browsercms 3.0.2 → 3.0.3

data/lib/tasks/cms.rake

@@ -9,24 +9,6 @@ end
 
 namespace :cms do
   
-  desc "DEPRECATED"
-  task :install do
-    puts "This task has been deprecated, please use 'rake install' instead"
-  end
-  
-  desc "Bumps the build number in lib/cms/init.rb"
-  task :bump_build_number do
-    init_file = Rails.root.join("lib/cms/init.rb")
-    s = File.read(init_file)
-    open(init_file, 'w') do |f| 
-      f << s.sub(/def build_number; (\d+) end/) do |s|
-        new_build_number = $1.to_i + 1
-        puts "Build number bumped to #{new_build_number}"
-        "def build_number; #{new_build_number} end"
-      end
-    end
-  end
-  
   desc "Generate guides for the CMS"
   task :guides do
     require 'rubygems'

data/public/javascripts/cms/content_library.js

@@ -0,0 +1,36 @@
+jQuery(function($){
+    
+    //----- Helper Functions -----------------------------------------------------
+    //In all of this code, we are defining functions that we use later
+    //None of this actually manipulates the DOM in any way
+    
+    //This is used to get the id part of an elementId
+    //For example, if you have section_node_5, 
+    //you pass this 'section_node_5', 'section_node' 
+    //and this returns 5
+    var getId = function(elementId, s) {
+	return elementId.replace(s,'')
+    }
+    
+
+    var nodeOnDoubleClick = function() {
+	if($('#edit_button').hasClass('disabled')) {
+	    //$('#view_button').click()
+	    location.href = $('#view_button')[0].href
+	} else {
+	    //$('#edit_button').click()      
+	    location.href = $('#edit_button')[0].href
+	}
+    }
+    
+    var addNodeOnDoubleClick = function() {
+	$('#blocks tr').dblclick(nodeOnDoubleClick)
+    }
+    
+    //----- Init -----------------------------------------------------------------
+    //In other words, stuff that happens when the page loads
+    //This is where we actually manipulate the DOM, fire events, etc.
+    
+    addNodeOnDoubleClick()
+
+})

data/public/javascripts/cms/sitemap.js

@@ -187,15 +187,26 @@ jQuery(function($){
     }
     
     var enableButtonsForNode = function(node) {
-	var id = getId(node.id, /(section|page|link)_/)
-	if($(node).hasClass('section')) {
-	    enableButtonsForSection(id)
-	} else if($(node).hasClass('page')) {
-	    enableButtonsForPage(id)
-	} else if($(node).hasClass('link')) {
-	    enableButtonsForLink(id)
-	}  
-    }
+	var id = getId(node.id, /(section|page|link)_/);
+	if(!$(node).is(".non-editable")) {
+		if($(node).hasClass('section')) {
+		    enableButtonsForSection(id);
+		} else if($(node).hasClass('page')) {
+		    enableButtonsForPage(id);
+		} else if($(node).hasClass('link')) {
+		    enableButtonsForLink(id);
+		}  
+	}else if($(node).hasClass('page')) {
+	    $('#edit-button')
+	        .html('<span>View Page</span>')
+		.removeClass('disabled')
+		.attr('href','/cms/pages/'+id)
+		.unbind('click')
+		.click(function(){return true});
+	} else {
+	    $('#properties-button').attr('href','/cms/sitemap');
+	}
+    };
     
     var enableButtonsForSection = function(id) {
 	$('#properties-button')
@@ -253,6 +264,7 @@ jQuery(function($){
     
     var enableButtonsForPage = function(id) {
 	$('#edit-button')
+	.html('<span>Edit Page</span>')
 	.removeClass('disabled')
 	.attr('href','/cms/pages/'+id)
 	.unbind('click')

data/public/stylesheets/cms/form_layout.css

@@ -1,6 +1,6 @@
 @import url(/stylesheets/cms/selectbox.css);
 
-form {
+form, .faux_form {
 font-size: 10pt;
 font-family: "Trebuchet MS", Helvetica, Verdana, Arial, sans-serif;
 color:#485561;
@@ -21,6 +21,19 @@ padding: 10px 0;
 background: url(/images/cms/dashed.gif) repeat-x 100% 100%;
 }
 
