browsercms 3.0.2 → 3.0.3

data/app/views/cms/pages/_edit_connector.html.erb

@@ -1,4 +1,4 @@
-<div class="cms_edit_connectable" style="display: block; height: auto; width: inherit; position: relative; border: 1px solid #999; margin: 1px -6px 0 -6px; padding: 25px 5px 0 5px;  background: url(/images/cms/containers/beta.png) repeat-x 0 0;">
+<div class="cms_edit_connectable" style="display: block; height: auto; position: relative; border: 1px solid #999; margin: 1px -6px 0 -6px; padding: 25px 5px 0 5px;  background: url(/images/cms/containers/beta.png) repeat-x 0 0;">
   <div style="display: block; width: 100%; position: absolute; top: 5px; left: 5px; height: 30px;">
     <%= link_to image_tag("cms/pages/show_connectable.gif", :style => "text-decoration: none; padding: 0; background: none; margin: 0; float: none; border: none;"), cms_connectable_path(connectable), :title => "View this content (#{connectable.name})" , :style => "text-decoration: none; padding: 0 2px 0 0; background: none; margin: 0; float: none; border: none;"%>
     <%= link_to image_tag("cms/pages/edit_connectable.gif", :style => "text-decoration: none; padding: 0; background: none; margin: 0; float: none; border: none;"), edit_cms_connectable_path(connectable, :_redirect_to => @page.path), :title => "Edit this content (#{connectable.name})" , :style => "text-decoration: none; padding: 0 2px 0 0; background: none; margin: 0; float: none; border: none;"%>

data/app/views/cms/pages/_edit_container.html.erb

@@ -1,4 +1,4 @@
-<div class="cms_edit_container" style="height: auto; width: inherit; background: url(/images/cms/containers/alpha.png) repeat-x 0 0; border: 1px solid #999; margin: -8px 0 0 -8px; padding: 24px 7px 1px 7px; position: relative;">
+<div class="cms_edit_container" style="height: auto; background: url(/images/cms/containers/alpha.png) repeat-x 0 0; border: 1px solid #999; margin: -8px 0 0 -8px; padding: 24px 7px 1px 7px; position: relative;">
     <div style="display: block; width: 100%; position: absolute; top: 5px; left: 5px; height: 30px;">
       <%= link_to image_tag("cms/pages/add_connectable.gif", :style => "text-decoration: none; padding: 0; background: none; margin: 0; float: none; border: none;"), cms_content_types_path(:connect_to_page_id => @page, :connect_to_container => name), :title => "Add new content to this container (#{name})" , :style => "text-decoration: none; padding: 0 2px 0 0; background: none; margin: 0; float: none; border: none;"%>
       <%= link_to image_tag("cms/pages/connect_connectable.gif", :style => "text-decoration: none; padding: 0; background: none; margin: 0; float: none; border: none;"), new_cms_connector_path(:page_id => @page, :container => name), :title => "Insert existing content into this container (#{name})" , :style => "text-decoration: none; padding: 0 2px 0 0; background: none; margin: 0; float: none; border: none;"%>

data/app/views/cms/section_nodes/_node.html.erb

@@ -8,7 +8,7 @@
   <table class="section_node <%= node_type %> <%= "movable" if current_user.able_to?(:publish_content) %>" width="100%" cellspacing="0" cellpadding="0">
     <tr><td colspan="4" class="drop-before"></td></tr>
     <tr<%= ' class="doubled"' if access_icon && hidden %>>
-      <td id="<%= node_type %>_<%= node.id %>" class="<%= node_type == "section" && node.root? ? 'root' : '' %> <%= node_type %> node">
+      <td id="<%= node_type %>_<%= node.id %>" class="<%= node_type == "section" && node.root? ? 'root' : '' %> <%= node_type %> node <%= 'non-editable' unless current_user.able_to_edit?(node) %>">
 	      <%= icon %>
 	      <div><%= h(node.name) %></div>
       </td>

