Diff -- /var/www/vhosts/webstls.com/httpdocs/MODS/WebSTLs/Wrapper.pm
Diff

/var/www/vhosts/webstls.com/httpdocs/MODS/WebSTLs/Wrapper.pm

added on WebSTLs (webstls.com) at 2026-07-01 22:26:42

Added
+639
lines
Removed
-0
lines
Context
0
unchanged
Blobs
from
to 99f09da46f0f
Restore this content →
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.
1package MODS::WebSTLs::Wrapper;
2#======================================================================
3# WebSTLs — page wrapper.
4#
5# Renders the sidebar + topbar shell around a page's main content.
6# Uses MODS::Template for the shell template (webstls_wrapper.html
7# for logged-in pages, webstls_marketing.html for logged-out).
8#
9# Caller pattern:
10#
11# my $body = qq~ ...page body html... ~;
12# $wrap->render({
13# userinfo => $userinfo, # required for logged-in shell
14# page_key => 'dashboard', # marks the active sidebar item
15# title => 'Dashboard',
16# body => $body,
17# extra_js => ['/assets/javascript/graphs.js'], # optional
18# });
19#======================================================================
20
21use strict;
22use warnings;
23
24use MODS::Template;
25use MODS::DBConnect;
26use MODS::WebSTLs::Config;
27
28my $tfile = MODS::Template->new;
29my $config = MODS::WebSTLs::Config->new;
30my $db = MODS::DBConnect->new;
31
32# Sidebar nav: section headers + entries. Each entry has a key
33# matched against $page_key to set "active", an icon name (resolved
34# to inline SVG below), label, href, and optional badge.
35my @SIDEBAR = (
36 # Sidebar mirrors the profile dropdown in webstls_wrapper.html --
37 # same sections, same wording, same hrefs, same ordering so the
38 # two menus read as one family. Order: Studio > Insights > Account
39 # > Admin (admin-only). Admin section contains every platform-wide
40 # control surface.
41 #
42 # Per-row gating attrs (all optional):
43 # feature = permission_features.slug -- hide row from team
44 # members who lack the slug. Owners always pass.
45 # owner_only = 1 -- only the account owner (no owner_user_id) sees
46 # this row. Team members never see it regardless of role.
47 # Used for billing + team management + "danger zone" entries.
48 # admin_only = 1 -- hides from non-admin users entirely.
49 { section => 'Workspace' },
50 { key => 'dashboard', label => 'Dashboard', href => '/dashboard.cgi', icon => 'welcome' },
51 { key => 'calendar', label => 'Calendar', href => '/calendar.cgi', icon => 'calendar' },
52 { key => 'storefront', label => 'My Storefront', href => '/storefront.cgi', icon => 'storefront', feature => 'view_storefront' },
53 { key => 'models', label => 'My Models', href => '/models.cgi', icon => 'models', feature => 'view_models' },
54 # The Upload-new-model action lives ON /models.cgi as a button now
55 # (was its own sidebar entry "New Listing"). The CGI itself is at
56 # /upload_model.cgi and reachable through the My Models CTA.
57 { key => 'categories', label => 'Categories', href => '/categories.cgi', icon => 'models', feature => 'edit_models' },
58 { key => 'bundles', label => 'Bundles', href => '/bundles.cgi', icon => 'models', feature => 'edit_models' },
59 { key => 'fulfillment', label => 'Fulfill Orders', href => '/fulfill.cgi', icon => 'billing', feature => 'view_orders' },
60 { key => 'shipping', label => 'Shipping Setup', href => '/shipping_settings.cgi', icon => 'analytics', feature => 'edit_models' },
61 { key => 'subscriptions', label => 'Subscription Plans',href => '/subscription_plans.cgi', icon => 'promotions', feature => 'edit_models' },
62 { key => 'marketplaces', label => 'Marketplaces', href => '/marketplaces.cgi', icon => 'analytics', feature => 'manage_marketplaces' },
63 { key => 'promotions', label => 'Promotions', href => '/promotions.cgi', icon => 'promotions', feature => 'view_promotions' },
64 # Audience was its own sidebar item; merged into Sales Reports.
65 { key => 'messages', label => 'Messages', href => '/messages.cgi', icon => 'messages', feature => 'view_messages' },
66 { key => 'storefront_seo', label => 'SEO', href => '/storefront_seo.cgi', icon => 'seo', feature => 'view_seo' },
67
68 # Reporting consolidated from 5 items -> 2 + Optimization.
69 # Sales Reports merges Sales Dashboard + Analytics + Audience.
