From 2db0db7aefcde7c27900c612cd087dc97486caa8 Mon Sep 17 00:00:00 2001
From: rulingcom <orbit@rulingcom.com>
Date: Tue, 15 Apr 2025 18:09:47 +0800
Subject: [PATCH] added new stuff for thank you and security

---
 .../admin/ask_acknowledgements_controller.rb  | 41 ++++++++++++---
 app/controllers/admin/asks_controller.rb      | 34 +++++++++++--
 app/controllers/asks_controller.rb            |  8 +--
 app/helpers/admin/asks_helper.rb              |  4 ++
 .../admin/ask_acknowledgements/_form.html.erb | 16 ++++++
 .../admin/ask_acknowledgements/edit.html.erb  | 16 ++++++
 .../admin/ask_acknowledgements/index.html.erb | 51 +++++++++----------
 .../admin/ask_acknowledgements/new.html.erb   | 16 ++++++
 app/views/admin/asks/_form.html.erb           |  2 +-
 app/views/asks/_history.html.erb              |  2 +-
 app/views/asks/thank.html.erb                 |  8 +--
 config/routes.rb                              |  1 +
 12 files changed, 151 insertions(+), 48 deletions(-)
 create mode 100644 app/views/admin/ask_acknowledgements/_form.html.erb
 create mode 100644 app/views/admin/ask_acknowledgements/edit.html.erb
 create mode 100644 app/views/admin/ask_acknowledgements/new.html.erb

diff --git a/app/controllers/admin/ask_acknowledgements_controller.rb b/app/controllers/admin/ask_acknowledgements_controller.rb
index dfc760c..836f036 100644
--- a/app/controllers/admin/ask_acknowledgements_controller.rb
+++ b/app/controllers/admin/ask_acknowledgements_controller.rb
@@ -7,15 +7,44 @@ class Admin::AskAcknowledgementsController < OrbitAdminController
   end
 
   def index
-    @ask_acknowledgements = AskAcknowledgement.first || AskAcknowledgement.create
-    @url = admin_ask_acknowledgement_path(@ask_acknowledgements)
-    @categories = @module_app.categories.map{|cat| [cat.title, cat.id.to_s]}
+    @ask_acknowledgements = AskAcknowledgement.where(:category_id.ne => nil).page(params[:page]).per(10)
   end
 
-  def update
-    @ask_acknowledgements = AskAcknowledgement.first
-    @ask_acknowledgements.update_attributes(params.require(:ask_acknowledgement).permit!)
+  def new
+    @ask_acknowledgement = AskAcknowledgement.new
+    cats = @module_app.categories.pluck(:id).map(&:to_s)
+    used_cats = AskAcknowledgement.pluck(:category_id).compact
+    unused_cats = cats - used_cats
+    @categories = @module_app.categories.find(unused_cats).map{|cat| [cat.title, cat.id.to_s]}
+  end
+
+  def edit
+    @ask_acknowledgement = AskAcknowledgement.find(params[:id])
+  end
+
+  def create
+    ask_ack = AskAcknowledgement.new(ack_params)
+    ask_ack.save
     redirect_to admin_ask_acknowledgements_path, notice: t('ask.save_success')
   end
 