data/app/views/cms/sections/_form.html.erb

@@ -11,46 +11,48 @@
   </div>
 </div>
 
-<div class="checkbox_group fields" style="float: left; width: 100%">
-  <label>Public Permissions</label>
-  <%= hidden_field_tag "section[group_ids][]", "", :id => nil %>
-  <div class="checkboxes">
-    <% for group in public_groups %>
-    <div class="checkbox_fields">
-      <%= check_box_tag "section[group_ids][]", group.id,
-            @section.groups.include?(group), :class => "public_group_ids", :id => "public_group_ids_#{group.id}", :tabindex => next_tabindex %>
-        <label for="public_group_ids_<%= group.id %>"><%= group.name %></label>
-    </div>
-    <% end %>
-    <div class="instructions">Which &ldquo;Public&rdquo; groups can view pages in this section?</div>
-    <div class="check_uncheck">
-      <%= link_to_check_all 'input.public_group_ids' %>, 
-      <%= link_to_uncheck_all 'input.public_group_ids' %>
+<% able_to?(:administrate) do %>
+  <div class="checkbox_group fields" style="float: left; width: 100%">
+    <label>Public Permissions</label>
+    <%= hidden_field_tag "section[group_ids][]", "", :id => nil %>
+    <div class="checkboxes">
+      <% for group in public_groups %>
+      <div class="checkbox_fields">
+        <%= check_box_tag "section[group_ids][]", group.id,
+              @section.groups.include?(group), :class => "public_group_ids", :id => "public_group_ids_#{group.id}", :tabindex => next_tabindex %>
+          <label for="public_group_ids_<%= group.id %>"><%= group.name %></label>
+      </div>
+      <% end %>
+      <div class="instructions">Which &ldquo;Public&rdquo; groups can view pages in this section?</div>
+      <div class="check_uncheck">
+        <%= link_to_check_all 'input.public_group_ids' %>, 
+        <%= link_to_uncheck_all 'input.public_group_ids' %>
+      </div>
     </div>
   </div>
-</div>
 
-<br clear="all" />
+  <br clear="all" />
 
-<div class="checkbox_group fields" style="float: left; width: 100%">
-  <label>CMS Permissions</label>
-  <%= hidden_field_tag "section[group_ids][]", "", :id => nil %>
-  <div class="checkboxes">
-    <% for group in cms_groups %>
-    <div class="checkbox_fields">
-        <%= check_box_tag "section[group_ids][]", group.id,
-            @section.groups.include?(group), :class => "cms_group_ids", :id => "cms_group_ids_#{group.id}", :tabindex => next_tabindex %>
-        <label for="cms_group_ids_<%= group.id %>"><%= group.name %></label>
-    </div>
-    <% end %>
-    <div class="instructions">Which &ldquo;CMS&rdquo; groups can edit pages and content in this section?</div>
-    <div class="check_uncheck">
-      <%= link_to_check_all 'input.cms_group_ids' %>, 
-      <%= link_to_uncheck_all 'input.cms_group_ids' %>
+  <div class="checkbox_group fields" style="float: left; width: 100%">
+    <label>CMS Permissions</label>
+    <%= hidden_field_tag "section[group_ids][]", "", :id => nil %>
+    <div class="checkboxes">
+      <% for group in cms_groups %>
+      <div class="checkbox_fields">
+          <%= check_box_tag "section[group_ids][]", group.id,
+              @section.groups.include?(group), :class => "cms_group_ids", :id => "cms_group_ids_#{group.id}", :tabindex => next_tabindex %>
+          <label for="cms_group_ids_<%= group.id %>"><%= group.name %></label>
+      </div>
+      <% end %>
+      <div class="instructions">Which &ldquo;CMS&rdquo; groups can edit pages and content in this section?</div>
+      <div class="check_uncheck">
+        <%= link_to_check_all 'input.cms_group_ids' %>, 
+        <%= link_to_uncheck_all 'input.cms_group_ids' %>
+      </div>
     </div>
   </div>
-</div>
-<br clear="all" />
+  <br clear="all" />
+<% end %>
 