70 # Traffic Statistics holds Heatmaps under its tab nav (no separate
71 # sidebar entry). Optimization stays separate -- A/B testing is a
72 # tool, not a report.
73 { section => 'Reporting' },
74 { key => 'sales_reports', label => 'Sales Reports', href => '/sales_reports.cgi', icon => 'dashboard', feature => 'view_reports' },
75 { key => 'orders', label => 'Orders', href => '/orders.cgi', icon => 'billing', feature => 'view_orders' },
76 { key => 'customers', label => 'Customers', href => '/customers.cgi', icon => 'team', feature => 'view_orders' },
77 { key => 'optimize', label => 'Optimization Testing', href => '/optimization.cgi', icon => 'optimize', feature => 'view_reports' },
78
79 # Help-section items (Tutorials, A/B & MVT tutorials, Product tour)
80 # live in the topbar Help-button dropdown, not the sidebar -- the
81 # dropdown is reachable from every page so help is always one click
82 # away without taking sidebar real estate. Source: webstls_wrapper.html.
83
84 { section => 'Account' },
85 { key => 'my_profile', label => 'My Profile', href => '/profile.cgi', icon => 'profile' },
86 { key => 'billing', label => 'Billing & Plan', href => '/billing.cgi', icon => 'billing', feature => 'manage_billing' },
87 { key => 'team', label => 'Team Members', href => '/team.cgi', icon => 'team', owner_only => 1 },
88 { key => 'preferences', label => 'Preferences', href => '/preferences.cgi', icon => 'settings' },
89
90 { section => 'Admin', admin_only => 1 },
91 { key => 'admin_earnings', label => 'Earnings & Expenses', href => '/admin_earnings.cgi', icon => 'billing', super_admin_only => 1, tip => 'Revenue from paid invoices + manual expense ledger.' },
92 { key => 'admin_funnels', label => 'Conversion Funnel', href => '/admin_funnels.cgi', icon => 'funnel',
93 admin_only => 1 },
94 { key => 'admin_traffic', label => 'Traffic Reports', href => '/admin_traffic.cgi', icon => 'analytics',
95 admin_only => 1, tip => 'Where visitors are coming from + globe + per-country drill.' },
96 { key => 'admin_messages', label => 'Support inbox', href => '/admin_messages.cgi', icon => 'messages',
97 admin_only => 1, feature => 'admin_view_messages' }, { key => 'admin_companies', label => 'All Companies', href => '/admin_companies.cgi', icon => 'building',
98 admin_only => 1, feature => 'admin_view_users' },
99
100 { key => 'admin_users', label => 'All Users', href => '/admin_users.cgi', icon => 'admin',
101 admin_only => 1, feature => 'admin_view_users' },
102
103 { key => 'admin_teams', label => 'Team Members', href => '/admin_teams.cgi', icon => 'team',
104 admin_only => 1 },
105 { key => 'admin_billing', label => 'User Billing', href => '/admin_billing.cgi', icon => 'billing',
106 admin_only => 1, feature => 'admin_view_billing' },
107 # Pricing & Promotions is one sidebar entry covering BOTH the
108 # billing-packages catalogue and the platform-wide promotions list.
109 # The two pages share a tab nav at the top so the user can switch
110 # between them; both set page_key='admin_packages' so this entry
111 # stays highlighted across either URL.
112 { key => 'admin_packages', label => 'Pricing & Promotions', href => '/admin_packages.cgi', icon => 'billing',
113 admin_only => 1, super_admin_only => 1 },
114 # Tax: rates + marketplace-facilitator collection policy. Visible
115 # to all admins, but only super-admins can save changes (the CGI
116 # gates the POST handlers). Separate from Pricing & Promotions
117 # because tax is platform-wide compliance, not seller-facing
118 # pricing.
119 { key => 'admin_tax', label => 'Tax', href => '/admin_tax.cgi', icon => 'billing',
120 admin_only => 1 },
121 # Default category list -- the starter pack copied into every new
122 # seller's seller_categories at signup. Sellers can then edit their
123 # own copy freely without affecting the master defaults.
124 { key => 'admin_categories', label => 'Default Categories', href => '/admin_categories.cgi', icon => 'models',
125 admin_only => 1 },
126 { key => 'admin_seo', label => 'SEO', href => '/admin_seo.cgi', icon => 'seo',
127 admin_only => 1, feature => 'admin_view_seo' },
128 # Heatmaps now lives as a tab inside /admin_visitors.cgi (no
129 # separate sidebar entry). /admin_heatmap.cgi is still reachable
130 # at its direct URL and renders the same tab nav with Heatmaps
131 # highlighted.