+  def update
+    @ask_acknowledgement = AskAcknowledgement.find(params[:id])
+    @ask_acknowledgement.update_attributes(ack_params)
+    redirect_to admin_ask_acknowledgements_path, notice: t('ask.save_success')
+  end
+
+  def destroy
+    @ask_acknowledgement = AskAcknowledgement.find(params[:id])
+    @ask_acknowledgement.delete
+    redirect_to admin_ask_acknowledgements_path, notice: t('ask.delete_success')
+  end
+
+
+  private
+
+  def ack_params
+    params.require(:ask_acknowledgement).permit!
+  end
+
 end
diff --git a/app/controllers/admin/asks_controller.rb b/app/controllers/admin/asks_controller.rb
index 32d3e80..3ef4fa9 100644
--- a/app/controllers/admin/asks_controller.rb
+++ b/app/controllers/admin/asks_controller.rb
@@ -221,7 +221,7 @@ class Admin::AsksController < OrbitAdminController
   def get_category_setting_field
     @default_ask_setting = AskSetting.first
     ask_setting = AskCategorySetting.find(params['id'])
-    render partial: 'category_setting_field',locals: {ask_setting: ask_setting} 
+    render partial: 'category_setting_field',locals: {ask_setting: ask_setting}
   end
   def category_print_setting_delete
     print_setting = AskCategoryPrintSetting.find(params['id'])
@@ -378,7 +378,7 @@ class Admin::AsksController < OrbitAdminController
       if !file.blank?
         if v['type']=='image'
           all_to_save += [[k,AskImage.new(file: file,ask_question_id: @ask_question.id)]]
-        else 
+        else
           all_to_save += [[k,AskFile.new(file: file,ask_question_id: @ask_question.id)]]
         end
       else
@@ -608,12 +608,40 @@ class Admin::AsksController < OrbitAdminController
     end
     render :json => {:success=>true}
   end
+
+  def download_file
+		ask_status_id = params[:ask_status_id]
+		obj = AskStatusHistory.find(ask_status_id) rescue nil
+    if obj.nil?
+      obj = AskFile.find(ask_status_id) rescue nil
+    end
+		if !obj.nil? && obj.file.present?
+			@url = obj.file.url
+			begin
+				@path = obj.file.file.file rescue ""
+				@filename = File.basename(@path)
+				@ext = @filename.split(".").last
+        if (current_site.accessibility_mode rescue false)
+          render "redirect_to_file",:layout=>false
+        else
+          user_agent = request.user_agent.downcase
+          @escaped_file_name = user_agent.match(/(msie|trident)/) ? CGI::escape(@filename) : @filename
+          send_file(@path, :type=>"application/octet-stream", :filename => @escaped_file_name, :x_sendfile=> true)
+        end
+			rescue
+				redirect_to @url
+			end
+		else
+			render :file => "#{Rails.root}/app/views/errors/404.html", :layout => false, :status => :not_found
+		end
+	end
+
   private
     def ask_setting_params(ask_setting,collection_name, except_customs=[])
       param = params.require(collection_name).except("id").permit!
       param_clone = param.clone
       param_clone['default_setting'].each { |k, v| param_clone['default_setting'][k] = (v == 'true'? true : false) if param_clone['default_setting'][k].class==String}
-      param_clone['default_setting_required'].each { |k, v| param_clone['default_setting_required'][k] = (v == 'true'? true : false) if param_clone['default_setting_required'][k].class==String} 
+      param_clone['default_setting_required'].each { |k, v| param_clone['default_setting_required'][k] = (v == 'true'? true : false) if param_clone['default_setting_required'][k].class==String}
       param_clone.delete('custom_fields')
       param_clone.delete('email_regex') unless collection_name == 'ask_setting'
       ask_setting.custom_fields_will_change!
diff --git a/app/controllers/asks_controller.rb b/app/controllers/asks_controller.rb
index 5486c3f..9b0c81c 100644
--- a/app/controllers/asks_controller.rb
+++ b/app/controllers/asks_controller.rb
@@ -481,7 +481,7 @@ class AsksController < ApplicationController
       if @must_verify_email
         redirect_to "#{params[:referer_url]}?method=see_email"
       else
-        redirect_to "#{params[:referer_url]}?method=thank"
+        redirect_to "#{params[:referer_url]}?method=thank&category=#{params['ask_question']['category_id']}"
       end
     else
       redirect_to "#{params[:referer_url]}?method=sorry"
@@ -489,9 +489,10 @@ class AsksController < ApplicationController
   end
 
   def thank
-    acknowledgement = AskAcknowledgement.last
+    acknowledgement = AskAcknowledgement.where(:category_id => params['category']).first rescue nil
+    content = acknowledgement.nil? ? t('ask.thank_text') : acknowledgement.content
     {
-      "acknowledgement" => acknowledgement
+      "content" => content[I18n.locale]
     }
   end
 