 <div class="buttons">
   <%= lt_button_wrapper(f.submit("Save", :class => "submit", :tabindex => next_tabindex)) %>

data/app/views/cms/shared/access_denied.html.erb

@@ -0,0 +1,3 @@
+<% page_title "Access Denied" %>
+<%= content_for :functions, "<h1>#{ @page_title }</h1>" %>
+<p>Sorry, you do not have permission to access this page.</p>

data/app/views/cms/users/change_password.html.erb

@@ -1,10 +1,12 @@
 <% @page_title = @toolbar_title = "Set New Password" %>
-<% content_for :toolbar_links do %>
-  <%= link_to(span_tag("List All"), url_for(:controller => "users", :action => "index"), :id => "list_all_button", :class => "button") %>
-  <%= link_to(span_tag("Edit User"), url_for(:controller => "users", :action => "edit", :id => @user.id), :id => "edit_user_button", :class => "button") %>
-<% end %>
+<% able_to? :administrate do %>
+  <% content_for :toolbar_links do %>
+    <%= link_to(span_tag("List All"), url_for(:controller => "users", :action => "index"), :id => "list_all_button", :class => "button") %>
+    <%= link_to(span_tag("Edit User"), url_for(:controller => "users", :action => "edit", :id => @user.id), :id => "edit_user_button", :class => "button") %>
+  <% end %>
 
-<%= content_for :functions, render(:partial => "toolbar") %>
+  <%= content_for :functions, render(:partial => "toolbar") %>
+<% end %>
 
 <% content_for :html_head do %>
   <%= stylesheet_link_tag('cms/form_layout') %>
@@ -16,4 +18,4 @@
   <div class="buttons">
     <%= lt_button_wrapper(f.submit("Save", :class => "submit")) %>
   </div>
-<% end %>
+<% end %>

data/app/views/cms/users/index.html.erb

@@ -26,7 +26,7 @@
     <% @users.each do |user|%>
     <tr>
         <td class="first"></td>
-        <td><div class="dividers"><%= link_to "#{user.first_name} #{user.last_name}", [:cms, user] %></div></td>
+        <td><div class="dividers"><%= link_to "#{user.first_name} #{user.last_name}", edit_cms_user_path(user) %></div></td>
 	      <td><div class="dividers"><%= link_to user.email, "mailto:#{user.email}" %></div></td>
         <td>
             <div class="dividers">

data/app/views/cms/users/show.html.erb

@@ -0,0 +1,50 @@
+<% @page_title = @toolbar_title = h(@user.login) %>
+
+<% content_for :toolbar_links do %>
+  <%= link_to(span_tag("List All"), cms_users_path, 
+    :id => "list_all_button", 
+    :class => "button") if current_user.able_to?(:administrate) %>
+  <%= link_to(span_tag("Change Password"), [:change_password, :cms, @user], 
+    :id => "change_password_button", 
+    :class => "button") %>
+<% end %>
+
+<% content_for :functions do %> 
+  <%= render(:partial => "toolbar") %>
+<% end %>
+
+<% content_for :html_head do %>
+  <%= stylesheet_link_tag('cms/form_layout') %>
+<% end %>
+
+<div class="faux_form">
+  <div class="fields">
+    <span class="label">Username</span>
+    <%=h @user.login %>
+  </div>
+  
+  <div class="fields">
+    <span class="label">Email</span>
+    <%=h @user.email %>
+  </div>
+  
+  <div class="fields">
+    <span class="label">First name</span>
+    <%=h @user.first_name %>
+  </div>
+  
+  <div class="fields">
+    <span class="label">Last name</span>
+    <%=h @user.last_name %>
+  </div>
+  
+  <div class="fields">
+    <span class="label">Groups</span>
+    
+    <ul>
+      <% @user.groups.each do |group| -%>
+        <li><%= group.name %></li>
+      <% end -%>
+    </ul>
+  </div>
+</div>

data/app/views/layouts/_cms_toolbar.html.erb

@@ -8,7 +8,7 @@
         <% able_to?(:administrate) do %><li><%= link_to image_tag("/images/cms/nav_admin#{'_on' if tab == :administration}.gif", :id => 'nav_admin_img'), cms_administration_path, :target => "_top" %></li><% end %>
       </ul>
       <ul id="userlinks">
-	<li id="user_info"><%= image_tag "cms/icons/user.png" %><span><%= current_user.full_name %></span></li>
+	<li id="user_info"><a href="<%= current_user.able_to?(:administrate) ? edit_cms_user_path(current_user) : cms_user_path(current_user) %>" target="_top"><%= image_tag "cms/icons/user.png" %> <%= current_user.full_name %></a></li>
       	<li><%= link_to "Logout", cms_logout_path, :class => "http_delete", :target => "_top" %></li>
       </ul>
       <% flash_class, flash_message = flash.to_a.first %>