132 { key => 'admin_chat', label => 'Chat', href => '/admin_chat.cgi', icon => 'chat',
133 admin_only => 1, feature => 'admin_chat' }, # Sandbox CCs for QA. Super-admin-only because a misused test card
134 # could be assigned to a real seller's account and silently
135 # "approve" their next charge. Staff with manage-billing get to see
136 # tests it; only the platform owner gets to create them.
137 { key => 'admin_test_cards', label => 'Test Credit Cards', href => '/admin_test_cards.cgi', icon => 'card',
138 admin_only => 1, super_admin_only => 1 },
139 { key => 'email_setup', label => 'Email Setup', href => '/admin_emails.cgi', icon => 'messages', admin_only => 1, super_admin_only => 1 },
140 # Platform-owner-only: edits Stripe keys / branding / email and
141 # other DB-backed settings. Regular admins do NOT see this row.
142 { key => 'admin_maintenance', label => 'Maintenance', href => '/admin_maintenance.cgi', icon => 'settings', super_admin_only => 1, tip => 'Lock the site for everyone except admins; edit the message users see while locked.' }, { key => 'admin_config', label => 'Configuration', href => '/admin_config.cgi', icon => 'settings',
143 admin_only => 1, super_admin_only => 1 },
144);
145
146sub new {
147 my ($class) = @_;
148 return bless({}, $class);
149}
150
151#----------------------------------------------------------------------
152# render(\%opts) — print the full page (Content-Type already sent
153# by the calling .cgi).
154#----------------------------------------------------------------------
155sub render {
156 my ($self, $opts) = @_;
157 $opts ||= {};
158
159 my $userinfo = $opts->{userinfo};
160 my $logged_in = $userinfo && $userinfo->{user_id} ? 1 : 0;
161
162 my $tvars = {
163 website_title => $config->settings('website_title'),
164 brand_name => $config->settings('brand_name'),
165 brand_tagline => $config->settings('brand_tagline'),
166 assets => $config->settings('assets'),
167 assets_css => $config->settings('assets_css'),
168 assets_js => $config->settings('assets_js'),
169 title => $opts->{title} || 'WebSTLs',
170 body => $opts->{body} || '',
171 extra_js => _format_scripts($opts->{extra_js}),
172 extra_css => _format_styles($opts->{extra_css}),
173 # SEO meta block (built below). Renders into webstls_wrapper.html
174 # / webstls_marketing.html at $meta_tags so every page emits a
175 # consistent <meta> set without each CGI having to know.
176 meta_tags => _build_meta_tags($opts),
177 };
178
179 if ($logged_in) {
180 $tvars->{user_id} = $userinfo->{user_id};
181 $tvars->{display_name} = $userinfo->{display_name};
182 $tvars->{email} = $userinfo->{email};
183 $tvars->{plan_tier} = ucfirst($userinfo->{plan_tier} || 'free');
184 $tvars->{initials} = _initials($userinfo->{display_name} || $userinfo->{email});
185
186 my $is_admin = $userinfo->{is_admin} || $userinfo->{_admin_is_admin} || 0;
187 $tvars->{is_admin} = $is_admin;
188 # Unread comments/reviews drive the red dot on the bell icon and
189 # the Messages entry in both menus. Querying once here so the
190 # sidebar builder + the topbar template both read the same number.
191 my $unread = _unread_messages_count($userinfo->{user_id}, $is_admin);
192 $tvars->{unread_messages_count} = $unread;
193 $tvars->{has_unread_messages} = $unread > 0 ? 1 : 0;
194 # Where the topbar Messages pill lands. Admins manage every
195 # storefront's tickets via the admin console; sellers only
196 # see their own threads at the customer-facing portal.
197 $tvars->{messages_href} = $is_admin ? '/admin_messages.cgi' : '/messages.cgi';
198 # Live chats awaiting an admin reply. Drives the topbar pill
199 # so admins can't miss a visitor mid-conversation no matter
200 # what page they're on. Pill always renders for admins; the
201 # idle (blue) vs waiting (green/pulsing) state is gated on
202 # count. Clicking the waiting pill jumps straight to the
203 # longest-waiting chat so admins skip the console list.
