Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-08 05:45:31 +08:00
Code Packages Activity Actions
discourse/app/controllers/admin/themes_controller.rb
Jarek Radosz 71834c898f
DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 
Co-authored-by: Loïc Guitaut <loic@discourse.org>
2025-10-06 16:11:01 +02:00

538 lines
16 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
require "base64"
class Admin::ThemesController < Admin::AdminController
MAX_REMOTE_LENGTH = 10_000
skip_before_action :check_xhr, only: %i[show preview export]
before_action :ensure_admin
before_action :ensure_theme_creation_is_allowed, only: %i[create import]
def preview
theme = Theme.find_by(id: params[:id])
raise Discourse::InvalidParameters.new(:id) unless theme
redirect_to path("/?preview_theme_id=#{theme.id}")
end
def upload_asset
ban_in_allowlist_mode!
path = params[:file].path
hijack do
File.open(path) do |file|
filename = params[:file]&.original_filename || File.basename(path)
upload = UploadCreator.new(file, filename, for_theme: true).create_for(theme_user.id)
if upload.errors.count > 0
render_json_error upload
else
render json: { upload_id: upload.id }, status: :created
end
end
end
end
def generate_key_pair
require "sshkey"
k = SSHKey.generate
Discourse.redis.setex("ssh_key_#{k.ssh_public_key}", 1.hour, k.private_key)
render json: { public_key: k.ssh_public_key }
end
THEME_CONTENT_TYPES = %w[
application/gzip
application/x-gzip
application/x-zip-compressed
application/zip
]
def import
@theme = nil
if params[:theme] && params[:theme].content_type == "application/json"
ban_in_allowlist_mode!
# .dcstyle.json import. Deprecated, but still available to allow conversion
json = JSON.parse(params[:theme].read)
theme = json["theme"]
@theme = Theme.new(name: theme["name"], user_id: theme_user.id, auto_update: false)
theme["theme_fields"]&.each do |field|
if field["raw_upload"]
begin
tmp = Tempfile.new
tmp.binmode
file = Base64.decode64(field["raw_upload"])
tmp.write(file)
tmp.rewind
upload = UploadCreator.new(tmp, field["filename"]).create_for(theme_user.id)
field["upload_id"] = upload.id
ensure
tmp.unlink
end
end
@theme.set_field(
target: field["target"],
name: field["name"],
value: field["value"],
type_id: field["type_id"],
upload_id: field["upload_id"],
)
end
if @theme.save
log_theme_change(nil, @theme)
render json: serialize_data(@theme, ThemeSerializer), status: :created
else
render json: @theme.errors, status: :unprocessable_entity
end
elsif remote = params[:remote]
if remote.length > MAX_REMOTE_LENGTH
error =
I18n.t("themes.import_error.not_allowed_theme", { repo: remote[0..MAX_REMOTE_LENGTH] })
return render_json_error(error, status: 422)
end
begin
guardian.ensure_allowed_theme_repo_import!(remote.strip)
rescue Discourse::InvalidAccess
render_json_error I18n.t("themes.import_error.not_allowed_theme", { repo: remote.strip }),
status: :forbidden
return
end
hijack do
begin
branch = params[:branch] ? params[:branch] : nil
private_key =
params[:public_key] ? Discourse.redis.get("ssh_key_#{params[:public_key]}") : nil
if params[:public_key].present? && private_key.blank?
return render_json_error I18n.t("themes.import_error.ssh_key_gone")
end
@theme =
RemoteTheme.import_theme(remote, theme_user, private_key: private_key, branch: branch)
render json: serialize_data(@theme, ThemeSerializer), status: :created
rescue RemoteTheme::ImportError => e
if params[:force]
theme_name = params[:remote].gsub(/.git\z/, "").split("/").last
remote_theme = RemoteTheme.new
remote_theme.private_key = private_key
remote_theme.branch = params[:branch] ? params[:branch] : nil
remote_theme.remote_url = params[:remote]
remote_theme.save!
@theme = Theme.new(user_id: theme_user&.id || -1, name: theme_name)
@theme.remote_theme = remote_theme
@theme.save!
render json: serialize_data(@theme, ThemeSerializer), status: :created
else
render_json_error e.message
end
end
end
elsif params[:bundle] ||
(params[:theme] && THEME_CONTENT_TYPES.include?(params[:theme].content_type))
ban_in_allowlist_mode!
