Url validation and Authorisation

.rubocop.yml

@@ -13,6 +13,12 @@ Style/AndOr:
   StyleGuide: 'https://github.com/bbatsov/ruby-style-guide#no-and-or-or'
   Enabled: false
 
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Style/RegexpLiteral:
+  Enabled: false
+
 AllCops:
   Exclude:
     - 'bin/**/*'

app/assets/javascripts/custom.js

@@ -1,4 +1,4 @@
-$(document).ready(function() {
+$(document).ready(function() { 
   var slider = ["ALERT","SMART","COMPETITIVE"];
   $("#animate").addClass('animated infinite fadeInDown');
   $("#animate").text(slider[0]);
@@ -118,6 +118,8 @@ function openNav() {
       document.getElementById("mySidenav").style.width = "0";
   }
 
+$('[data-toggle="tooltip"]').tooltip();  
+
 
 function showListWiseGraph(id, index){
      var isExpanded = $("#collection" + index).attr("aria-expanded");

app/assets/stylesheets/application.css.scss

@@ -969,11 +969,11 @@ margin-top:4%;
     text-decoration:none;
     color:white;
     font-weight:700;
-    font-size:22px;
+    font-size:17px;
 }
 .collections-navbar-right-links{
     a{
-        font-size:22px; 
+        font-size:17px; 
         font-family:  Palatino, serif;
       }
     }
@@ -987,11 +987,13 @@ margin-top:4%;
         padding-left:10%;
         a{
         color: white;
+        font-size: 15px;
         }
     }
     .domain-delete{
         padding-left:10%;
         color:white;
+        font-size: 14px;
         font-style:italic;
     }
 }

app/controllers/application_controller.rb

@@ -2,10 +2,16 @@ class ApplicationController < ActionController::Base
   include Pundit
   protect_from_forgery with: :exception
   before_action :configure_permitted_parameters, if: :devise_controller?
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
 
   protected
 
   def configure_permitted_parameters
     devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
   end
+
+  def user_not_authorized
+    flash[:alert] = 'You are not authorized to perform this action.'
+    redirect_back(fallback_location: root_path)
+  end
 end

app/controllers/collections_controller.rb

@@ -7,7 +7,9 @@ def create
   end
 
   def destroy
-    Collections::Delete.call(params[:id], current_user)
+    collection = Collection.find(params[:id])
+    authorize(collection, :destroy?)
+    Collections::Delete.call(collection, current_user)
     redirect_to root_url
   end
 

app/controllers/invites_controller.rb

@@ -8,7 +8,6 @@ def index
   def create
     invite = Invite.new(invite_params)
     invite.save!
-
     flash[:note] = 'Thank You for requesting an invitation to use RankHub. We will shortly send you an invitation code to register at RankHub'
     redirect_to static_invite_path
   end
@@ -17,7 +16,7 @@ def approve
     invite = Invite.find(params[:id])
     invite.update(approved: true)
     UserMailer.invite_email(invite).deliver_later
-    redirect_to admin_analytics_path
+    redirect_to admin_invites_path
   end
 
   private

app/models/collection.rb

@@ -1,6 +1,8 @@
 class Collection < ApplicationRecord
   belongs_to :user
+
   has_many   :collection_websites, dependent: :destroy
   has_many   :websites, through: :collection_websites
+
   validates  :name, presence: true
 end

app/models/website.rb

@@ -1,10 +1,13 @@
 class Website < ApplicationRecord
+  before_validation :add_protocol_to_website
+
+  validates :url, url: true
+  validates :url, uniqueness: true
+
   has_many  :collection_websites
   has_many  :collections, through: :collection_websites
   has_many  :alexaranks, dependent: :destroy
-  validates :url, presence: true
-  validates :url, uniqueness: true
-
+
   def fetch_alexa_rank_and_update!
     rank = Alexarank.fetch_rank(domain: url.to_s)
     alexaranks.create(rank: rank)
@@ -33,5 +36,16 @@ def fetch_meta_description
     description = page.search("meta[name='description']").map { |n| n['content'] }
     update(description: description)
   end
-end
 
+  private
+
+  def add_protocol_to_website
+    return if protocol_present?
+    self.url = "http://#{url}"
+  end
+
+  def protocol_present?
+    return false if url.blank?
+    url[/^http:\/\//] || url[/^https:\/\//]
+  end
+end

app/policies/collection_policy.rb

@@ -0,0 +1,5 @@
+class CollectionPolicy < ApplicationPolicy
+  def destroy?
+    record.user == user
+  end
+end

app/services/collections/delete.rb

@@ -1,11 +1,11 @@
 module Collections
   class Delete
-    def self.call(collection_id, user)
-      new(collection_id, user).call
+    def self.call(collection, user)
+      new(collection, user).call
     end
 
