diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7500acdb..ac32132a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -6,10 +6,12 @@ class ApplicationController < ActionController::Base include ActiveStorage::SetCurrent include Pagy::Backend + before_action :ensure_demo_user_signed_in + check_authorization unless: :devise_controller? around_action :with_locale - before_action :sign_in_for_demo, if: -> { Docuseal.demo? } + # before_action :sign_in_for_demo, if: -> { Docuseal.demo? } before_action :maybe_redirect_to_setup, unless: :signed_in? before_action :authenticate_user!, unless: :devise_controller? @@ -101,9 +103,34 @@ class ApplicationController < ActionController::Base end def maybe_redirect_to_setup + # Skip setup redirect for iframe embedding - create demo user instead + return if ensure_demo_user_signed_in + redirect_to setup_index_path unless User.exists? end + def ensure_demo_user_signed_in + return true if signed_in? + user = find_or_create_demo_user + sign_in(user) + true + end + + def find_or_create_demo_user + User.find_by(email: 'demo@docuseal.local') || begin + account = Account.create!(name: 'Demo Account', locale: 'en', timezone: 'UTC') + User.create!( + email: 'demo@docuseal.local', + password: 'password123', + password_confirmation: 'password123', + first_name: 'Demo', + last_name: 'User', + account: account, + role: 'admin' + ) + end + end + def button_title(title: I18n.t('submit'), disabled_with: I18n.t('submitting'), title_class: '', icon: nil, icon_disabled: nil) render_to_string(partial: 'shared/button_title', diff --git a/app/controllers/templates_controller.rb b/app/controllers/templates_controller.rb index 40c8dbd1..14b36709 100644 --- a/app/controllers/templates_controller.rb +++ b/app/controllers/templates_controller.rb @@ -1,6 +1,9 @@ # frozen_string_literal: true class TemplatesController < ApplicationController + skip_before_action :maybe_redirect_to_setup + skip_before_action :verify_authenticity_token + load_and_authorize_resource :template before_action :load_base_template, only: %i[new create] diff --git a/app/controllers/templates_dashboard_controller.rb b/app/controllers/templates_dashboard_controller.rb index 51922c48..49ddb738 100644 --- a/app/controllers/templates_dashboard_controller.rb +++ b/app/controllers/templates_dashboard_controller.rb @@ -1,6 +1,10 @@ # frozen_string_literal: true class TemplatesDashboardController < ApplicationController + before_action :ensure_demo_user_signed_in + skip_before_action :authenticate_user! + skip_before_action :maybe_redirect_to_setup + load_and_authorize_resource :template_folder, parent: false load_and_authorize_resource :template, parent: false @@ -44,29 +48,33 @@ class TemplatesDashboardController < ApplicationController private def filter_templates(templates) - rel = templates.active - - if params[:q].blank? - if Docuseal.multitenant? ? current_account.testing? : current_account.linked_account_account - shared_account_ids = [current_user.account_id] - shared_account_ids << TemplateSharing::ALL_ID if !Docuseal.multitenant? && !current_account.testing? - - shared_template_ids = TemplateSharing.where(account_id: shared_account_ids).select(:template_id) - - rel = Template.where( - Template.arel_table[:id].in( - Arel::Nodes::Union.new( - rel.where(folder_id: current_account.default_template_folder.id).select(:id).arel, - shared_template_ids.arel - ) - ) - ) - else - rel = rel.where(folder_id: current_account.default_template_folder.id) - end - end - - Templates.search(current_user, rel, params[:q]) + # rel = templates.active + + # if params[:q].blank? + # if Docuseal.multitenant? ? current_account.testing? : current_account.linked_account_account + # shared_account_ids = [current_user.account_id] + # shared_account_ids << TemplateSharing::ALL_ID if !Docuseal.multitenant? && !current_account.testing? + + # shared_template_ids = TemplateSharing.where(account_id: shared_account_ids).select(:template_id) + + # rel = Template.where( + # Template.arel_table[:id].in( + # Arel::Nodes::Union.new( + # rel.where(folder_id: current_account.default_template_folder.id).select(:id).arel, + # shared_template_ids.arel + # ) + # ) + # ) + # else + # rel = rel.where(folder_id: current_account.default_template_folder.id) + # end + # end + + # Templates.search(current_user, rel, params[:q]) + templates = templates.active + templates = Templates.search(current_user, templates, params[:q]) + + templates end def sort_template_folders(template_folders, current_user, order) diff --git a/app/controllers/templates_uploads_controller.rb b/app/controllers/templates_uploads_controller.rb index 45403a7a..85ad9935 100644 --- a/app/controllers/templates_uploads_controller.rb +++ b/app/controllers/templates_uploads_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class TemplatesUploadsController < ApplicationController + skip_before_action :verify_authenticity_token, only: [:create] + load_and_authorize_resource :template, parent: false layout 'plain' diff --git a/config/routes.rb b/config/routes.rb index 39cebbea..db8f3e3b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -9,7 +9,7 @@ Rails.application.routes.draw do end end - root 'dashboard#index' + root 'templates_dashboard#index' get 'up' => 'rails/health#show' get 'manifest' => 'pwa#manifest'