mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-17 20:44:28 +08:00
19af83d39e
This commit introduces the concept of themeable site settings,
which is a new tool for theme authors that lives alongside theme
modifiers and theme settings. Here is a quick summary:
* Theme settings - These are custom settings used to control UI and functionality within your theme or component and provide configuration options. These cannot change core Discourse functionality.
* Theme modifiers - Allows a theme or a component to modify selected server-side functionality of core Discourse as an alternative to building a plugin.
* Themeable site settings (new) - Allows a theme (not components) to override a small subset of core site settings, which generally control parts of the UI and other minor functionality. This allows themes to have a greater control over the full site experience.
Themeable site settings will be shown for all themes, whether the theme
changes
the value or not, and have a similar UI to custom theme settings.
We are also introducing a new page at
`/admin/config/theme-site-settings` that
allows admins to see all possible themeable site settings, and which
themes
are changing the value from the default.
### Configuration
Theme authors can configure initial values themeable site settings using
a section in the `about.json` file like so:
```json
"theme_site_settings": {
"search_experience": "search_field"
}
```
These values will not change when the theme updates, because we cannot
know if admins have manually changed them.
### Limitations
Themeable site settings are only really intended to control elements of
the UI, and when retrieving their value we require a theme ID, so these
limitations apply:
- Themeable site settings cannot be used in Sidekiq jobs
- Themeable site settings cannot be used in markdown rules
- Themeable site settings will be cached separately to client site
settings using theme ID as a key
- Themeable site settings will override keys on the `siteSettings`
service on the client using the application preloader
- `SiteSetting.client_settings_json` will not include themeable site
settings, instead you can call `SiteSetting.theme_site_settings_json`
with a theme ID
### Initial settings
There are only two site settings that will be themeable to begin with:
* `enable_welcome_banner`
* `search_experience`
And our new Horizon theme will take advantage of both. Over time, more
settings that control elements of the UI will be exposed this way.
537 lines
16 KiB
Ruby
537 lines
16 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "base64"
|
|
|
|
class Admin::ThemesController < Admin::AdminController
|
|
MAX_REMOTE_LENGTH = 10_000
|
|
|
|
skip_before_action :check_xhr, only: %i[show preview export]
|
|
before_action :ensure_admin
|
|
before_action :ensure_theme_creation_is_allowed, only: %i[create import]
|
|
|
|
def preview
|
|
theme = Theme.find_by(id: params[:id])
|
|
raise Discourse::InvalidParameters.new(:id) unless theme
|
|
|
|
redirect_to path("/?preview_theme_id=#{theme.id}")
|
|
end
|
|
|
|
def upload_asset
|
|
ban_in_allowlist_mode!
|
|
|
|
path = params[:file].path
|
|
|
|
hijack do
|
|
File.open(path) do |file|
|
|
filename = params[:file]&.original_filename || File.basename(path)
|
|
upload = UploadCreator.new(file, filename, for_theme: true).create_for(theme_user.id)
|
|
if upload.errors.count > 0
|
|
render_json_error upload
|
|
else
|
|
render json: { upload_id: upload.id }, status: :created
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
def generate_key_pair
|
|
require "sshkey"
|
|
k = SSHKey.generate
|
|
Discourse.redis.setex("ssh_key_#{k.ssh_public_key}", 1.hour, k.private_key)
|
|
render json: { public_key: k.ssh_public_key }
|
|
end
|
|
|
|
THEME_CONTENT_TYPES = %w[
|
|
application/gzip
|
|
application/x-gzip
|
|
application/x-zip-compressed
|
|
application/zip
|
|
]
|
|
|
|
def import
|
|
@theme = nil
|
|
if params[:theme] && params[:theme].content_type == "application/json"
|
|
ban_in_allowlist_mode!
