browsercms 3.0.2 → 3.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/app/controllers/cms/content_block_controller.rb +25 -2
- data/app/controllers/cms/content_controller.rb +31 -2
- data/app/controllers/cms/dashboard_controller.rb +2 -1
- data/app/controllers/cms/error_handling.rb +9 -2
- data/app/controllers/cms/links_controller.rb +2 -0
- data/app/controllers/cms/pages_controller.rb +22 -18
- data/app/controllers/cms/section_nodes_controller.rb +1 -1
- data/app/controllers/cms/sections_controller.rb +12 -7
- data/app/controllers/cms/sessions_controller.rb +17 -10
- data/app/controllers/cms/users_controller.rb +8 -6
- data/app/helpers/cms/application_helper.rb +2 -6
- data/app/helpers/cms/menu_helper.rb +118 -146
- data/app/helpers/cms/page_helper.rb +2 -2
- data/app/models/attachment.rb +2 -2
- data/app/models/group.rb +13 -2
- data/app/models/guest_user.rb +9 -3
- data/app/models/link.rb +2 -2
- data/app/models/page.rb +1 -1
- data/app/models/section.rb +7 -2
- data/app/models/user.rb +35 -17
- data/app/views/cms/blocks/_toolbar_for_member.html.erb +3 -3
- data/app/views/cms/blocks/index.html.erb +11 -6
- data/app/views/cms/content/show.html.erb +3 -3
- data/app/views/cms/menus/_menu.html.erb +9 -0
- data/app/views/cms/menus/_menu_item.html.erb +11 -0
- data/app/views/cms/pages/_edit_connector.html.erb +1 -1
- data/app/views/cms/pages/_edit_container.html.erb +1 -1
- data/app/views/cms/section_nodes/_node.html.erb +1 -1
- data/app/views/cms/sections/_form.html.erb +36 -34
- data/app/views/cms/shared/access_denied.html.erb +3 -0
- data/app/views/cms/users/change_password.html.erb +8 -6
- data/app/views/cms/users/index.html.erb +1 -1
- data/app/views/cms/users/show.html.erb +50 -0
- data/app/views/layouts/_cms_toolbar.html.erb +1 -1
- data/app/views/layouts/_page_toolbar.html.erb +7 -7
- data/app/views/layouts/cms/administration.html.erb +24 -7
- data/browsercms.gemspec +13 -7
- data/lib/acts_as_list.rb +8 -4
- data/lib/cms/acts/content_block.rb +1 -1
- data/lib/cms/authentication/controller.rb +26 -7
- data/lib/cms/behaviors/attaching.rb +3 -3
- data/lib/cms/behaviors/publishing.rb +12 -1
- data/lib/cms/behaviors/rendering.rb +17 -4
- data/lib/cms/behaviors/versioning.rb +2 -2
- data/lib/cms/routes.rb +4 -0
- data/lib/tasks/cms.rake +0 -18
- data/public/javascripts/cms/content_library.js +36 -0
- data/public/javascripts/cms/sitemap.js +21 -9
- data/public/stylesheets/cms/form_layout.css +16 -2
- data/public/stylesheets/cms/nav.css +4 -3
- data/test/functional/cms/content_block_controller_test.rb +120 -0
- data/test/functional/cms/content_controller_test.rb +135 -80
- data/test/functional/cms/links_controller_test.rb +89 -1
- data/test/functional/cms/pages_controller_test.rb +138 -0
- data/test/functional/cms/section_nodes_controller_test.rb +45 -5
- data/test/functional/cms/sections_controller_test.rb +148 -1
- data/test/functional/cms/sessions_controller_test.rb +26 -2
- data/test/functional/cms/users_controller_test.rb +49 -2
- data/test/test_helper.rb +3 -1
- data/test/unit/behaviors/attaching_test.rb +26 -0
- data/test/unit/helpers/menu_helper_test.rb +118 -278
- data/test/unit/models/group_test.rb +6 -0