204 my $chat_data = $is_admin ? _pending_chats_data() : { n => 0, first_id => 0 };
205 $tvars->{admin_chats_pending} = $chat_data->{n};
206 $tvars->{has_admin_chats_pending} = $chat_data->{n} > 0 ? 1 : 0;
207 $tvars->{admin_chats_first_id} = $chat_data->{first_id} || 0;
208 $tvars->{admin_chats_href} = $chat_data->{first_id}
209 ? "/admin_chat.cgi?chat=$chat_data->{first_id}"
210 : '/admin_chat.cgi';
211 $tvars->{sidebar} = _build_sidebar($opts->{page_key} || '', $is_admin, $unread, $userinfo);
212 $tvars->{dropdown_links} = _build_dropdown_links($is_admin, $unread, $userinfo);
213 $tvars->{impersonation_banner} = _impersonation_banner($userinfo);
214
215 # Per-user sidebar pref: applied as a class on <html> so the
216 # final layout is in place on first paint (no flash). Guarded
217 # against the user_settings.sidebar_collapsed column not having
218 # been added yet -- a missing-column SELECT would 500 the page.
219 my $collapsed = _sidebar_pref($userinfo->{user_id});
220 $tvars->{html_class} = $collapsed ? 'sidebar-collapsed' : '';
221 }
222
223 # Heatmap-view mode: when /admin_heatmap.cgi loads a page in its
224 # preview iframe it appends `heatmap_view=1` to the URL. We render
225 # that request as if the visitor were logged OUT so the DOM
226 # matches exactly what a real visitor saw -- otherwise the admin
227 # session would inject the studio sidebar wrapper and every stored
228 # selector would resolve to a different element. We also suppress
229 # track.js so the admin's preview clicks don't pollute analytics.
230 my $heatmap_view = ($ENV{QUERY_STRING} || '') =~ /(?:^|&)heatmap_view=1(?:&|$)/ ? 1 : 0;
231 $tvars->{heatmap_view} = $heatmap_view;
232
233 # Tutorial-embed mode: a [frame:/url] block inside a tutorial body
234 # loads the target URL in an iframe with ?tut_embed=1 appended. We
235 # strip the sidebar/topbar (same as heatmap_view does) so the
236 # iframe shows just the page content, not the whole studio shell.
237 my $tut_embed = ($ENV{QUERY_STRING} || '') =~ /(?:^|&)tut_embed=1(?:&|$)/ ? 1 : 0;
238 $tvars->{tut_embed} = $tut_embed;
239
240 my $template_file = ($logged_in && !$heatmap_view && !$tut_embed)
241 ? 'webstls_wrapper.html'
242 : 'webstls_marketing.html';
243
244 my @html = $tfile->template($template_file, $tvars, $userinfo);
245 print "@html";
246 return;
247}
248
249#======================================================================
250# Helpers
251#======================================================================
252
253sub _initials {
254 my ($name) = @_;
255 return '?' unless $name;
256 my @parts = split /[\s\@\.]+/, $name;
257 my $i = '';
258 $i .= uc(substr($parts[0], 0, 1)) if $parts[0];
259 $i .= uc(substr($parts[1], 0, 1)) if $parts[1];
260 return $i || uc(substr($name, 0, 1));
261}
262
263sub _format_scripts {
264 my ($list) = @_;
265 return '' unless $list && ref($list) eq 'ARRAY';
266 return join("\n", map { qq~<script src="$_"></script>~ } @$list);
267}
268
269sub _format_styles {
270 my ($list) = @_;
271 return '' unless $list && ref($list) eq 'ARRAY';
272 return join("\n", map { qq~<link rel="stylesheet" href="$_">~ } @$list);
273}
274
275# Cache the column-existence check so we don't run information_schema
276# on every page load. Under plain CGI this only saves work within a
277# single request; under FCGI/mod_perl it survives across requests.
278our $_sidebar_col_checked;
279our $_sidebar_col_exists;
280
281sub _sidebar_pref {
282 my ($user_id) = @_;
283 return 0 unless $user_id;
284 $user_id =~ s/[^0-9]//g;
285 return 0 unless $user_id;
286
287 my $DB = $config->settings('database_name');
288 my $dbh = $db->db_connect();
289 return 0 unless $dbh;
290
291 unless ($_sidebar_col_checked) {
292 my $r = $db->db_readwrite($dbh, qq~
293 SELECT COUNT(*) AS n FROM information_schema.columns
294 WHERE table_schema='$DB'
295 AND table_name='user_settings'
296 AND column_name='sidebar_collapsed'
297 ~, $ENV{SCRIPT_NAME}, __LINE__);
298 $_sidebar_col_exists = ($r && $r->{n}) ? 1 : 0;
299 $_sidebar_col_checked = 1;
300 }
301
302 unless ($_sidebar_col_exists) {
303 $db->db_disconnect($dbh);
304 return 0;
305 }
306
307 my $r = $db->db_readwrite($dbh, qq~
308 SELECT sidebar_collapsed
309 FROM `${DB}`.user_settings
310 WHERE user_id='$user_id'
311 LIMIT 1
312 ~, $ENV{SCRIPT_NAME}, __LINE__);
313 $db->db_disconnect($dbh);
314
315 return ($r && $r->{sidebar_collapsed}) ? 1 : 0;
316}
317
318sub _build_sidebar {
319 my ($active_key, $is_admin, $unread_messages, $userinfo) = @_;
320 $unread_messages ||= 0;
321 my $html = '';
322 my $pending_section; # buffered header; emitted when a child row gets through
323 my $is_team_member = ($userinfo && $userinfo->{owner_user_id}) ? 1 : 0;
324
325 foreach my $row (@SIDEBAR) {
326 # Admin entries (links AND section headers) are gated -- sellers
327 # must never see them. Hide the rows entirely (not just disable)
328 # so the page keys do not leak in HTML for non-admins to find.