data/app/views/layouts/_page_toolbar.html.erb

@@ -50,30 +50,30 @@
   <%= link_to "<span>Publish</span>", 
     @page.live? ? '#' : publish_cms_page_path(@page), 
     :id => "publish_button",
-    :class => "http_put button#{' disabled' if !current_user.able_to?(:publish_content) || @page.version != @page.draft.version || @page.live?} left",
+    :class => "http_put button#{' disabled' if !current_user.able_to?(:publish_content) || !current_user.able_to_edit?(@page) || @page.version != @page.draft.version || @page.live?} left",
     :target => "_top" %>
     
   <%= link_to "<span>Assign</span>", 
     new_cms_page_task_path(@page), 
     :id => "assign_button",
-    :class => "button#{ ' disabled' if @page.assigned_to == current_user} middle",
+    :class => "button#{ ' disabled' if @page.assigned_to == current_user || !current_user.able_to_edit?(@page) } middle",
     :target => "_top" %>
     
   <%= link_to "<span>Complete Task</span>", 
     @page.current_task ? complete_cms_task_path(@page.current_task) : '#', 
     :id => "complete_task_button",
-    :class => "http_put button#{ ' disabled' unless @page.assigned_to == current_user} right", 
+    :class => "http_put button#{ ' disabled' if @page.assigned_to != current_user || !current_user.able_to_edit?(@page) } right", 
     :target => "_top" %>
 
   <%= link_to "<span>Edit Properties</span>", 
     [:edit, :cms, @page], 
     :id => "edit_properties_button",
-    :class => "spacer button", 
+    :class => "spacer button#{ ' disabled' unless current_user.able_to_edit?(@page) }", 
     :target => "_top" %>
   
   <%= link_to "<span>List Versions</span>", 
     versions_cms_page_path(@page), 
-    :class => "spacer button",
+    :class => "spacer button#{ ' disabled' unless current_user.able_to_edit?(@page) }",
     :target => "_top" %>
     
   <% able_to? :publish_content do %>
@@ -83,7 +83,7 @@
         :id => "delete_button",
         :title => "Are you sure you want to delete '#{@page.name}'?", 
         :target => "_top", 
-        :class => "spacer button confirm_with_title http_delete" %>
+        :class => "spacer button confirm_with_title http_delete#{ ' disabled' unless current_user.able_to_publish?(@page) }" %>
     <% else %>
       <%= link_to "<span>Revert to this Version</span>",
         revert_to_cms_page_path(@page, @page.version), 
@@ -98,7 +98,7 @@
         <div class="visual_editor_label">Visual Editor:</div>
         <div class="visual_editor_value_container">
           <% if @mode == "edit" %>
-	    <div><span id="visual_editor_state">ON</span></div>
+	    <div><span id="visual_editor_state"<%= ' title="You don\'t have permission to edit this page"' unless current_user.able_to_edit?(@page) %>>ON<%= '*' unless current_user.able_to_edit?(@page) %></span></div>
           <% else %>
 	    <div><span id="visual_editor_state">OFF</span></div>
           <% end %>

data/app/views/layouts/cms/administration.html.erb

@@ -7,18 +7,29 @@
   <div id="wrapper">
     <%= render_cms_toolbar(:administration) %>
     <div id="main">
-    <div class="top_cap_menu"></div>
-      <div id="menu">
-        <%= render :partial => 'cms/shared/admin_sidebar' %>                      
-      </div>
-      <div id="contentwrap">
+    
+    <% if current_user.able_to?(:administrate) %>
+      <div class="top_cap_menu"></div>
+        <div id="menu">
+          <%= render :partial => 'cms/shared/admin_sidebar' %>                      
+        </div>
+        <div id="contentwrap">
+    <% else %>
+      <div class="top_cap"></div>
+      <div id="contentwrapbig">
+    <% end %>
+    
 	<div id="functions">
 	  <h1><%= @toolbar_title %></h1>
 	  <%= yield :functions %>
 