+/* Fake forms */
+.faux_form .fields {
+padding: 22px 0 10px 0;
+font-size: 12px;
+overflow: hidden;
+}
+.faux_form .fields .label {
+padding: 0 0 12px 0;
+float: left;
+width: 140px;
+font-weight: bold;
+}
+
 /* LABELS */
 .text_fields label,
 .textarea_fields label,
@@ -39,7 +52,8 @@ font-size: 12px;
 .select_fields label,
 .text_editor_fields label,
 .file_fields label,
-.checkboxes label
+.checkboxes label,
+.faux_label
  {
 font-weight: bold;
 font-size: 12px;

data/public/stylesheets/cms/nav.css

@@ -70,13 +70,14 @@ color: #666;
 font-weight: bold;
 }
 
-#nav ul#userlinks li a,	#nav ul#userlinks li span {
-padding: 8px 19px 11px 19px;
+#nav ul#userlinks li a {
+padding: 4px 19px 11px 19px;
 background: url(/images/cms/usercontrols_bg_cap.png) no-repeat 100% 0;
 color: #666;
 display: block;
 float: left;
 text-decoration: none;
+line-height: 18px;
 }
 
 #nav ul#userlinks li span {
@@ -88,7 +89,7 @@ padding: 9px 10px;
 }
 #nav ul#userlinks li#user_info img {
 float:left;
-margin: 4px 0 0 5px;
+margin: 0 5px 0 0;
 }
 
 #nav .cmssearch {

data/test/functional/cms/content_block_controller_test.rb

@@ -0,0 +1,120 @@
+require File.join(File.dirname(__FILE__), '/../../test_helper')
+
+class PermissionsForContentBlockControllerTest < ActionController::TestCase
+  include Cms::ControllerTestHelper
+  tests Cms::ContentBlockController
+  
+  # We're stubbing a lot because we *just* want to isolate the behaviour for checking permissions
+  def setup
+    login_as_cms_admin
+    @user = User.first
+    @controller.stubs(:current_user).returns(@user)
+    @controller.stubs(:render)
+    @controller.stubs(:model_class).returns(ContentBlock)
+    @controller.stubs(:set_default_category)
+    @controller.stubs(:blocks_path).returns("/cms/content_block")
+    @controller.stubs(:redirect_to_first).returns("/cms/content_block")
+    
+    @block = stub_everything("block")
+    @block.stubs(:as_of_draft_version).returns(@block)
+    @block.stubs(:as_of_version).returns(@block)
+    @block.stubs(:connected_pages).returns(stub(:all => stub))
+    
+    ContentBlock.stubs(:find).returns(@block)
+    ContentBlock.stubs(:new).returns(@block)
+    ContentBlock.stubs(:paginate)
+  end
+  
+  def expect_access_denied
+    @controller.expects(:render).with(has_entry(:status => 403))
+  end
+  
+  def expect_success
+    expect_access_denied.never
+  end
+  
+  test "GET index allows any user" do
+    expect_success
+    get :index
+  end
+  
+  test "GET show allows any user" do
+    expect_success
+    get :show, :id => 5
+  end
+  
+  test "GET new allows any user" do
+    expect_success
+    get :new
+  end
+  
+  test "POST create allows any user" do
+    expect_success
+    post :create
+  end
+  
+  test "GET version allows any user" do
+    expect_success
+    get :version, :id => 5, :version => 3
+  end
+  
+  test "GET versions allows any user" do
+    expect_success
+    get :versions, :id => 5
+  end
+  
+  test "GET usages allows any user" do
+    expect_success
+    get :usages, :id => 5
+  end
+  
+  test "GET edit allows only users who are able to edit the block" do
+    @user.stubs(:able_to_edit?).with(@block).returns(false)
+    expect_access_denied
+    get :edit, :id => 5
+    
+    @user.stubs(:able_to_edit?).with(@block).returns(true)
+    expect_success
+    get :edit, :id => 5
+  end
+  
+  test "PUT update allows only users who are able to edit the block" do
+    @user.stubs(:able_to_edit?).with(@block).returns(false)
+    expect_access_denied
+    put :update, :id => 5
+    
+    @user.stubs(:able_to_edit?).with(@block).returns(true)
+    expect_success
+    put :update, :id => 5
+  end
+  
+  test "DELETE destroy allows only users who are able to publish the block" do
+    @user.stubs(:able_to_publish?).with(@block).returns(false)
+    expect_access_denied
+    delete :destroy, :id => 5
+    
+    @user.stubs(:able_to_publish?).with(@block).returns(true)
+    expect_success
+    delete :destroy, :id => 5
+  end
+  
+  test "PUT publish allows only users who are able to publish the block" do
+    @user.stubs(:able_to_publish?).with(@block).returns(false)
+    expect_access_denied
+    put :publish, :id => 5
+    
+    @user.stubs(:able_to_publish?).with(@block).returns(true)
+    expect_success
+    put :publish, :id => 5
+  end
+  
+  test "PUT revert_to allows only users who are able to publish the block" do
+    @user.stubs(:able_to_publish?).with(@block).returns(false)
+    expect_access_denied
+    put :revert_to, :id => 5, :version => 1
+    
+    @user.stubs(:able_to_publish?).with(@block).returns(true)
+    expect_success
+    put :revert_to, :id => 5, :version => 1
+  end
+end