[Git][noosfero/noosfero][master] 2 commits: Better custom forms submissions display
Larissa Reis
gitlab at gitlab.com
Thu Oct 8 12:59:40 BRT 2015
Larissa Reis pushed to branch master at Noosfero / noosfero
Commits:
c3f4ea2b by Aurélio A. Heckert at 2015-10-08T12:04:21Z
Better custom forms submissions display
Also does some security enhancement for custom forms by sanitizing
content.
- - - - -
9ece558f by Larissa Reis at 2015-10-08T12:58:21Z
Merge branch 'aurium/noosfero-form-view'
See merge request !564
- - - - -
6 changed files:
- plugins/custom_forms/lib/custom_forms_plugin/answer.rb
- plugins/custom_forms/lib/custom_forms_plugin/helper.rb
- plugins/custom_forms/lib/custom_forms_plugin/submission.rb
- plugins/custom_forms/public/style.css
- plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
- plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
Changes:
=====================================
plugins/custom_forms/lib/custom_forms_plugin/answer.rb
=====================================
--- a/plugins/custom_forms/lib/custom_forms_plugin/answer.rb
+++ b/plugins/custom_forms/lib/custom_forms_plugin/answer.rb
@@ -14,10 +14,14 @@ class CustomFormsPlugin::Answer < ActiveRecord::Base
end
end
- def to_s
- return value if value.blank? || field.alternatives.blank?
+ def to_text_list
+ return [value] if value.blank? || field.alternatives.blank?
selected = value.split(',')
- field.alternatives.select {|alt| selected.include? alt.id.to_s }.map(&:label).join(';')
+ field.alternatives.select {|alt| selected.include? alt.id.to_s }.map(&:label)
+ end
+
+ def to_s
+ to_text_list.join(';')
end
end
=====================================
plugins/custom_forms/lib/custom_forms_plugin/helper.rb
=====================================
--- a/plugins/custom_forms/lib/custom_forms_plugin/helper.rb
+++ b/plugins/custom_forms/lib/custom_forms_plugin/helper.rb
@@ -69,12 +69,13 @@ module CustomFormsPlugin::Helper
end
def display_custom_field(field, submission, form)
+ sanitized_name = ActionView::Base.white_list_sanitizer.sanitize field.name
answer = submission.answers.select{|answer| answer.field == field}.first
field_tag = send("display_#{type_for_options(field.class)}",field, answer, form)
if field.mandatory? && submission.id.nil?
- required(labelled_form_field(field.name, field_tag))
+ required(labelled_form_field(sanitized_name, field_tag))
else
- labelled_form_field(field.name, field_tag)
+ labelled_form_field(sanitized_name, field_tag)
end
end
=====================================
plugins/custom_forms/lib/custom_forms_plugin/submission.rb
=====================================
--- a/plugins/custom_forms/lib/custom_forms_plugin/submission.rb
+++ b/plugins/custom_forms/lib/custom_forms_plugin/submission.rb
@@ -49,6 +49,14 @@ class CustomFormsPlugin::Submission < Noosfero::Plugin::ActiveRecord
self.answers
end
+ def q_and_a
+ qa = {}
+ form.fields.each do |f|
+ self.answers.select{|a| a.field == f}.map{|answer| qa[f] = answer }
+ end
+ qa
+ end
+
protected
def check_answers
=====================================
plugins/custom_forms/public/style.css
=====================================
--- a/plugins/custom_forms/public/style.css
+++ b/plugins/custom_forms/public/style.css
@@ -89,3 +89,32 @@ tr.addition-buttons {
border: 1px solid #BBB;
border-radius: 4px;
}
+
+#custom-forms-plugin_submission .notify {
+ padding: 8px;
+ color: rgba(0,0,0,0.5);
+}
+
+#custom-forms-plugin_submission-view th {
+ border: none;
+ text-align: right;
+}
+#custom-forms-plugin_submission-view td {
+ padding: 5px 0;
+}
+
+#custom-forms-plugin_submission-view td img {
+ vertical-align: middle;
+}
+
+#custom-forms-plugin_submission-view td ul {
+ padding: 0;
+ margin: 0;
+}
+#custom-forms-plugin_submission-view td li {
+ list-style: none;
+ background: url('data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><rect x="3.5" y="3.5" width="10" height="10" fill="black" stroke="black" fill-opacity="0.2" opacity="0.4" ry="1"/><path d="M 4,5 8.5,13 16,0 8.5,8.5 z"/></svg>') no-repeat 0 50%;
+ padding: 0 0 0 20px;
+ margin: 0;
+}
+
=====================================
plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
=====================================
--- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
@@ -1,10 +1,51 @@
+<div id="custom-forms-plugin_submission-view">
+
<h1><%= @form.name %></h1>
<p><%= @form.description %></p>
-<%= fields_for :submission, @submission do |f| %>
- <%= render :partial => 'shared/form_submission', :locals => {:f => f} %>
+<% sanitizer = ActionView::Base.white_list_sanitizer %>
+
+<table>
+ <tr>
+ <th><%= _('Submission date') %></th>
+ <td><%= @submission.updated_at.strftime('%Y/%m/%d %T %Z') %><td>
+ </tr>
+ <tr>
+ <th><%= _('Author') %></th>
+ <% if author = @submission.profile %>
+ <td>
+ <%= link_to(image_tag(profile_icon(author, :portrait)), author.url) %>
+ <%= link_to(author.name, author.url) %>
+ </td>
+ <% else %>
+ <td>
+ <%=
+ img = image_tag gravatar_profile_image_url @submission.author_email, :size=>64, :d => gravatar_default
+ sanitizer.sanitize link_to(img +' '+ @submission.author_name, "mailto:#{@submission.author_email}")
+ %>
+ <span>(<%= _('Unauthenticated') %>)<span>
+ </td>
+ <% end %>
+ </tr>
+<% @submission.q_and_a.each do |field, answer| %>
+ <tr>
+ <th><%= sanitizer.sanitize field.name %></th>
+ <td><%=
+ answer = if answer.field.alternatives.blank?
+ answer.to_s.gsub("\n", '<br>')
+ else
+ content_tag :ul do
+ answer.to_text_list.map {|a| content_tag :li, a }.join("\n")
+ end
+ end
+ sanitizer.sanitize answer
+ %></td>
+ </tr>
<% end %>
+</table>
<% button_bar do %>
<%= button :back, _('Back to submissions'), :action => 'submissions', :id => @form.id %>
<% end %>
+
+</div><!-- end id="custom-forms-plugin_submission-view" -->
=====================================
plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
=====================================
--- a/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
@@ -1,3 +1,5 @@
+<div id="custom-forms-plugin_submission">
+
<h1><%= @form.name %></h1>
<p><%= @form.description %></p>
@@ -26,6 +28,7 @@
<% else %>
<%= submit_button :save, c_('Save'), :cancel => {:controller => :profile, :profile => profile.identifier} %>
<% end %>
+ <div class="notify"><%= _("Your e-mail will be visible to this form's owners.") %></div>
<% end %>
<% end %>
@@ -34,3 +37,5 @@
<%= render :partial => 'shared/form_submission', :locals => {:f => f} %>
<% end %>
<% end %>
+
+</div><!-- end id="custom-forms-plugin_submission" -->
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/0fa2786025f67ed14e295a74a7e66cc773081673...9ece558f8c976f41aa8070835b5fdeb515774ab7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20151008/57f950dc/attachment.html>
More information about the Noosfero-dev
mailing list