_page,
+                                   description: content_page_params[:description])
+        redirect_to "#{admin_content_page_path(@content_page)}/versions", notice: "A new version was successfully created"
+      else
+        render :edit
+      end
+    rescue Pundit::NotAuthorizedError
+      @content_page.errors.add(:base, "You don't have permission to change pages")
+      render :edit
+    end
+
+    def destroy
+      authorize @content_page, :destroy?
+      @content_page.destroy!
+      redirect_to admin_content_pages_path, notice: "Content page was successfully destroyed."
+    end
+
+    # POST of preview, returns html
+    def preview
+      html = GovspeakDecorator.translate_markdown(params["markdown"])
+
+      render json: { html: html }
+    end
+
+    def versions; end
+
+    def unpublish
+      authorize @content_page, :unpublish?
+
+      @content_page.update!(is_published: false)
+      ContentPageVersion.create!(title: @content_page.title,
+                                 markdown: @content_page.markdown,
+                                 author: current_user.name,
+                                 content_page: @content_page,
+                                 description: @content_page.description)
+
+      redirect_to versions_admin_content_page_path(@content_page), notice: t(".notice")
+    end
+
+  private
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_content_page
+      @content_page = ContentPage.find(params[:id])
+    end
+
+    # Only allow a list of trusted parameters through.
+    def content_page_params
+      params.require(:content_page).permit(:title, :markdown, :parent_id, :position, :description)
+    end
+  end
+end
diff --git a/app/controllers/content_assets_controller.rb b/app/controllers/content_assets_controller.rb