# params[:bundle] used by theme CLI. params[:theme] used by admin UI
bundle = params[:bundle] || params[:theme]
theme_id = params[:theme_id]
update_components = params[:components]
run_migrations = !params[:skip_migrations]
begin
@theme =
RemoteTheme.update_zipped_theme(
bundle.path,
bundle.original_filename,
user: theme_user,
theme_id:,
update_components:,
run_migrations:,
)
log_theme_change(nil, @theme)
render json: serialize_data(@theme, ThemeSerializer), status: :created
rescue RemoteTheme::ImportError => e
render_json_error e.message
end
else
render_json_error I18n.t("themes.import_error.unknown_file_type"),
status: :unprocessable_entity
end
rescue Theme::SettingsMigrationError => err
render_json_error err.message
end
def index
@themes = Theme.strict_loading.include_relations.order(:name)
@color_schemes =
ColorScheme
.strict_loading
.all
.includes(
:theme,
:base_scheme,
color_scheme_colors: {
color_scheme: {
base_scheme: :color_scheme_colors,
},
},
)
.to_a
payload = {
themes: serialize_data(@themes, ThemeSerializer),
extras: {
color_schemes: serialize_data(@color_schemes, ColorSchemeSerializer),
locale: current_user.effective_locale,
},
}
respond_to { |format| format.json { render json: payload } }
end
def create
Themes::Create.call(
params: theme_params.to_unsafe_h.merge(user_id: theme_user.id),
guardian:,
) do
on_success { |theme:| render json: serialize_data(theme, ThemeSerializer), status: :created }
on_failed_contract do |contract|
render json: failed_json.merge(errors: contract.errors.full_messages), status: :bad_request
end
on_failed_policy(:ensure_remote_themes_are_not_allowlisted) { raise Discourse::InvalidAccess }
on_model_errors { |theme:| render json: theme.errors, status: :unprocessable_entity }
on_model_not_found(:theme) do |result|
raise Discourse::NotFound if !result.exception
render json: failed_json.merge(errors: result.exception.message), status: :bad_request
end
end
end
def update
@theme = Theme.include_relations.find_by(id: params[:id])
raise Discourse::InvalidParameters.new(:id) unless @theme
original_json = ThemeSerializer.new(@theme, root: false).to_json
disables_component = [false, "false"].include?(theme_params[:enabled])
enables_component = [true, "true"].include?(theme_params[:enabled])
if @theme.system? && (theme_params.keys - Theme::EDITABLE_SYSTEM_ATTRIBUTES).present?
raise Discourse::InvalidAccess.new
end
%i[
name
color_scheme_id
dark_color_scheme_id
user_selectable
enabled
auto_update
].each do |field|
@theme.public_send("#{field}=", theme_params[field]) if theme_params.key?(field)
end
@theme.child_theme_ids = theme_params[:child_theme_ids] if theme_params.key?(:child_theme_ids)
@theme.parent_theme_ids = theme_params[:parent_theme_ids] if theme_params.key?(
:parent_theme_ids,
)
set_fields
update_settings
update_translations
handle_switch
@theme.remote_theme.update_remote_version if params[:theme][:remote_check]
if params[:theme][:remote_update]
@theme.remote_theme.update_from_remote(raise_if_theme_save_fails: false)
else
@theme.save
end
respond_to do |format|
if @theme.errors.blank?
update_default_theme
@theme = Theme.include_relations.find(@theme.id)
if (!disables_component && !enables_component) || theme_params.keys.size > 1
log_theme_change(original_json, @theme)
end
log_theme_component_disabled if disables_component
log_theme_component_enabled if enables_component
format.json { render json: serialize_data(@theme, ThemeSerializer), status: :ok }
else
format.json do
error = @theme.errors.full_messages.join(", ").presence
error = I18n.t("themes.bad_color_scheme") if @theme.errors[:color_scheme].present?
error ||= I18n.t("themes.other_error")
render json: { errors: [error] }, status: :unprocessable_entity
end
end
end
rescue RemoteTheme::ImportError => e
render_json_error e.message
rescue Theme::SettingsMigrationError => e
render_json_error e.message
end
def destroy
Themes::Destroy.call(service_params) do
on_success { head :no_content }
on_failed_contract do |contract|
render json: failed_json.merge(errors: contract.errors.full_messages), status: :bad_request
end
on_model_not_found(:theme) { raise Discourse::NotFound }
end
end
def bulk_destroy
Themes::BulkDestroy.call(service_params) do
on_success { head :no_content }
on_failed_contract do |contract|
render json: failed_json.merge(errors: contract.errors.full_messages), status: :bad_request
end
on_model_not_found(:themes) { raise Discourse::NotFound }
end
end
def show
@theme = Theme.include_relations.find_by(id: params[:id])
raise Discourse::InvalidParameters.new(:id) unless @theme
render_serialized(@theme, ThemeSerializer)
end
def export
@theme = Theme.find_by(id: params[:id])
raise Discourse::InvalidParameters.new(:id) unless @theme
exporter = ThemeStore::ZipExporter.new(@theme)
file_path = exporter.package_filename
headers["Content-Length"] = File.size(file_path).to_s
send_data File.read(file_path),
filename: File.basename(file_path),
content_type: "application/zip"
ensure
exporter.cleanup!