329 next if $row->{admin_only} && !$is_admin;
330
331 if ($row->{section}) {
332 # Buffer the header; we only commit it once a visible child
333 # follows. Prevents dangling "Reporting" labels when every
334 # child is hidden by role.
335 $pending_section = $row->{section};
336 next;
337 }
338
339 # owner_only rows are visible only to the actual account owner
340 # (billing, team management, ...). Team members and impersonated
341 # admins are blocked here so the menu cannot leak them.
342 next if $row->{owner_only} && $is_team_member;
343
344 # super_admin_only rows are visible only to the platform owner
345 # (users.is_super_admin=1). Regular admins managing users / billing
346 # still see all the other admin rows but never this one.
347 if ($row->{super_admin_only}) {
348 require MODS::WebSTLs::Permissions;
349 next unless MODS::WebSTLs::Permissions->new->is_super_admin($userinfo);
350 }
351
352 # feature gate: skip if user lacks the slug. _has_user_feature
353 # short-circuits for owners (NULL permission_groups_id).
354 next if $row->{feature} && !_has_user_feature($userinfo, $row->{feature});
355
356 if (defined $pending_section) {
357 $html .= qq~<div class="sidebar-section-label">$pending_section</div>\n~;
358 $pending_section = undef;
359 }
360
361 my $cls = ($row->{key} eq $active_key) ? 'sidebar-link active' : 'sidebar-link';
362 my $svg = _icon($row->{icon});
363 my $badge = $row->{badge} ? qq~<span class="badge">$row->{badge}</span>~ : '';
364 # Live unread dot on the Messages row only -- the dot is omitted
365 # when there are zero unread comments/reviews so the navigation
366 # never shows a permanent "alert" indicator.
367 my $unread_dot = '';
368 if ($row->{key} && $row->{key} eq 'messages' && $unread_messages > 0) {
369 $unread_dot = qq~<span class="menu-dot" title="$unread_messages unread"></span>~;
370 }
371 # title="..." surfaces as a hover tooltip when the sidebar is
372 # collapsed to the icon rail (the CSS rule reads attr(title)).
373 $html .= qq~<a class="$cls" href="$row->{href}" title="$row->{label}">$svg<span>$row->{label}</span>$unread_dot$badge</a>\n~;
374 }
375 return $html;
376}
377
378# Build the profile-dropdown links from the SAME @SIDEBAR data the
379# left sidebar uses. This guarantees the two menus stay in lockstep
380# whenever items are added / renamed / removed -- never hand-edit the
381# dropdown HTML directly. Section headers become <div class="profile-
382# dropdown-section">, divider rows are inserted before each section
383# (except the first), and admin-only items get the .profile-admin
384# class so they render in the admin red/orange accent like before.
385sub _build_dropdown_links {
386 my ($is_admin, $unread_messages, $userinfo) = @_;
387 $unread_messages ||= 0;
388 my $html = '';
389 my $emitted_first_section = 0;
390 my $pending_section;
391 my $pending_divider = 0;
392 my $is_team_member = ($userinfo && $userinfo->{owner_user_id}) ? 1 : 0;
393
394 foreach my $row (@SIDEBAR) {
395 next if $row->{admin_only} && !$is_admin;
396
397 if ($row->{section}) {
398 # Buffer the header + its divider; emit only when a child
399 # row gets through. Otherwise the dropdown shows lone
400 # "Reporting" headers with nothing under them.