|
|
|
|
# .dcstyle.json import. Deprecated, but still available to allow conversion
|
|
json = JSON.parse(params[:theme].read)
|
|
theme = json["theme"]
|
|
|
|
@theme = Theme.new(name: theme["name"], user_id: theme_user.id, auto_update: false)
|
|
theme["theme_fields"]&.each do |field|
|
|
if field["raw_upload"]
|
|
begin
|
|
tmp = Tempfile.new
|
|
tmp.binmode
|
|
file = Base64.decode64(field["raw_upload"])
|
|
tmp.write(file)
|
|
tmp.rewind
|
|
upload = UploadCreator.new(tmp, field["filename"]).create_for(theme_user.id)
|
|
field["upload_id"] = upload.id
|
|
ensure
|
|
tmp.unlink
|
|
end
|
|
end
|
|
|
|
@theme.set_field(
|
|
target: field["target"],
|
|
name: field["name"],
|
|
value: field["value"],
|
|
type_id: field["type_id"],
|
|
upload_id: field["upload_id"],
|
|
)
|
|
end
|
|
|
|
if @theme.save
|
|
log_theme_change(nil, @theme)
|
|
render json: serialize_data(@theme, ThemeSerializer), status: :created
|
|
else
|
|
render json: @theme.errors, status: :unprocessable_entity
|
|
end
|
|
elsif remote = params[:remote]
|
|
if remote.length > MAX_REMOTE_LENGTH
|
|
error =
|
|
I18n.t("themes.import_error.not_allowed_theme", { repo: remote[0..MAX_REMOTE_LENGTH] })
|
|
return render_json_error(error, status: 422)
|
|
end
|
|
|
|
begin
|
|
guardian.ensure_allowed_theme_repo_import!(remote.strip)
|
|
rescue Discourse::InvalidAccess
|
|
render_json_error I18n.t("themes.import_error.not_allowed_theme", { repo: remote.strip }),
|
|
status: :forbidden
|
|
return
|
|
end
|
|
|
|
hijack do
|
|
begin
|
|
branch = params[:branch] ? params[:branch] : nil
|
|
private_key =
|
|
params[:public_key] ? Discourse.redis.get("ssh_key_#{params[:public_key]}") : nil
|
|
if params[:public_key].present? && private_key.blank?
|
|
return render_json_error I18n.t("themes.import_error.ssh_key_gone")
|
|
end
|
|
|
|
@theme =
|
|
RemoteTheme.import_theme(remote, theme_user, private_key: private_key, branch: branch)
|
|
render json: serialize_data(@theme, ThemeSerializer), status: :created
|
|
rescue RemoteTheme::ImportError => e
|
|
if params[:force]
|
|
theme_name = params[:remote].gsub(/.git\z/, "").split("/").last
|
|
|
|
remote_theme = RemoteTheme.new
|
|
remote_theme.private_key = private_key
|
|
remote_theme.branch = params[:branch] ? params[:branch] : nil
|
|
remote_theme.remote_url = params[:remote]
|
|
remote_theme.save!
|
|
|
|
@theme = Theme.new(user_id: theme_user&.id || -1, name: theme_name)
|
|
@theme.remote_theme = remote_theme
|
|
@theme.save!
|
|
|
|
render json: serialize_data(@theme, ThemeSerializer), status: :created
|
|
else
|
|
render_json_error e.message
|
|
end
|
|
end
|
|
end
|
|
elsif params[:bundle] ||
|
|
(params[:theme] && THEME_CONTENT_TYPES.include?(params[:theme].content_type))
|
|
ban_in_allowlist_mode!
|
|
|
|
# params[:bundle] used by theme CLI. params[:theme] used by admin UI
|
|
bundle = params[:bundle] || params[:theme]
|
|
theme_id = params[:theme_id]
|
|
update_components = params[:components]
|
|
run_migrations = !params[:skip_migrations]
|
|
|
|
begin
|
|
@theme =
|
|
RemoteTheme.update_zipped_theme(
|
|
bundle.path,
|
|
bundle.original_filename,
|
|
user: theme_user,
|
|
theme_id:,
|
|
update_components:,
|
|
run_migrations:,
|
|
)
|
|
|
|
log_theme_change(nil, @theme)
|
|
render json: serialize_data(@theme, ThemeSerializer), status: :created
|
|
rescue RemoteTheme::ImportError => e
|
|
render_json_error e.message
|
|
end
|
|
else
|
|
render_json_error I18n.t("themes.import_error.unknown_file_type"),
|
|
status: :unprocessable_entity
|
|
end
|
|
rescue Theme::SettingsMigrationError => err
|
|
render_json_error err.message
|
|
end
|
|
|
|
def index
|
|
@themes = Theme.strict_loading.include_relations.order(:name)
|
|
|
|
@color_schemes =
|
|
ColorScheme
|
|
.strict_loading
|
|
.all
|
|
.without_theme_owned_palettes
|
|
.includes(:theme, color_scheme_colors: :color_scheme)
|
|
.to_a
|
|
|
|
payload = {
|
|
themes: serialize_data(@themes, ThemeSerializer),
|
|
extras: {
|
|
color_schemes: serialize_data(@color_schemes, ColorSchemeSerializer),
|
|
locale: current_user.effective_locale,
|
|
},
|
|
}
|
|
|
|
respond_to { |format| format.json { render json: payload } }
|
|
end
|
|
|
|
def create
|
|