end
def get_translations
Themes::GetTranslations.call(service_params) do
on_success { |translations:| render(json: success_json.merge(translations:)) }
on_failed_contract do |contract|
render json: failed_json.merge(errors: contract.errors.full_messages), status: :bad_request
end
on_failed_policy(:validate_locale) { raise Discourse::InvalidParameters.new(:locale) }
on_model_not_found(:theme) { raise Discourse::NotFound }
end
end
def update_single_setting
params.require("name")
@theme = Theme.find_by(id: params[:id])
raise Discourse::InvalidParameters.new(:id) unless @theme
setting_name = params[:name].to_sym
new_value = params[:value] || nil
previous_value = @theme.cached_settings[setting_name]
begin
@theme.update_setting(setting_name, new_value)
rescue Discourse::InvalidParameters => e
return render_json_error e.message
end
@theme.save
log_theme_setting_change(setting_name, previous_value, new_value)
updated_setting = @theme.cached_settings.select { |key, val| key == setting_name }
render json: updated_setting, status: :ok
end
def update_theme_site_setting
Themes::ThemeSiteSettingManager.call(
params: {
theme_id: params[:id],
name: params[:name],
value: params[:value],
},
guardian:,
) do
on_success do |theme_site_setting:|
if theme_site_setting.present?
render json: success_json.merge(theme_site_setting.as_json(only: %i[name value theme_id]))
else
render json: success_json
end
end
on_failed_policy(:current_user_is_admin) { raise Discourse::InvalidAccess }
on_failed_policy(:ensure_setting_is_themeable) do
render_json_error(I18n.t("themes.setting_not_themeable", name: params[:name]), status: 400)
end
on_model_not_found(:theme) { raise Discourse::NotFound }
end
end
def schema
end
def objects_setting_metadata
theme = Theme.find_by(id: params[:id])
raise Discourse::InvalidParameters.new(:id) unless theme
theme_setting = theme.settings[params[:setting_name].to_sym]
raise Discourse::InvalidParameters.new(:setting_name) unless theme_setting
render_serialized(theme_setting, ThemeObjectsSettingMetadataSerializer, root: false)
end
private
def ban_in_allowlist_mode!
raise Discourse::InvalidAccess if !Theme.allowed_remote_theme_ids.nil?
end
def ban_for_remote_theme!
raise Discourse::InvalidAccess if @theme.remote_theme&.is_git?
end
def update_default_theme
if theme_params.key?(:default)
is_default = theme_params[:default].to_s == "true"
if @theme.default? && !is_default
Theme.clear_default!
elsif is_default
@theme.set_default!
end
end
end
def theme_params
@theme_params ||=
begin
# deep munge is a train wreck, work around it for now
params[:theme][:child_theme_ids] ||= [] if params[:theme].key?(:child_theme_ids)
params[:theme][:parent_theme_ids] ||= [] if params[:theme].key?(:parent_theme_ids)
params.require(:theme).permit(
:name,
:color_scheme_id,
:dark_color_scheme_id,
:default,
:user_selectable,
:component,
:enabled,
:auto_update,
:locale,
settings: {
},
translations: {
},
theme_fields: %i[name target value upload_id type_id],
child_theme_ids: [],
parent_theme_ids: [],
)
end
end
def set_fields
return unless fields = theme_params[:theme_fields]
ban_in_allowlist_mode!
ban_for_remote_theme!
fields.each do |field|
@theme.set_field(
target: field[:target],
name: field[:name],
value: field[:value],
type_id: field[:type_id],
upload_id: field[:upload_id],
)
end
end
def update_settings
return unless target_settings = theme_params[:settings]
target_settings.each_pair do |setting_name, new_value|
@theme.update_setting(setting_name.to_sym, new_value)
end
end
def update_translations
return unless target_translations = theme_params[:translations]
locale = theme_params[:locale].presence
if locale
if I18n.available_locales.exclude?(locale.to_sym)
raise Discourse::InvalidParameters.new(:locale)
end
I18n.locale = locale
end
target_translations.each_pair do |translation_key, new_value|
@theme.update_translation(translation_key, new_value)
end
end
def log_theme_change(old_record, new_record)
StaffActionLogger.new(current_user).log_theme_change(old_record, new_record)
end
def log_theme_setting_change(setting_name, previous_value, new_value)
StaffActionLogger.new(current_user).log_theme_setting_change(
setting_name,
previous_value,
new_value,
@theme,
)
end
def log_theme_component_disabled
StaffActionLogger.new(current_user).log_theme_component_disabled(@theme)
end
def log_theme_component_enabled
StaffActionLogger.new(current_user).log_theme_component_enabled(@theme)
end
def handle_switch
param = theme_params[:component]
if param.to_s == "false" && @theme.component?
if @theme.id == SiteSetting.default_theme_id
raise Discourse::InvalidParameters.new(:component)
end
@theme.switch_to_theme!
elsif param.to_s == "true" && !@theme.component?
if @theme.id == SiteSetting.default_theme_id
raise Discourse::InvalidParameters.new(:component)
end
@theme.switch_to_component!
end
end
# Overridden by theme-creator plugin
def theme_user
current_user
end
def ensure_theme_creation_is_allowed
guardian.ensure_can_create_theme!
end
end
View git blame Copy permalink