401 $pending_section = $row->{section};
402 $pending_divider = $emitted_first_section ? 1 : 0;
403 next;
404 }
405
406 next if $row->{owner_only} && $is_team_member;
407 if ($row->{super_admin_only}) {
408 require MODS::WebSTLs::Permissions;
409 next unless MODS::WebSTLs::Permissions->new->is_super_admin($userinfo);
410 }
411 next if $row->{feature} && !_has_user_feature($userinfo, $row->{feature});
412
413 if (defined $pending_section) {
414 $html .= qq~<div class="profile-dropdown-divider"></div>\n~ if $pending_divider;
415 $html .= qq~<div class="profile-dropdown-section">$pending_section</div>\n~;
416 $emitted_first_section = 1;
417 $pending_section = undef;
418 $pending_divider = 0;
419 }
420
421 my $svg = _icon($row->{icon});
422 my $admin_c = $row->{admin_only} ? ' class="profile-admin"' : '';
423 my $unread_dot = '';
424 if ($row->{key} && $row->{key} eq 'messages' && $unread_messages > 0) {
425 $unread_dot = qq~<span class="menu-dot" style="margin-left:auto" title="$unread_messages unread"></span>~;
426 }
427 $html .= qq~<a href="$row->{href}"$admin_c><span class="dropdown-icon">$svg</span> $row->{label}$unread_dot</a>\n~;
428 }
429 return $html;
430}
431
432# Thin wrapper around MODS::WebSTLs::Permissions->has_feature so the
433# sidebar builders stay decoupled from the module loader. Loaded once.
434my $_perm_singleton;
435sub _has_user_feature {
436 my ($userinfo, $slug) = @_;
437 return 1 unless $slug;
438 return 0 unless $userinfo;
439 # Owner / unconstrained: skip the DB trip
440 return 1 if !defined($userinfo->{permission_groups_id}) || $userinfo->{permission_groups_id} eq '';
441 if (!$_perm_singleton) {
442 return 1 unless eval { require MODS::WebSTLs::Permissions; 1 };
443 $_perm_singleton = MODS::WebSTLs::Permissions->new;
444 }
445 return $_perm_singleton->has_feature($userinfo, $slug);
446}
447
448# Count rows that should drive the unread indicator on the Messages
449# nav entry + the topbar bell. Same query as messages.cgi count_unread,
450# guarded against the table not existing yet on early-adopter installs.
451sub _unread_messages_count {
452 my ($uid, $is_admin) = @_;
453 return 0 unless $uid;
454 $uid =~ s/[^0-9]//g;
455 return 0 unless $uid;
456
457 require MODS::DBConnect;
458 my $db = MODS::DBConnect->new;
459 my $DB = $config->settings('database_name');
460 my $dbh = $db->db_connect();
461 return 0 unless $dbh;
462
463 my $total = 0;
464
465 # 1) Comments / reviews on the user's models. Guarded so a pre-
466 # migration deploy can't 500 the topbar.
467 my $have_ec = $db->db_readwrite($dbh, qq~
468 SELECT COUNT(*) AS n FROM information_schema.tables
469 WHERE table_schema='$DB' AND table_name='external_comments'
470 ~, $ENV{SCRIPT_NAME}, __LINE__);
471 if ($have_ec && $have_ec->{n}) {
472 my $r = $db->db_readwrite($dbh, qq~
473 SELECT COUNT(*) AS n FROM `${DB}`.external_comments
474 WHERE user_id='$uid' AND status='new' AND is_reply=0
475 ~, $ENV{SCRIPT_NAME}, __LINE__);
476 $total += ($r && $r->{n}) ? $r->{n} : 0;
477 }
478
479 # 2) Support tickets / help threads. Admins count threads where
480 # admin_unread > 0 (anyone's ticket needing reply); regular
481 # users count their own threads where customer_unread > 0 (a
482 # reply from admin they haven't read yet). This is what makes
483 # a fresh help request light up the Messages pill.
484 my $have_st = $db->db_readwrite($dbh, qq~
485 SELECT COUNT(*) AS n FROM information_schema.tables
486 WHERE table_schema='$DB' AND table_name='support_threads'
487 ~, $ENV{SCRIPT_NAME}, __LINE__);
488 if ($have_st && $have_st->{n}) {
489 my $sql = $is_admin
490 ? qq~SELECT COUNT(*) AS n FROM `${DB}`.support_threads WHERE admin_unread > 0~
491 : qq~SELECT COUNT(*) AS n FROM `${DB}`.support_threads WHERE customer_user_id='$uid' AND customer_unread > 0~;
492 my $r = $db->db_readwrite($dbh, $sql, $ENV{SCRIPT_NAME}, __LINE__);
493 $total += ($r && $r->{n}) ? $r->{n} : 0;
494 }
495
496 $db->db_disconnect($dbh);
497 return $total;
498}
499
500# Open visitor chats with at least one unread message for the admin.