- data/test/unit/models/user_test.rb +127 -29
- metadata +12 -4
data/lib/tasks/cms.rake
CHANGED
@@ -9,24 +9,6 @@ end
|
|
9
9
|
|
10
10
|
namespace :cms do
|
11
11
|
|
12
|
-
desc "DEPRECATED"
|
13
|
-
task :install do
|
14
|
-
puts "This task has been deprecated, please use 'rake install' instead"
|
15
|
-
end
|
16
|
-
|
17
|
-
desc "Bumps the build number in lib/cms/init.rb"
|
18
|
-
task :bump_build_number do
|
19
|
-
init_file = Rails.root.join("lib/cms/init.rb")
|
20
|
-
s = File.read(init_file)
|
21
|
-
open(init_file, 'w') do |f|
|
22
|
-
f << s.sub(/def build_number; (\d+) end/) do |s|
|
23
|
-
new_build_number = $1.to_i + 1
|
24
|
-
puts "Build number bumped to #{new_build_number}"
|
25
|
-
"def build_number; #{new_build_number} end"
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
12
|
desc "Generate guides for the CMS"
|
31
13
|
task :guides do
|
32
14
|
require 'rubygems'
|
@@ -0,0 +1,36 @@
|
|
1
|
+
jQuery(function($){
|
2
|
+
|
3
|
+
//----- Helper Functions -----------------------------------------------------
|
4
|
+
//In all of this code, we are defining functions that we use later
|
5
|
+
//None of this actually manipulates the DOM in any way
|
6
|
+
|
7
|
+
//This is used to get the id part of an elementId
|
8
|
+
//For example, if you have section_node_5,
|
9
|
+
//you pass this 'section_node_5', 'section_node'
|
10
|
+
//and this returns 5
|
11
|
+
var getId = function(elementId, s) {
|
12
|
+
return elementId.replace(s,'')
|
13
|
+
}
|
14
|
+
|
15
|
+
|
16
|
+
var nodeOnDoubleClick = function() {
|
17
|
+
if($('#edit_button').hasClass('disabled')) {
|
18
|
+
//$('#view_button').click()
|
19
|
+
location.href = $('#view_button')[0].href
|
20
|
+
} else {
|
21
|
+
//$('#edit_button').click()
|
22
|
+
location.href = $('#edit_button')[0].href
|
23
|
+
}
|
24
|
+
}
|
25
|
+
|
26
|
+
var addNodeOnDoubleClick = function() {
|
27
|
+
$('#blocks tr').dblclick(nodeOnDoubleClick)
|
28
|
+
}
|
29
|
+
|
30
|
+
//----- Init -----------------------------------------------------------------
|
31
|
+
//In other words, stuff that happens when the page loads
|
32
|
+
//This is where we actually manipulate the DOM, fire events, etc.
|
33
|
+
|
34
|
+
addNodeOnDoubleClick()
|
35
|
+
|
36
|
+
})
|
@@ -187,15 +187,26 @@ jQuery(function($){
|
|
187
187
|
}
|
188
188
|
|
189
189
|
var enableButtonsForNode = function(node) {
|
190
|
-
var id = getId(node.id, /(section|page|link)_/)
|
191
|
-
if(
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
190
|
+
var id = getId(node.id, /(section|page|link)_/);
|
191
|
+
if(!$(node).is(".non-editable")) {
|
192
|
+
if($(node).hasClass('section')) {
|
193
|
+
enableButtonsForSection(id);
|
194
|
+
} else if($(node).hasClass('page')) {
|
195
|
+
enableButtonsForPage(id);
|
196
|
+
} else if($(node).hasClass('link')) {
|
197
|
+
enableButtonsForLink(id);
|
198
|
+
}
|
199
|
+
}else if($(node).hasClass('page')) {
|
200
|
+
$('#edit-button')
|
201
|
+
.html('<span>View Page</span>')
|
202
|
+
.removeClass('disabled')
|
203
|
+
.attr('href','/cms/pages/'+id)
|
204
|
+
.unbind('click')
|
205
|
+
.click(function(){return true});
|
206
|
+
} else {
|
207
|
+
$('#properties-button').attr('href','/cms/sitemap');