Themes::Create.call(
|
|
params: theme_params.to_unsafe_h.merge(user_id: theme_user.id),
|
|
guardian:,
|
|
) do
|
|
on_success { |theme:| render json: serialize_data(theme, ThemeSerializer), status: :created }
|
|
on_failed_contract do |contract|
|
|
render json: failed_json.merge(errors: contract.errors.full_messages), status: 400
|
|
end
|
|
on_failed_policy(:ensure_remote_themes_are_not_allowlisted) { raise Discourse::InvalidAccess }
|
|
on_model_errors { |theme:| render json: theme.errors, status: :unprocessable_entity }
|
|
on_model_not_found(:theme) do |result|
|
|
raise Discourse::NotFound if !result.exception
|
|
render json: failed_json.merge(errors: result.exception.message), status: 400
|
|
end
|
|
end
|
|
end
|
|
|
|
def update
|
|
@theme = Theme.include_relations.find_by(id: params[:id])
|
|
raise Discourse::InvalidParameters.new(:id) unless @theme
|
|
|
|
original_json = ThemeSerializer.new(@theme, root: false).to_json
|
|
disables_component = [false, "false"].include?(theme_params[:enabled])
|
|
enables_component = [true, "true"].include?(theme_params[:enabled])
|
|
|
|
if @theme.system? && (theme_params.keys - Theme::EDITABLE_SYSTEM_ATTRIBUTES).present?
|
|
raise Discourse::InvalidAccess.new
|
|
end
|
|
|
|
%i[name color_scheme_id user_selectable enabled auto_update].each do |field|
|
|
@theme.public_send("#{field}=", theme_params[field]) if theme_params.key?(field)
|
|
end
|
|
|
|
@theme.child_theme_ids = theme_params[:child_theme_ids] if theme_params.key?(:child_theme_ids)
|
|
|
|
@theme.parent_theme_ids = theme_params[:parent_theme_ids] if theme_params.key?(
|
|
:parent_theme_ids,
|
|
)
|
|
|
|
set_fields
|
|
update_settings
|
|
update_translations
|
|
handle_switch
|
|
|
|
@theme.remote_theme.update_remote_version if params[:theme][:remote_check]
|
|
|
|
if params[:theme][:remote_update]
|
|
@theme.remote_theme.update_from_remote(raise_if_theme_save_fails: false)
|
|
else
|
|
@theme.save
|
|
end
|
|
|
|
respond_to do |format|
|
|
if @theme.errors.blank?
|
|
update_default_theme
|
|
|
|
@theme = Theme.include_relations.find(@theme.id)
|
|
|
|
if (!disables_component && !enables_component) || theme_params.keys.size > 1
|
|
log_theme_change(original_json, @theme)
|
|
end
|
|
log_theme_component_disabled if disables_component
|
|
log_theme_component_enabled if enables_component
|
|
|
|
format.json { render json: serialize_data(@theme, ThemeSerializer), status: :ok }
|
|
else
|
|
format.json do
|
|
error = @theme.errors.full_messages.join(", ").presence
|
|
error = I18n.t("themes.bad_color_scheme") if @theme.errors[:color_scheme].present?
|
|
error ||= I18n.t("themes.other_error")
|
|
|
|
render json: { errors: [error] }, status: :unprocessable_entity
|
|
end
|
|
end
|
|
end
|
|
rescue RemoteTheme::ImportError => e
|
|
render_json_error e.message
|
|
rescue Theme::SettingsMigrationError => e
|
|
render_json_error e.message
|
|
end
|
|
|
|
def destroy
|
|
Themes::Destroy.call(service_params) do
|
|
on_success { render json: {}, status: :no_content }
|
|
on_failed_contract do |contract|
|
|
render json: failed_json.merge(errors: contract.errors.full_messages), status: 400
|
|
end
|
|
on_model_not_found(:theme) { raise Discourse::NotFound }
|
|
end
|
|
end
|
|
|
|
def bulk_destroy
|
|
Themes::BulkDestroy.call(service_params) do
|
|
on_success { render json: {}, status: :no_content }
|
|
on_failed_contract do |contract|
|
|
render json: failed_json.merge(errors: contract.errors.full_messages), status: 400
|
|
end
|
|
on_model_not_found(:themes) { raise Discourse::NotFound }
|
|
end
|
|
end
|
|
|
|
def show
|
|
@theme = Theme.include_relations.find_by(id: params[:id])
|
|
raise Discourse::InvalidParameters.new(:id) unless @theme
|
|
|
|
render_serialized(@theme, ThemeSerializer)
|
|
end
|
|
|
|
def export
|
|
@theme = Theme.find_by(id: params[:id])
|
|
raise Discourse::InvalidParameters.new(:id) unless @theme
|
|
|
|
exporter = ThemeStore::ZipExporter.new(@theme)
|
|
file_path = exporter.package_filename
|
|
|
|
headers["Content-Length"] = File.size(file_path).to_s
|
|
send_data File.read(file_path),
|
|
filename: File.basename(file_path),
|
|
content_type: "application/zip"
|
|
ensure
|
|
exporter.cleanup!