 	</div>
 	<br clear="all" />
-	<div class="top_cap_content"></div>
+	
+	<% able_to?(:administrate) do %>
+	  <div class="top_cap_content"></div>
+	<% end %>
+	
       <div id="content">
 	<div class="pad">
           <%= yield %>
@@ -26,7 +37,13 @@
       </div>
     </div>
     <br clear="all" />
-    <div class="bottom_cap_content"></div>
+    
+    <% if current_user.able_to?(:administrate) %>
+      <div class="bottom_cap_content"></div>
+    <% else %>
+      <div class="bottom_cap"></div>
+    <% end %>
+    
     <%= render :partial => 'layouts/cms/footer' %>
   </div>
 </div>

data/browsercms.gemspec

@@ -1,15 +1,15 @@
 # Generated by jeweler
-# DO NOT EDIT THIS FILE
-# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
   s.name = %q{browsercms}
-  s.version = "3.0.2"
+  s.version = "3.0.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["BrowserMedia"]
-  s.date = %q{2009-10-06}
+  s.date = %q{2009-11-06}
   s.email = %q{github@browsermedia.com}
   s.extra_rdoc_files = [
     "LICENSE.txt",
@@ -155,6 +155,8 @@ Gem::Specification.new do |s|
      "app/views/cms/links/destroy.js.rjs",
      "app/views/cms/links/edit.html.erb",
      "app/views/cms/links/new.html.erb",
+     "app/views/cms/menus/_menu.html.erb",
+     "app/views/cms/menus/_menu_item.html.erb",
      "app/views/cms/page_routes/_form.html.erb",
      "app/views/cms/page_routes/edit.html.erb",
      "app/views/cms/page_routes/index.html.erb",
@@ -191,6 +193,7 @@ Gem::Specification.new do |s|
      "app/views/cms/shared/_pagination.html.erb",
      "app/views/cms/shared/_version_conflict_diff.html.erb",
      "app/views/cms/shared/_version_conflict_error.html.erb",
+     "app/views/cms/shared/access_denied.html.erb",
      "app/views/cms/shared/error.html.erb",
      "app/views/cms/tags/_form.html.erb",
      "app/views/cms/tags/render.html.erb",
@@ -205,6 +208,7 @@ Gem::Specification.new do |s|
      "app/views/cms/users/edit.html.erb",
      "app/views/cms/users/index.html.erb",
      "app/views/cms/users/new.html.erb",
+     "app/views/cms/users/show.html.erb",
      "app/views/layouts/_cms_toolbar.html.erb",
      "app/views/layouts/_page_toolbar.html.erb",
      "app/views/layouts/application.html.erb",
@@ -1168,6 +1172,7 @@ Gem::Specification.new do |s|
      "public/images/cms/usercontrols_bg.png",
      "public/images/cms/usercontrols_bg_cap.png",
      "public/javascripts/cms/application.js",
+     "public/javascripts/cms/content_library.js",
      "public/javascripts/cms/editor.js",
      "public/javascripts/cms/sitemap.js",
      "public/javascripts/jquery-ui.js",
@@ -1228,12 +1233,11 @@ Gem::Specification.new do |s|
      "templates/demo.rb",
      "templates/module.rb"
   ]
-  s.has_rdoc = true
   s.homepage = %q{http://www.browsercms.org}
   s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{browsercms}
-  s.rubygems_version = %q{1.3.1}
+  s.rubygems_version = %q{1.3.5}
   s.summary = %q{BrowserCMS is a general purpose, open source Web Content Management System (CMS), written in Ruby on Rails.}
   s.test_files = [
     "test/functional/cms/file_blocks_controller_test.rb",
@@ -1248,6 +1252,7 @@ Gem::Specification.new do |s|
      "test/functional/cms/links_controller_test.rb",
      "test/functional/cms/dynamic_views_controller_test.rb",
      "test/functional/cms/categories_controller_test.rb",
+     "test/functional/cms/content_block_controller_test.rb",
      "test/functional/cms/pages_controller_test.rb",
      "test/functional/cms/connectors_controller_test.rb",
      "test/functional/cms/home_controller_test.rb",
@@ -1303,7 +1308,7 @@ Gem::Specification.new do |s|
 