|
208
|
+
}
|
209
|
+
};
|
199
210
|
|
200
211
|
var enableButtonsForSection = function(id) {
|
201
212
|
$('#properties-button')
|
@@ -253,6 +264,7 @@ jQuery(function($){
|
|
253
264
|
|
254
265
|
var enableButtonsForPage = function(id) {
|
255
266
|
$('#edit-button')
|
267
|
+
.html('<span>Edit Page</span>')
|
256
268
|
.removeClass('disabled')
|
257
269
|
.attr('href','/cms/pages/'+id)
|
258
270
|
.unbind('click')
|
@@ -1,6 +1,6 @@
|
|
1
1
|
@import url(/stylesheets/cms/selectbox.css);
|
2
2
|
|
3
|
-
form {
|
3
|
+
form, .faux_form {
|
4
4
|
font-size: 10pt;
|
5
5
|
font-family: "Trebuchet MS", Helvetica, Verdana, Arial, sans-serif;
|
6
6
|
color:#485561;
|
@@ -21,6 +21,19 @@ padding: 10px 0;
|
|
21
21
|
background: url(/images/cms/dashed.gif) repeat-x 100% 100%;
|
22
22
|
}
|
23
23
|
|
24
|
+
/* Fake forms */
|
25
|
+
.faux_form .fields {
|
26
|
+
padding: 22px 0 10px 0;
|
27
|
+
font-size: 12px;
|
28
|
+
overflow: hidden;
|
29
|
+
}
|
30
|
+
.faux_form .fields .label {
|
31
|
+
padding: 0 0 12px 0;
|
32
|
+
float: left;
|
33
|
+
width: 140px;
|
34
|
+
font-weight: bold;
|
35
|
+
}
|
36
|
+
|
24
37
|
/* LABELS */
|
25
38
|
.text_fields label,
|
26
39
|
.textarea_fields label,
|
@@ -39,7 +52,8 @@ font-size: 12px;
|
|
39
52
|
.select_fields label,
|
40
53
|
.text_editor_fields label,
|
41
54
|
.file_fields label,
|
42
|
-
.checkboxes label
|
55
|
+
.checkboxes label,
|
56
|
+
.faux_label
|
43
57
|
{
|
44
58
|
font-weight: bold;
|
45
59
|
font-size: 12px;
|
@@ -70,13 +70,14 @@ color: #666;
|
|
70
70
|
font-weight: bold;
|
71
71
|
}
|
72
72
|
|
73
|
-
#nav ul#userlinks li a
|
74
|
-
padding:
|
73
|
+
#nav ul#userlinks li a {
|
74
|
+
padding: 4px 19px 11px 19px;
|
75
75
|
background: url(/images/cms/usercontrols_bg_cap.png) no-repeat 100% 0;
|
76
76
|
color: #666;
|
77
77
|
display: block;
|
78
78
|
float: left;
|
79
79
|
text-decoration: none;
|
80
|
+
line-height: 18px;
|
80
81
|
}
|
81
82
|
|
82
83
|
#nav ul#userlinks li span {
|
@@ -88,7 +89,7 @@ padding: 9px 10px;
|
|
88
89
|
}
|
89
90
|
#nav ul#userlinks li#user_info img {
|
90
91
|
float:left;
|
91
|
-
margin:
|
92
|
+
margin: 0 5px 0 0;
|
92
93
|
}
|
93
94
|
|
94
95
|
#nav .cmssearch {
|
@@ -0,0 +1,120 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), '/../../test_helper')
|
2
|
+
|
3
|
+
class PermissionsForContentBlockControllerTest < ActionController::TestCase
|
4
|
+
include Cms::ControllerTestHelper
|
5
|
+
tests Cms::ContentBlockController
|
6
|
+
|
7
|
+
# We're stubbing a lot because we *just* want to isolate the behaviour for checking permissions
|
8
|
+
def setup
|
9
|
+
login_as_cms_admin
|
10
|
+
@user = User.first
|
11
|
+
@controller.stubs(:current_user).returns(@user)
|
12
|
+
@controller.stubs(:render)
|
13
|
+
@controller.stubs(:model_class).returns(ContentBlock)
|
14
|
+
@controller.stubs(:set_default_category)
|
15
|
+
@controller.stubs(:blocks_path).returns("/cms/content_block")
|
16
|
+
@controller.stubs(:redirect_to_first).returns("/cms/content_block")
|
17
|
+
|
18
|
+
@block = stub_everything("block")
|
19
|
+
@block.stubs(:as_of_draft_version).returns(@block)
|
20
|
+
@block.stubs(:as_of_version).returns(@block)