|
|
end
|
|
|
|
def get_translations
|
|
Themes::GetTranslations.call(service_params) do
|
|
on_success { |translations:| render(json: success_json.merge(translations:)) }
|
|
on_failed_contract do |contract|
|
|
render json: failed_json.merge(errors: contract.errors.full_messages), status: 400
|
|
end
|
|
on_failed_policy(:validate_locale) { raise Discourse::InvalidParameters.new(:locale) }
|
|
on_model_not_found(:theme) { raise Discourse::NotFound }
|
|
end
|
|
end
|
|
|
|
def update_single_setting
|
|
params.require("name")
|
|
@theme = Theme.find_by(id: params[:id])
|
|
raise Discourse::InvalidParameters.new(:id) unless @theme
|
|
|
|
setting_name = params[:name].to_sym
|
|
new_value = params[:value] || nil
|
|
|
|
previous_value = @theme.cached_settings[setting_name]
|
|
|
|
begin
|
|
@theme.update_setting(setting_name, new_value)
|
|
rescue Discourse::InvalidParameters => e
|
|
return render_json_error e.message
|
|
end
|
|
|
|
@theme.save
|
|
|
|
log_theme_setting_change(setting_name, previous_value, new_value)
|
|
|
|
updated_setting = @theme.cached_settings.select { |key, val| key == setting_name }
|
|
render json: updated_setting, status: :ok
|
|
end
|
|
|
|
def update_theme_site_setting
|
|
Themes::ThemeSiteSettingManager.call(
|
|
params: {
|
|
theme_id: params[:id],
|
|
name: params[:name],
|
|
value: params[:value],
|
|
},
|
|
guardian:,
|
|
) do
|
|
on_success do |theme_site_setting:|
|
|
if theme_site_setting.present?
|
|
render json: success_json.merge(theme_site_setting.as_json(only: %i[name value theme_id]))
|
|
else
|
|
render json: success_json
|
|
end
|
|
end
|
|
on_failed_policy(:current_user_is_admin) { raise Discourse::InvalidAccess }
|
|
on_failed_policy(:ensure_setting_is_themeable) do
|
|
render_json_error(I18n.t("themes.setting_not_themeable", name: params[:name]), status: 400)
|
|
end
|
|
on_model_not_found(:theme) { raise Discourse::NotFound }
|
|
end
|
|
end
|
|
|
|
def schema
|
|
end
|
|
|
|
def objects_setting_metadata
|
|
theme = Theme.find_by(id: params[:id])
|
|
raise Discourse::InvalidParameters.new(:id) unless theme
|
|
|
|
theme_setting = theme.settings[params[:setting_name].to_sym]
|
|
raise Discourse::InvalidParameters.new(:setting_name) unless theme_setting
|
|
|
|
render_serialized(theme_setting, ThemeObjectsSettingMetadataSerializer, root: false)
|
|
end
|
|
|
|
def change_colors
|
|
raise Discourse::InvalidAccess if params[:id].to_i.negative?
|
|
theme = Theme.find_by(id: params[:id], component: false)
|
|
raise Discourse::NotFound if !theme
|
|
|
|
palette = theme.find_or_create_owned_color_palette
|
|
|
|
colors = params.permit(colors: %i[name hex dark_hex])
|
|
|
|
ColorSchemeRevisor.revise_existing_colors_only(palette, colors)
|
|
|
|
render_serialized(palette, ColorSchemeSerializer, root: false)
|
|
end
|
|
|
|
private
|
|
|
|
def ban_in_allowlist_mode!