   if s.respond_to? :specification_version then
     current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-    s.specification_version = 2
+    s.specification_version = 3
 
     if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
     else
@@ -1311,3 +1316,4 @@ Gem::Specification.new do |s|
   else
   end
 end
+

data/lib/acts_as_list.rb

@@ -61,7 +61,7 @@ module ActsAsList
 
         #{scope_condition_method}
 
-        before_destroy :remove_from_list
+        before_destroy :remove_from_list_without_saving
         before_create  :add_to_list_bottom
       EOV
     end
@@ -118,13 +118,17 @@ module ActsAsList
     end
 
     # Removes the item from the list.
-    def remove_from_list
+    def remove_from_list(save = true)
       if in_list?
         decrement_positions_on_lower_items
-        update_attribute position_column, nil
+        update_attribute(position_column, nil) if save
       end
     end
 
+    def remove_from_list_without_saving
+      self.remove_from_list(false)
+    end
+
     # Increase the position of this item without adjusting the rest of the list.
     def increment_position
       return unless in_list?
@@ -249,4 +253,4 @@ module ActsAsList
         self.update_attribute(position_column, position)
       end
   end
-end
+end

data/lib/cms/acts/content_block.rb

@@ -28,4 +28,4 @@ module Cms
       end
     end
   end
-end
+end

data/lib/cms/authentication/controller.rb

@@ -1,3 +1,27 @@
+#
+# Defines the authentication behavior for controllers in BrowserCMS. It can be added to any controller that needs to 
+# hook into the BrowserCMS Authentication behavior like so:
+#
+# class MySuperSecureController < ApplicationController
+#   include Cms::Authentication::Controller
+#
+# It is based off Restful_Authentication, and adds in behavior to deal with several concepts specific to BrowserCMS.
+#
+# (Note: 10/8/09 - I was comparing this to a very old version of the generated code from Restful_Authentication,
+# so some of the following items may be 'stock' to that. (Especially #2)
+#
+# 1. Guests - These represents users that are not logged in. What guests can see and do can be modified via the CMS UI. Guests
+#             are not considered to be 'logged in'.
+# 2. 'Current' User - The currently logged in user is stored in a thread local, and can be accessed anywhere via 'User.current'.
+#             This allows model code to easily record which user is making changes to records, for versioning, etc.
+#
+# 3. 'Admin' Access Denied Page - If users try to access a protected controller, they are redirected to the CMS administration Login page
+#             which may be different than the 'front end' user login page. (Cms::Controller handles that differently)
+#
+#
+# To Dos: It appears as though we are storing the 'current' user in two places, @current_user and User.current. This is probably not DRY, but
+#   more testing would be needed.
+#
 module Cms
   module Authentication
     module Controller
@@ -12,6 +36,7 @@ module Cms
         # If the user is not logged in, this will be set to the guest user, which represents a public
         # user, who will likely have more limited permissions
         def current_user
+          # Note: We have disabled basic_http_auth
           @current_user ||= begin
             User.current = (login_from_session || login_from_cookie || User.guest)  
           end
@@ -61,7 +86,7 @@ module Cms
 
         # Redirect as appropriate when an access request fails.
         #
-        # The default action is to redirect to the login screen.
+        # The default action is to redirect to the BrowserCMS admin login screen.
         #
         # Override this method in your controllers if you want to have special
         # behavior in case the user is not authorized
@@ -73,11 +98,6 @@ module Cms
               store_location
               redirect_to cms_login_path
             end
-            # format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987
-            # you may want to change format.any to e.g. format.any(:js, :xml)
-            # format.any do
-            #   request_http_basic_authentication 'Web Password'
-            # end
           end
         end
 
@@ -162,7 +182,6 @@ module Cms
 
         # Cookies shouldn't be allowed to persist past their freshness date,
         # and they should be changed at each login
-
         def valid_remember_cookie?
           return nil unless User.current
           (User.current.remember_token?) && 

data/lib/cms/behaviors/attaching.rb

@@ -118,14 +118,14 @@ module Cms
 
         # Override this method if you would like to override the way the section is set
         def set_attachment_section
-          if new_record? && !attachment_file.blank?
+          if !attachment_file.blank?
             attachment.section = Section.root.first
           end
         end
 
