[Git][noosfero/noosfero][master] 2 commits: Better custom forms submissions display

Larissa Reis gitlab at gitlab.com
Thu Oct 8 12:59:40 BRT 2015 

Larissa Reis pushed to branch master at Noosfero / noosfero


Commits:
c3f4ea2b by Aurélio A. Heckert at 2015-10-08T12:04:21Z
Better custom forms submissions display

Also does some security enhancement for custom forms by sanitizing
content.

- - - - -
9ece558f by Larissa Reis at 2015-10-08T12:58:21Z
Merge branch 'aurium/noosfero-form-view'

See merge request !564

- - - - -


6 changed files:

- plugins/custom_forms/lib/custom_forms_plugin/answer.rb
- plugins/custom_forms/lib/custom_forms_plugin/helper.rb
- plugins/custom_forms/lib/custom_forms_plugin/submission.rb
- plugins/custom_forms/public/style.css
- plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
- plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb


Changes:

=====================================
plugins/custom_forms/lib/custom_forms_plugin/answer.rb
=====================================
--- a/plugins/custom_forms/lib/custom_forms_plugin/answer.rb
+++ b/plugins/custom_forms/lib/custom_forms_plugin/answer.rb
@@ -14,10 +14,14 @@ class CustomFormsPlugin::Answer < ActiveRecord::Base
     end
   end
 
-  def to_s
-    return value if value.blank? || field.alternatives.blank?
+  def to_text_list
+    return [value] if value.blank? || field.alternatives.blank?
     selected = value.split(',')
-    field.alternatives.select {|alt| selected.include? alt.id.to_s }.map(&:label).join(';')
+    field.alternatives.select {|alt| selected.include? alt.id.to_s }.map(&:label)
+  end
+
+  def to_s
+    to_text_list.join(';')
   end
 end
 


=====================================
plugins/custom_forms/lib/custom_forms_plugin/helper.rb
=====================================
--- a/plugins/custom_forms/lib/custom_forms_plugin/helper.rb
+++ b/plugins/custom_forms/lib/custom_forms_plugin/helper.rb
@@ -69,12 +69,13 @@ module CustomFormsPlugin::Helper
   end
 
   def display_custom_field(field, submission, form)
+    sanitized_name = ActionView::Base.white_list_sanitizer.sanitize field.name
     answer = submission.answers.select{|answer| answer.field == field}.first
     field_tag = send("display_#{type_for_options(field.class)}",field, answer, form)
     if field.mandatory? && submission.id.nil?
-      required(labelled_form_field(field.name, field_tag))
+      required(labelled_form_field(sanitized_name, field_tag))
     else
-      labelled_form_field(field.name, field_tag)
+      labelled_form_field(sanitized_name, field_tag)
     end
   end
 


=====================================
plugins/custom_forms/lib/custom_forms_plugin/submission.rb
=====================================
--- a/plugins/custom_forms/lib/custom_forms_plugin/submission.rb
+++ b/plugins/custom_forms/lib/custom_forms_plugin/submission.rb
@@ -49,6 +49,14 @@ class CustomFormsPlugin::Submission < Noosfero::Plugin::ActiveRecord
     self.answers
   end
 
+  def q_and_a
+    qa = {}
+    form.fields.each do |f|
+      self.answers.select{|a| a.field == f}.map{|answer| qa[f] = answer }
+    end
+    qa
+  end
+
   protected
 
   def check_answers


=====================================
plugins/custom_forms/public/style.css
=====================================
--- a/plugins/custom_forms/public/style.css
+++ b/plugins/custom_forms/public/style.css
@@ -89,3 +89,32 @@ tr.addition-buttons {
   border: 1px solid #BBB;
   border-radius: 4px;
 }
+
+#custom-forms-plugin_submission .notify {
+  padding: 8px;
+  color: rgba(0,0,0,0.5);
+}
+
+#custom-forms-plugin_submission-view th {
+  border: none;
+  text-align: right;
+}
+#custom-forms-plugin_submission-view td {
+  padding: 5px 0;
+}
+
+#custom-forms-plugin_submission-view td img {
+  vertical-align: middle;
+}
+
+#custom-forms-plugin_submission-view td ul {
+  padding: 0;
+  margin: 0;
+}
+#custom-forms-plugin_submission-view td li {
+  list-style: none;
+  background: url('data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><rect x="3.5" y="3.5" width="10" height="10" fill="black" stroke="black" fill-opacity="0.2" opacity="0.4" ry="1"/><path d="M 4,5 8.5,13 16,0 8.5,8.5 z"/></svg>') no-repeat 0 50%;
+  padding: 0 0 0 20px;
+  margin: 0;
+}
+


=====================================
plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
=====================================
--- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
@@ -1,10 +1,51 @@
+<div id="custom-forms-plugin_submission-view">
+
 <h1><%= @form.name %></h1>
 <p><%= @form.description %></p>
 
-<%= fields_for :submission, @submission do |f| %>
-  <%= render :partial => 'shared/form_submission', :locals => {:f => f} %>
+<% sanitizer = ActionView::Base.white_list_sanitizer %>
+
+<table>
+  <tr>
+    <th><%= _('Submission date') %></th>
+    <td><%= @submission.updated_at.strftime('%Y/%m/%d %T %Z') %><td>
+  </tr>
+  <tr>
+    <th><%= _('Author') %></th>
+    <% if author = @submission.profile %>
+      <td>
+        <%= link_to(image_tag(profile_icon(author, :portrait)), author.url) %>
+        <%= link_to(author.name, author.url) %>
+      </td>
+    <% else %>
+      <td>
+        <%=
+          img = image_tag gravatar_profile_image_url @submission.author_email, :size=>64, :d => gravatar_default
+          sanitizer.sanitize link_to(img +' '+ @submission.author_name, "mailto:#{@submission.author_email}")
+        %>
+        <span>(<%= _('Unauthenticated') %>)<span>
+      </td>
+    <% end %>
+  </tr>
+<% @submission.q_and_a.each do |field, answer| %>
+  <tr>
+    <th><%= sanitizer.sanitize field.name %></th>
+    <td><%=
+      answer = if answer.field.alternatives.blank?
+        answer.to_s.gsub("\n", '<br>')
+      else
+        content_tag :ul do
+          answer.to_text_list.map {|a| content_tag :li, a }.join("\n")
+        end
+      end
+      sanitizer.sanitize answer
+    %></td>
+  </tr>
 <% end %>
+</table>
 
 <% button_bar do %>
   <%= button :back, _('Back to submissions'), :action => 'submissions', :id => @form.id %>
 <% end %>
+
+</div><!-- end id="custom-forms-plugin_submission-view" -->


=====================================
plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
=====================================
--- a/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
@@ -1,3 +1,5 @@
+<div id="custom-forms-plugin_submission">
+
 <h1><%= @form.name %></h1>
 <p><%= @form.description %></p>
 
@@ -26,6 +28,7 @@
       <% else %>
         <%= submit_button :save, c_('Save'), :cancel => {:controller => :profile, :profile => profile.identifier} %>
       <% end %>
+      <div class="notify"><%= _("Your e-mail will be visible to this form's owners.") %></div>
     <% end %>
 
   <% end %>
@@ -34,3 +37,5 @@
     <%= render :partial => 'shared/form_submission', :locals => {:f => f} %>
   <% end %>
 <% end %>
+
+</div><!-- end id="custom-forms-plugin_submission" -->



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/0fa2786025f67ed14e295a74a7e66cc773081673...9ece558f8c976f41aa8070835b5fdeb515774ab7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20151008/57f950dc/attachment.html>

More information about the Noosfero-dev mailing list