|
|
raise Discourse::InvalidAccess if !Theme.allowed_remote_theme_ids.nil?
|
|
end
|
|
|
|
def ban_for_remote_theme!
|
|
raise Discourse::InvalidAccess if @theme.remote_theme&.is_git?
|
|
end
|
|
|
|
def update_default_theme
|
|
if theme_params.key?(:default)
|
|
is_default = theme_params[:default].to_s == "true"
|
|
if @theme.default? && !is_default
|
|
Theme.clear_default!
|
|
elsif is_default
|
|
@theme.set_default!
|
|
end
|
|
end
|
|
end
|
|
|
|
def theme_params
|
|
@theme_params ||=
|
|
begin
|
|
# deep munge is a train wreck, work around it for now
|
|
params[:theme][:child_theme_ids] ||= [] if params[:theme].key?(:child_theme_ids)
|
|
params[:theme][:parent_theme_ids] ||= [] if params[:theme].key?(:parent_theme_ids)
|
|
|
|
params.require(:theme).permit(
|
|
:name,
|
|
:color_scheme_id,
|
|
:default,
|
|
:user_selectable,
|
|
:component,
|
|
:enabled,
|
|
:auto_update,
|
|
:locale,
|
|
settings: {
|
|
},
|
|
translations: {
|
|
},
|
|
theme_fields: %i[name target value upload_id type_id],
|
|
child_theme_ids: [],
|
|
parent_theme_ids: [],
|
|
)
|
|
end
|
|
end
|
|
|
|
def set_fields
|
|
return unless fields = theme_params[:theme_fields]
|
|
|
|
ban_in_allowlist_mode!
|
|
ban_for_remote_theme!
|
|
|
|
fields.each do |field|
|
|
@theme.set_field(
|
|
target: field[:target],
|
|
name: field[:name],
|
|
value: field[:value],
|
|
type_id: field[:type_id],
|
|
upload_id: field[:upload_id],
|
|
)
|
|
end
|
|
end
|
|
|
|
def update_settings
|
|
return unless target_settings = theme_params[:settings]
|
|
|
|
target_settings.each_pair do |setting_name, new_value|
|
|
@theme.update_setting(setting_name.to_sym, new_value)
|
|
end
|
|
end
|
|
|
|
def update_translations
|
|
return unless target_translations = theme_params[:translations]
|
|
|
|
locale = theme_params[:locale].presence
|
|
if locale
|
|
if I18n.available_locales.exclude?(locale.to_sym)
|
|
raise Discourse::InvalidParameters.new(:locale)
|
|
end
|
|
I18n.locale = locale
|
|
end
|
|
|
|
target_translations.each_pair do |translation_key, new_value|
|
|
@theme.update_translation(translation_key, new_value)
|
|
end
|
|
end
|
|
|
|
def log_theme_change(old_record, new_record)
|
|
StaffActionLogger.new(current_user).log_theme_change(old_record, new_record)
|
|
end
|
|
|
|
def log_theme_setting_change(setting_name, previous_value, new_value)
|
|
StaffActionLogger.new(current_user).log_theme_setting_change(
|
|
setting_name,
|
|
previous_value,
|
|
new_value,
|
|
@theme,
|
|
)
|
|
end
|
|
|
|
def log_theme_component_disabled
|
|
StaffActionLogger.new(current_user).log_theme_component_disabled(@theme)
|
|
end
|
|
|
|
def log_theme_component_enabled
|
|
StaffActionLogger.new(current_user).log_theme_component_enabled(@theme)
|
|
end
|
|
|
|
def handle_switch
|
|
param = theme_params[:component]
|
|
if param.to_s == "false" && @theme.component?
|
|
if @theme.id == SiteSetting.default_theme_id
|
|
raise Discourse::InvalidParameters.new(:component)
|
|
end
|
|
@theme.switch_to_theme!
|
|
elsif param.to_s == "true" && !@theme.component?
|
|
if @theme.id == SiteSetting.default_theme_id
|
|
raise Discourse::InvalidParameters.new(:component)
|
|
end
|
|
@theme.switch_to_component!
|
|
end
|
|
end
|
|
|
|
# Overridden by theme-creator plugin
|
|
def theme_user
|
|
current_user
|
|
end
|
|
|
|
def ensure_theme_creation_is_allowed
|
|
guardian.ensure_can_create_theme!
|
|
end
|
|
end
|