         # Override this method if you would like to override the way file_path is set
         def set_attachment_file_path
-          if new_record? && !attachment_file.blank?
+          if !attachment_file.blank?
             attachment.file_path = "/attachments/#{File.basename(attachment_file.original_filename).to_s.downcase}"
           end
         end
@@ -181,4 +181,4 @@ module Cms
       end
     end
   end
-end
+end

data/lib/cms/behaviors/publishing.rb

@@ -23,7 +23,18 @@ module Cms
           after_save :publish_for_non_versioned
         
           named_scope :published, :conditions => {:published => true}
-          named_scope :unpublished, :conditions => {:published => false}        
+          named_scope :unpublished, lambda {
+            if versioned?
+              { :joins => :versions,
+                :conditions =>
+                  "#{connection.quote_table_name(version_table_name)}.#{connection.quote_column_name('version')} > " +
+                  "#{connection.quote_table_name(table_name)}.#{connection.quote_column_name('version')}",
+                :select => "distinct #{connection.quote_table_name(table_name)}.*" }
+            else
+              { :conditions => { :published => false } }
+            end
+          }
+
         end
       end
       module ClassMethods

data/lib/cms/behaviors/rendering.rb

@@ -82,7 +82,7 @@ module Cms
   
     end
     module InstanceMethods
-      def perform_render(controller)
+      def prepare_to_render(controller)
         # Give this renderable a reference to the controller
         @controller = controller
 
@@ -90,12 +90,21 @@ module Cms
 
         # This gives the view a reference to this object
         instance_variable_set(self.class.instance_variable_name_for_view, self)
-
+    
         # This is like a controller action
         # We will call it if you have defined a render method
         # but if you haven't we won't
         render if respond_to?(:render)
+      end
     
+      def perform_render(controller)
+        return "Exception: #{@render_exception}" if @render_exception
+        unless @controller
+          # We haven't prepared to render. This should only happen when logged in, as we don't want
+          # errors to bubble up and prevent the page being edited in that case.
+          prepare_to_render(controller)
+        end
+        
         # Create, Instantiate and Initialize the view
         view_class  = Class.new(ActionView::Base)      
         action_view = view_class.new(@controller.view_paths, {}, @controller)
@@ -108,7 +117,7 @@ module Cms
         
         # We want content_for to be called on the controller's view, not this inner view
         def action_view.content_for(name, content=nil, &block)
-          controller.instance_variable_get("@template").content_for(name, content, &block)
+          @controller.instance_variable_get("@template").content_for(name, content, &block)
         end
         
         # Copy instance variables from this renderable object to it's view
@@ -122,6 +131,10 @@ module Cms
         end
       end
   
+      def render_exception=(exception)
+        @render_exception = exception
+      end
+
       protected
         def copy_instance_variables_from_controller!
           if @controller.respond_to?(:instance_variables_for_rendering)
@@ -141,4 +154,4 @@ module Cms
       
     end
   end
-end
+end

data/lib/cms/behaviors/versioning.rb

@@ -110,7 +110,7 @@ module Cms
         def save(perform_validations=true)
           transaction do
             #logger.info "..... Calling valid?"
-            return false unless valid?            
+            return false unless !perform_validations || valid?            
             
             if changed?
               #logger.info "..... Changes => #{changes.inspect}"
@@ -172,7 +172,7 @@ module Cms
         end
 
         def save!(perform_validations=true)
-          save || raise(ActiveRecord::RecordNotSaved.new(errors.full_messages))
+          save(perform_validations) || raise(ActiveRecord::RecordNotSaved.new(errors.full_messages))
         end
 
         def draft

data/lib/cms/routes.rb

@@ -119,6 +119,10 @@ module Cms::Routes
         :enable => :put
       }
       
+      if RAILS_ENV == "test" && File.expand_path(RAILS_ROOT) == File.expand_path(File.dirname(__FILE__) + "/../..")
+        cms.content_blocks :content_block
+      end
+      
     end
 
     if PageRoute.table_exists?