-    def initialize(collection_id, user)
-      @collection = Collection.find(collection_id)
+    def initialize(collection, user)
+      @collection = collection
       @user = user
     end
 

app/services/websites/create.rb

@@ -14,9 +14,11 @@ def initialize(params, user)
     end
 
     def call
-      url_exist = Website.find_by(url: params[:website][:url])
+      url = params[:website][:url]
+      url = "http://#{url}" unless protocol_given?(url)
+      url_exist = Website.find_by(url: url)
       if url_exist && params[:website][:collection_id]
-        CollectionWebsite.where(collection: params[:website][:collection_id], website: url_exist).first_or_create  
+        CollectionWebsite.where(collection: params[:website][:collection_id], website: url_exist).first_or_create
       else
         create_website
         find_or_create_user
@@ -48,6 +50,9 @@ def fetch_rank
       return if website.alexaranks.any?
       FetchRankJob.perform_later(website)
     end
+
+    def protocol_given?(url)
+      (url.start_with? 'http://') || (url.start_with? 'https://')
+    end
   end
 end
-

app/validators/url_validator.rb

@@ -0,0 +1,22 @@
+class UrlValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    uri = URI.parse(value)
+    record.errors.add(attribute, 'is invalid') unless valid_url?(uri)
+  end
+
+  private
+
+  def valid_url?(uri)
+    uri && valid_host?(uri.host)
+  rescue URI::InvalidURIError
+    false
+  end
+
+  def valid_host?(host)
+    host.present? && valid_characters?(host)
+  end
+
+  def valid_characters?(host)
+    !host[/[\s\!\\"$%&'\(\)*+_,:;<=>?@\[\]^|£§°ç\/]/] && host.include?('.')
+  end
+end

app/views/layouts/_header.html.erb

@@ -1,30 +1,27 @@
 <nav id="mainNav" class="navbar navbar-default navbar-fixed-top collections-login-navbar">
     <div class="container">
         <div class="navbar-header">
-
             <%= link_to 'RankHub',root_path, class:"navbar-brand page-scroll collections-navbar-icon" %>
         </div>
         <% if user_signed_in? %>
             <nav>
                 <ul class="nav navbar-nav navbar-right">
                     <div class="dropdown collections-navbar-right">
-
-                        <li data-toggle="dropdown">
-                            <%= link_to current_user.email, root_path, class:'load collections-navbar-links' %>
-                            <span class = "caret dropdown-arrow"></span>
+                      <li data-toggle="dropdown">
+                        <%= link_to current_user.email, root_path, class:'load collections-navbar-links' %>
+                        <span class = "caret dropdown-arrow"></span>
+                      </li>
+                      <ul class="dropdown-menu load collections-navbar-right-links">
+                        <li>
+                          <%= link_to 'Account Management', edit_user_registration_path %>
                         </li>
-                        <ul class="dropdown-menu load collections-navbar-right-links">
-                            <li>
-                                <%= link_to 'Account Management', edit_user_registration_path %>
-                            </li>
-                            <li>
-                                <%= link_to 'Log Out', destroy_user_session_path, method: :delete %>
-                            </li>
-                        </ul>
+                        <li>
+                          <%= link_to 'Log Out', destroy_user_session_path, method: :delete %>
+                        </li>
+                      </ul>
                     </div>
                 </ul>
             </nav>
-
-                <% end %>
+        <% end %>
     </div>
 </nav>