@@ -650,6 +651,7 @@ class AsksController < ApplicationController
   def create_params
     params.require(:ask_question).permit!
   end
+
   private
     def cal_form_from_setting(ask_setting,categories,show_categories=false,filter_fields=nil)
       is_cat_record = (ask_setting.class == AskCategorySetting)
diff --git a/app/helpers/admin/asks_helper.rb b/app/helpers/admin/asks_helper.rb
index 83cbe3e..df2a393 100644
--- a/app/helpers/admin/asks_helper.rb
+++ b/app/helpers/admin/asks_helper.rb
@@ -341,6 +341,10 @@ module Admin::AsksHelper
         file_value = value[0] rescue nil
         file_path = value[1] rescue nil
         file_required = v['required']=='true'
+        if file_path
+          file_path = file_path.match(%r{/uploads/ask_file/file/([^/]+)/})[1]
+          file_path = "/#{I18n.locale}/admin/asks/#{file_path}/download"
+        end
         readonly ? (file_path ? "<a href=\"#{file_path}\" title=\"file\">#{file_value}</a>".html_safe : "") : "<div class=\"file-selector\"><label class=\"ui-button\">
                                 #{file_field_tag(field_name, {:data => {:src => file_path}, style: "position: absolute;width:0.1em;opacity: 0;padding: 0;border: 0;opacity: 0;left: 50%;top: 0;", :class => 'upload', :required => file_required, value: file_value, accept: ".doc,.docx,.xls,.xlsx,.ppt,.pptx,.txt,.pdf,.jpg,.jpeg,.bmp,.gif,.png,.odf,.ods,.odt",
                                 onchange: "
diff --git a/app/views/admin/ask_acknowledgements/_form.html.erb b/app/views/admin/ask_acknowledgements/_form.html.erb
new file mode 100644
index 0000000..86baa31
--- /dev/null
+++ b/app/views/admin/ask_acknowledgements/_form.html.erb
@@ -0,0 +1,16 @@
+<% if controller.action_name == "new" %>
+  <div class="control-group">
+    <%= f.label :content, t('category'), class: 'control-label' %>
+    <%= f.select :category_id, options_for_select(@categories) %>
+  </div>
+<% end %>
+<div class="control-group">
+  <%= f.label :content, t('ask.acknowledgements'), class: 'control-label' %>
+  <%= multiple_lang_tag_for_ask(nil,'text_area','content',@ask_acknowledgement.content,{:class=>'ckeditor',placeholder: t('ask.acknowledgements'),rows:10},nil,{'class' => 'controls','style'=>'display: flex;flex-direction: column-reverse;'})
+  %>
+</div>
+<div class="form-actions">
+  <%= f.submit t('submit'), class: 'btn btn-primary' %>
+  <%= f.button t('cancel'), type: 'button', class: 'btn', onclick: 'history.back();' %>
+</div>
+ 
\ No newline at end of file
diff --git a/app/views/admin/ask_acknowledgements/edit.html.erb b/app/views/admin/ask_acknowledgements/edit.html.erb
new file mode 100644
index 0000000..cea0651
--- /dev/null
+++ b/app/views/admin/ask_acknowledgements/edit.html.erb
@@ -0,0 +1,16 @@
+<%
+  set_input_name_for_ask('ask_acknowledgement')
+%>
+<style type="text/css">
+  .tab-content{
+    display: none;
+  }
+  .tab-content.active{
+    display: block;
+  }
+</style>
+<div id="ask-acknowledgements">
+  <%= form_for @ask_acknowledgement, :url => {:action => "update"}, html: { class: 'form-horizontal' } do |f| %>
+    <%= render :partial=> "form", locals: {f: f} %>
+  <% end %>
+</div>
\ No newline at end of file
diff --git a/app/views/admin/ask_acknowledgements/index.html.erb b/app/views/admin/ask_acknowledgements/index.html.erb
index dbefed0..4e94a94 100644
--- a/app/views/admin/ask_acknowledgements/index.html.erb
+++ b/app/views/admin/ask_acknowledgements/index.html.erb
@@ -1,28 +1,23 @@
-<%
-  set_input_name_for_ask('ask_acknowledgement')
-%>
-<style type="text/css">
-  .tab-content{
-    display: none;
-  }
-  .tab-content.active{
-    display: block;
-  }
-</style>
-<div id="ask-acknowledgements">
-  <%= form_for @ask_acknowledgements, url:  @url, html: { class: 'form-horizontal' } do |f| %>
-    <div class="control-group">
-      <%= f.label :content, t('category'), class: 'control-label' %>
-      <%= f.select :category_id, options_for_select(@categories) %>
-    </div>
-    <div class="control-group">
-      <%= f.label :content, t('ask.acknowledgements'), class: 'control-label' %>
-      <%= multiple_lang_tag_for_ask(nil,'text_area','content',@ask_acknowledgements.content,{:class=>'ckeditor',placeholder: t('ask.acknowledgements'),rows:10},nil,{'class' => 'controls','style'=>'display: flex;flex-direction: column-reverse;'})