|
21
|
+
@block.stubs(:connected_pages).returns(stub(:all => stub))
|
22
|
+
|
23
|
+
ContentBlock.stubs(:find).returns(@block)
|
24
|
+
ContentBlock.stubs(:new).returns(@block)
|
25
|
+
ContentBlock.stubs(:paginate)
|
26
|
+
end
|
27
|
+
|
28
|
+
def expect_access_denied
|
29
|
+
@controller.expects(:render).with(has_entry(:status => 403))
|
30
|
+
end
|
31
|
+
|
32
|
+
def expect_success
|
33
|
+
expect_access_denied.never
|
34
|
+
end
|
35
|
+
|
36
|
+
test "GET index allows any user" do
|
37
|
+
expect_success
|
38
|
+
get :index
|
39
|
+
end
|
40
|
+
|
41
|
+
test "GET show allows any user" do
|
42
|
+
expect_success
|
43
|
+
get :show, :id => 5
|
44
|
+
end
|
45
|
+
|
46
|
+
test "GET new allows any user" do
|
47
|
+
expect_success
|
48
|
+
get :new
|
49
|
+
end
|
50
|
+
|
51
|
+
test "POST create allows any user" do
|
52
|
+
expect_success
|
53
|
+
post :create
|
54
|
+
end
|
55
|
+
|
56
|
+
test "GET version allows any user" do
|
57
|
+
expect_success
|
58
|
+
get :version, :id => 5, :version => 3
|
59
|
+
end
|
60
|
+
|
61
|
+
test "GET versions allows any user" do
|
62
|
+
expect_success
|
63
|
+
get :versions, :id => 5
|
64
|
+
end
|
65
|
+
|
66
|
+
test "GET usages allows any user" do
|
67
|
+
expect_success
|
68
|
+
get :usages, :id => 5
|
69
|
+
end
|
70
|
+
|
71
|
+
test "GET edit allows only users who are able to edit the block" do
|
72
|
+
@user.stubs(:able_to_edit?).with(@block).returns(false)
|
73
|
+
expect_access_denied
|
74
|
+
get :edit, :id => 5
|
75
|
+
|
76
|
+
@user.stubs(:able_to_edit?).with(@block).returns(true)
|
77
|
+
expect_success
|
78
|
+
get :edit, :id => 5
|
79
|
+
end
|
80
|
+
|
81
|
+
test "PUT update allows only users who are able to edit the block" do
|
82
|
+
@user.stubs(:able_to_edit?).with(@block).returns(false)
|
83
|
+
expect_access_denied
|
84
|
+
put :update, :id => 5
|
85
|
+
|
86
|
+
@user.stubs(:able_to_edit?).with(@block).returns(true)
|
87
|
+
expect_success
|
88
|
+
put :update, :id => 5
|
89
|
+
end
|
90
|
+
|
91
|
+
test "DELETE destroy allows only users who are able to publish the block" do
|
92
|
+
@user.stubs(:able_to_publish?).with(@block).returns(false)
|
93
|
+
expect_access_denied
|
94
|
+
delete :destroy, :id => 5
|
95
|
+
|
96
|
+
@user.stubs(:able_to_publish?).with(@block).returns(true)
|
97
|
+
expect_success
|
98
|
+
delete :destroy, :id => 5
|
99
|
+
end
|
100
|
+
|
101
|
+
test "PUT publish allows only users who are able to publish the block" do
|
102
|
+
@user.stubs(:able_to_publish?).with(@block).returns(false)
|
103
|
+
expect_access_denied
|
104
|
+
put :publish, :id => 5
|
105
|
+
|
106
|
+
@user.stubs(:able_to_publish?).with(@block).returns(true)
|
107
|
+
expect_success
|
108
|
+
put :publish, :id => 5
|
109
|
+
end
|
110
|
+
|
111
|
+
test "PUT revert_to allows only users who are able to publish the block" do
|
112
|
+
@user.stubs(:able_to_publish?).with(@block).returns(false)
|
113
|
+
expect_access_denied
|
114
|
+
put :revert_to, :id => 5, :version => 1
|
115
|
+
|
116
|
+
@user.stubs(:able_to_publish?).with(@block).returns(true)
|
117
|
+
expect_success
|
118
|
+
put :revert_to, :id => 5, :version => 1
|
119
|
+
end
|
120
|
+
end
|