501# Drives both the topbar pill state (idle/waiting) and its click
502# target (jump direct to the longest-waiting chat). Table existence
503# is guarded via information_schema so pre-migration deploys can't
504# 500 the wrapper. Returns { n => count, first_id => oldest_pending_chat_id }.
505sub _pending_chats_data {
506 require MODS::DBConnect;
507 my $db = MODS::DBConnect->new;
508 my $DB = $config->settings('database_name');
509 my $dbh = $db->db_connect();
510 return { n => 0, first_id => 0 } unless $dbh;
511 my $have = $db->db_readwrite($dbh, qq~
512 SELECT COUNT(*) AS n FROM information_schema.tables
513 WHERE table_schema='$DB' AND table_name='support_chats'
514 ~, $ENV{SCRIPT_NAME}, __LINE__);
515 unless ($have && $have->{n}) {
516 $db->db_disconnect($dbh);
517 return { n => 0, first_id => 0 };
518 }
519 # ORDER BY last_message_at ASC -- oldest unread first. Sending an
520 # admin to the chat that has been waiting longest is the most
521 # courteous default; if they want a different one they can use
522 # the console list as normal.
523 my @rows = $db->db_readwrite_multiple($dbh, qq~
524 SELECT id FROM `${DB}`.support_chats
525 WHERE status = 'open'
526 AND unread_for_admin > 0
527 ORDER BY last_message_at ASC
528 ~, $ENV{SCRIPT_NAME}, __LINE__);
529 $db->db_disconnect($dbh);
530 return {
531 n => scalar(@rows),
532 first_id => scalar(@rows) ? ($rows[0]->{id} + 0) : 0,
533 };
534}
535
536# Banner shown across the top of every authenticated page WHILE an
537# admin is impersonating another user. The "Stop" link is a POST to
538# /admin_action.cgi (form, not GET) so accidental link-followers can't
539# end an impersonation by sharing a URL.
540sub _impersonation_banner {
541 my ($userinfo) = @_;
542 return '' unless $userinfo && $userinfo->{_impersonating};
543
544 my $target_email = _html_escape($userinfo->{email} || '');
545 my $target_name = _html_escape($userinfo->{display_name} || $target_email);
546 my $admin_email = _html_escape($userinfo->{_admin_email} || '');
547
548 return qq~
549<div class="impersonation-banner">
550 <div class="impersonation-banner-msg">
551 <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="16" height="16"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10Z"/></svg>
552 <span><strong>Acting as</strong> $target_name &lt;$target_email&gt; &middot; admin: $admin_email</span>
553 </div>
554 <form method="POST" action="/admin_action.cgi" class="impersonation-banner-form">
555 <input type="hidden" name="act" value="stop_impersonation">
556 <button type="submit" class="impersonation-banner-stop">Stop &amp; return to admin</button>
557 </form>
558</div>
559~;
560}
561
562sub _html_escape {
563 my ($s) = @_;
564 return '' unless defined $s;
565 $s =~ s/&/&amp;/g;
566 $s =~ s/</&lt;/g;
567 $s =~ s/>/&gt;/g;
568 $s =~ s/"/&quot;/g;
569 $s =~ s/'/&#39;/g;
570 return $s;
571}
572
573# Inline SVG icon library — keeps the wrapper independent of any
574# external icon font / file. All icons are 24x24, stroke-based.
575my %ICONS = (
576 dashboard => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="3" width="7" height="9" rx="1"/><rect x="14" y="3" width="7" height="5" rx="1"/><rect x="14" y="12" width="7" height="9" rx="1"/><rect x="3" y="16" width="7" height="5" rx="1"/></svg>',
577 models => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 2 3 7v10l9 5 9-5V7l-9-5Z"/><path d="m3 7 9 5 9-5"/><path d="M12 22V12"/></svg>',
578 upload => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/><polyline points="17 8 12 3 7 8"/><line x1="12" y1="3" x2="12" y2="15"/></svg>',
579 storefront => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="m3 9 1-5h16l1 5"/><path d="M5 9v11a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V9"/><path d="M9 21V13h6v8"/></svg>',
580 audience => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/><path d="M23 21v-2a4 4 0 0 0-3-3.87"/><path d="M16 3.13a4 4 0 0 1 0 7.75"/></svg>',
581 messages => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2Z"/></svg>',
582 funnel => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M22 3H2l8 9.46V19l4 2v-8.54L22 3z"/></svg>',
583 analytics => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M3 3v18h18"/><path d="m7 14 4-4 4 4 5-5"/></svg>',