app/views/static_pages/_collection.html.erb

@@ -1,7 +1,3 @@
-
-
-
-
 <div class="modal fade" id="demo1" role="dialog" aria-hidden="true">
   <div class="modal-dialog modal-sm">
     <div class="modal-content">
@@ -16,9 +12,9 @@
             </div>
             <div class="col-md-3">
               <%= f.hidden_field :user_id, value: current_user.id %>
-                <%= f.submit "Add", class: 'btn btn-success btn-sm btn pull-right'%>
+              <%= f.submit "Add", class: 'btn btn-success btn-sm btn pull-right'%>
             </div>
-            <% end %>
+          <% end %>
         </div>
       </div>
     </div>
@@ -29,71 +25,62 @@
   <div class="rows sidebar-section">
     <div id="mySidenav" class="sidenav sidebar-list">
       <a href="javascript:void(0)" class="closebtn" onclick="closeNav()">&times;</a>
-      <button class="accordion " data-toggle="collapse" data-toggle="collapse" data-target="#demo">Lists</button>
+      <button class="accordion " data-toggle="collapse" data-toggle="collapse" data-target="#demo" data-toggle="tooltip" data-placement="top" title="Add new list">Lists</button>
       <div id="demo" class="collapse sidebar-collapse">
         <% collection_nil = [] %>
           <% @urls.each do |url| %>
             <% if url.collection_ids.nil? %>
               <% collection_nil << url.id %>
-                <% end %>
-                  <% end %>
-                    <% if collection_nil.empty? %>
-                      <% @collection_names.any? %><br>
-                        <div class="panel-group sub-list" id="accordion">
-                          <% @collection_names.each_with_index do |collect, index| %>
-                             <a data-toggle="collapse" data-parent="#accordion" href="#collapse<%= index+1 %>" onclick="showListWiseGraph(<%= collect.id %>, <%= index %>)" id="collection<%= index %>">
-                              <h4>
-                                <%= collect.name %>
-                              </h4>
-                            </a>
-                            <%= link_to "Delete", collection_path(collect.id),
-          data: { confirm: "Are you sure?" }, class: 'remove-list',method: :delete %>
-                              <div id="collapse<%= index+1 %>" class="panel-collapse collapse">
-                                <div class="panel-body">
-                                  <div class="row">
-                                    <%= form_for (@website) do |f| %>
-                                      <div class="col-md-9">
-
-                                           <%= f.text_field :url, id:'url_id', class:'form-control',placeholder:"Add Domain" %>
+            <% end %>
+          <% end %>
+          <% if collection_nil.empty? %>
+            <% @collection_names.any? %>
+            <br>
+            <div class="panel-group sub-list" id="accordion">
+              <% @collection_names.each_with_index do |collect, index| %>
+                <a data-toggle="collapse" data-parent="#accordion" href="#collapse<%= index+1 %>" onclick="showListWiseGraph(<%= collect.id %>, <%= index %>)" id="collection<%= index %>" data-toggle="tooltip" data-placement="top" title="Click to add domain"><h4><%= collect.name %></h4></a>
+                <%= link_to "Delete", collection_path(collect.id), data: { confirm: "Are you sure?" }, 
+                class: 'remove-list',method: :delete %>
+                <div id="collapse<%= index+1 %>" class="panel-collapse collapse">
+                  <div class="panel-body">
+                    <div class="row">
+                      <%= form_for (@website) do |f| %>
+                        <div class="col-md-9">
+                          <%= f.text_field :url, id:'url_id', class:'form-control',placeholder:"Add Domain" %>
                           <%= f.hidden_field :collection_id, value: collect.id%>
                           <%= f.hidden_field :current_user, value: current_user.id%>
-
-                                      </div>
-                                      <div class="col-md-3">
-                                        <%= f.submit "Add", class: ' btn btn-success btn-sm btn pull-right'%>
-                                      </div>
-                                      <% end %>
-                                        <%= render partial: "domain", locals: { collect: collect } %>
-                                  </div>
-                                </div>
-                              </div>
-                              <% end %>
                         </div>
-                        <a class="add-newlist" data-toggle="modal" data-target="#demo1">Add new list</a>
-      </div>
-    </div>
-
-    <div id="main">
-      <span onclick="openNav()">☰</span>
-
-    </div>
+                        <div class="col-md-3">
+                          <%= f.submit "Add", class: ' btn btn-success btn-sm btn pull-right'%>
+                        </div>
+                      <% end %>
+                      <%= render partial: "domain", locals: { collect: collect } %>
+                     </div>
+                   </div>
+                 </div>
+               <% end %>
+             </div>
+             <a class="add-newlist" data-toggle="modal" data-target="#demo1" data-toggle="tooltip" data-placement="top" title="Click me">Add new list</a>
+           </div>
+         </div>
+         <div id="main">
+            <span onclick="openNav()" data-toggle="tooltip" data-placement="top" title="Open side bar">☰
+            </span>
+        </div>
     <div class="col-md-5">
-    <div class="row url-flash-message">
-    <% if flash[:error] %>
-      <div class="alert alert-danger">
-        <%= flash[:error]%>
+      <div class="row url-flash-message">
+        <% if flash[:error] %>
+          <div class="alert alert-danger">
+            <%= flash[:error]%>
+          </div>
+        <% end %>
       </div>
-      <% end %>
- </div>
-</div>  
-
-    <div class="col-md-7 show-graph" id="graph"></div>
-
+    </div>  
+  <div class="col-md-7 show-graph" id="graph"></div>
   </div>
   <% else %>
     <%= render 'check' %>
-      <% end %>
-
+  <% end %>
 </div>
 
-        
+