-      %>
-    </div>
-    <div class="form-actions">
-      <%= f.submit t('submit'), class: 'btn btn-primary' %>
-      <%= f.button t('cancel'), type: 'reset', class: 'btn' %>
-    </div>
-  <% end %>
-</div>
\ No newline at end of file
+<table class="table main-list">
+  <thead>
+    <th><%= t("category") %></th>
+    <th><%= t("_action") %></th>
+  </thead>
+  <tbody>
+    <% @ask_acknowledgements.each do |ask| %>
+      <tr>
+        <td><%= link_to(Category.find(ask.category_id).title, edit_admin_ask_acknowledgement_path(ask)) %></td>
+        <td>
+          <%= link_to 'Delete', admin_ask_acknowledgement_path(ask), method: :delete, data: { confirm: 'Are you sure?'}, :class => "btn btn-danger" %>
+        </td>
+      </tr>
+    <% end %>
+  </tbody>
+</table>
+
+<%=
+  content_tag :div, class: "bottomnav clearfix" do
+    content_tag(:div, paginate(@ask_acknowledgements), class: "pagination pagination-centered") +
+    content_tag(:div, link_to(t(:new_),new_admin_ask_acknowledgement_path, :class=>"btn btn-success"), class: "pull-right")
+  end
+%>
\ No newline at end of file
diff --git a/app/views/admin/ask_acknowledgements/new.html.erb b/app/views/admin/ask_acknowledgements/new.html.erb
new file mode 100644
index 0000000..8c8267a
--- /dev/null
+++ b/app/views/admin/ask_acknowledgements/new.html.erb
@@ -0,0 +1,16 @@
+<%
+  set_input_name_for_ask('ask_acknowledgement')
+%>
+<style type="text/css">
+  .tab-content{
+    display: none;
+  }
+  .tab-content.active{
+    display: block;
+  }
+</style>
+<div id="ask-acknowledgements">
+  <%= form_for @ask_acknowledgement, :url => {:action => "create"}, html: { class: 'form-horizontal' } do |f| %>
+    <%= render :partial=> "form", locals: {f: f} %>
+  <% end %>
+</div>
\ No newline at end of file
diff --git a/app/views/admin/asks/_form.html.erb b/app/views/admin/asks/_form.html.erb
index 6e70a04..3ddd517 100644
--- a/app/views/admin/asks/_form.html.erb
+++ b/app/views/admin/asks/_form.html.erb
@@ -201,7 +201,7 @@
                     <%= ask_status_history.comment %>
                   </td>
                   <td>
-                    <%= link_to(ask_status_history[:file], ask_status_history.file.url) if ask_status_history.file.present? %>
+                    <%= link_to(ask_status_history[:file], "/#{I18n.locale}/admin/asks/#{ask_status_history.id.to_s}/download") if ask_status_history.file.present? %>
                   </td>
                   <td>
                     <%= ask_status_history.created_at.strftime("%Y-%m-%d %H:%M:%S") %>
diff --git a/app/views/asks/_history.html.erb b/app/views/asks/_history.html.erb
index 50fc7db..e65e327 100644
--- a/app/views/asks/_history.html.erb
+++ b/app/views/asks/_history.html.erb
@@ -25,7 +25,7 @@
             <%= ask_status_history.comment %>
           </td>
           <td>
-            <%= link_to(ask_status_history[:file], ask_status_history.file.url) if ask_status_history.file.present? %>
+            <%= link_to(ask_status_history[:file], "/#{I18n.locale}/admin/asks/#{ask_status_history.id.to_s}/download") if ask_status_history.file.present? %>
           </td>
         <% end %>
         <td>
diff --git a/app/views/asks/thank.html.erb b/app/views/asks/thank.html.erb
index 9709c7c..9e7c718 100644
--- a/app/views/asks/thank.html.erb
+++ b/app/views/asks/thank.html.erb
@@ -1,12 +1,8 @@
-
-
+<% data = action_data %>
 <link href="/assets/ask/ask.css" media="screen" rel="stylesheet">
 <div class="form-horizontal">
 	<h2>
-    <%  text = AskAcknowledgement.first.content[I18n.locale] rescue t('ask.thank_text')
-        text = t('ask.thank_text') if text.to_s.empty?
-    %>
-    <%= text.html_safe %>
+    <%= data['content'].html_safe %>
     <div class="form-actions">
         <a class="btn" href="<%= OrbitHelper.request.path_info %>"><%=t('ask.go_back')%></a>
     </div>
diff --git a/config/routes.rb b/config/routes.rb
index 16b5b34..6dfefc8 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -64,6 +64,7 @@ Rails.application.routes.draw do
 					delete 'delete'
 					post 'batch_modify_status'
 					get ':id/print', to: 'asks#print'
+					get ':ask_status_id/download', to: 'asks#download_file'
 					get 'export'
 					get 'setting'
 					get 'backend_table_setting'