584 optimize => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 12h-4l-3 9L9 3l-3 9H2"/></svg>',
585 settings => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 1 1-2.83 2.83l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 1 1-4 0v-.09a1.65 1.65 0 0 0-1-1.51 1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 1 1-2.83-2.83l.06-.06a1.65 1.65 0 0 0 .33-1.82 1.65 1.65 0 0 0-1.51-1H3a2 2 0 1 1 0-4h.09a1.65 1.65 0 0 0 1.51-1 1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 1 1 2.83-2.83l.06.06a1.65 1.65 0 0 0 1.82.33 1.65 1.65 0 0 0 1-1.51V3a2 2 0 1 1 4 0v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 1 1 2.83 2.83l-.06.06a1.65 1.65 0 0 0-.33 1.82v0a1.65 1.65 0 0 0 1.51 1H21a2 2 0 1 1 0 4h-.09a1.65 1.65 0 0 0-1.51 1Z"/></svg>',
586 building => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="2" width="18" height="20" rx="2"/><path d="M9 22V12h6v10"/><path d="M9 6h.01"/><path d="M9 10h.01"/><path d="M15 6h.01"/><path d="M15 10h.01"/></svg>',
587 calendar => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="4" width="18" height="18" rx="2"/><line x1="16" y1="2" x2="16" y2="6"/><line x1="8" y1="2" x2="8" y2="6"/><line x1="3" y1="10" x2="21" y2="10"/></svg>',
588 clock => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="10"/><polyline points="12 6 12 12 16 14"/></svg>',
589 admin => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10Z"/><path d="m9 12 2 2 4-4"/></svg>',
590 billing => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="2" y="5" width="20" height="14" rx="2"/><line x1="2" y1="10" x2="22" y2="10"/><line x1="6" y1="15" x2="10" y2="15"/></svg>',
591 promotions => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M20.59 13.41 13.42 20.58a2 2 0 0 1-2.83 0L2 12V2h10l8.59 8.59a2 2 0 0 1 0 2.82z"/><line x1="7" y1="7" x2="7.01" y2="7"/></svg>',
592 profile => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/><circle cx="12" cy="7" r="4"/></svg>',
593 seo => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="11" cy="11" r="7"/><path d="m21 21-4.3-4.3"/><path d="M7 11h8"/><path d="M11 7v8"/></svg>',
594 visitors => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M1 12s4-7 11-7 11 7 11 7-4 7-11 7-11-7-11-7Z"/><circle cx="12" cy="12" r="3"/></svg>',
595 chat => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2Z"/></svg>',
596 welcome => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M3 12 12 3l9 9"/><path d="M5 10v10a1 1 0 0 0 1 1h4v-6h4v6h4a1 1 0 0 0 1-1V10"/></svg>',
597 heatmap => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="8" cy="9" r="3"/><circle cx="16" cy="14" r="4"/><circle cx="10" cy="17" r="2"/><rect x="2" y="2" width="20" height="20" rx="2"/></svg>',
598 team => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/><path d="M23 21v-2a4 4 0 0 0-3-3.87"/><path d="M16 3.13a4 4 0 0 1 0 7.75"/></svg>',
599 card => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="2" y="5" width="20" height="14" rx="2"/><line x1="2" y1="10" x2="22" y2="10"/><line x1="6" y1="15" x2="10" y2="15"/><line x1="14" y1="15" x2="18" y2="15"/></svg>',
600);
601
602sub _icon {
603 my ($name) = @_;
604 return $ICONS{$name} || '';
605}
606
607# Build the <meta> block injected into every page's <head>. Pulls
608# platform defaults from platform_settings, and if the caller passed
609# opts->{storefront} (e.g. /store.cgi), layers the per-storefront SEO
610# row over the top. Cached per-request via $_meta_cache so repeated
611# calls in one CGI don't re-query.
612our $_meta_cache;
613sub _build_meta_tags {
614 my ($opts) = @_;
615 return '' unless $opts;
616
617 require MODS::DBConnect;
618 require MODS::WebSTLs::SEO;
619 my $db = MODS::DBConnect->new;
620 my $seo = MODS::WebSTLs::SEO->new;
621 my $DB = $config->settings('database_name');
622 my $dbh = $db->db_connect();
623 return '' unless $dbh;
624
625 my $platform = $seo->get_platform_settings($db, $dbh, $DB);
626 my $store = $opts->{storefront} || {};
627
628 my $tags = $seo->render_tags(
629 platform => $platform,
630 storefront => $store,
631 page_title => $opts->{title} || '',
632 request_url => $opts->{canonical_url} || '',
633 );
634
635 $db->db_disconnect($dbh);
636 return $tags;
637}
638
6391;
Keyboard: j next diff k previous diff g top G bottom r restore c compile-check ? help