browsercms 3.0.2 → 3.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/app/controllers/cms/content_block_controller.rb +25 -2
- data/app/controllers/cms/content_controller.rb +31 -2
- data/app/controllers/cms/dashboard_controller.rb +2 -1
- data/app/controllers/cms/error_handling.rb +9 -2
- data/app/controllers/cms/links_controller.rb +2 -0
- data/app/controllers/cms/pages_controller.rb +22 -18
- data/app/controllers/cms/section_nodes_controller.rb +1 -1
- data/app/controllers/cms/sections_controller.rb +12 -7
- data/app/controllers/cms/sessions_controller.rb +17 -10
- data/app/controllers/cms/users_controller.rb +8 -6
- data/app/helpers/cms/application_helper.rb +2 -6
- data/app/helpers/cms/menu_helper.rb +118 -146
- data/app/helpers/cms/page_helper.rb +2 -2
- data/app/models/attachment.rb +2 -2
- data/app/models/group.rb +13 -2
- data/app/models/guest_user.rb +9 -3
- data/app/models/link.rb +2 -2
- data/app/models/page.rb +1 -1
- data/app/models/section.rb +7 -2
- data/app/models/user.rb +35 -17
- data/app/views/cms/blocks/_toolbar_for_member.html.erb +3 -3
- data/app/views/cms/blocks/index.html.erb +11 -6
- data/app/views/cms/content/show.html.erb +3 -3
- data/app/views/cms/menus/_menu.html.erb +9 -0
- data/app/views/cms/menus/_menu_item.html.erb +11 -0
- data/app/views/cms/pages/_edit_connector.html.erb +1 -1
- data/app/views/cms/pages/_edit_container.html.erb +1 -1
- data/app/views/cms/section_nodes/_node.html.erb +1 -1
- data/app/views/cms/sections/_form.html.erb +36 -34
- data/app/views/cms/shared/access_denied.html.erb +3 -0
- data/app/views/cms/users/change_password.html.erb +8 -6
- data/app/views/cms/users/index.html.erb +1 -1
- data/app/views/cms/users/show.html.erb +50 -0
- data/app/views/layouts/_cms_toolbar.html.erb +1 -1
- data/app/views/layouts/_page_toolbar.html.erb +7 -7
- data/app/views/layouts/cms/administration.html.erb +24 -7
- data/browsercms.gemspec +13 -7
- data/lib/acts_as_list.rb +8 -4
- data/lib/cms/acts/content_block.rb +1 -1
- data/lib/cms/authentication/controller.rb +26 -7
- data/lib/cms/behaviors/attaching.rb +3 -3
- data/lib/cms/behaviors/publishing.rb +12 -1
- data/lib/cms/behaviors/rendering.rb +17 -4
- data/lib/cms/behaviors/versioning.rb +2 -2
- data/lib/cms/routes.rb +4 -0
- data/lib/tasks/cms.rake +0 -18
- data/public/javascripts/cms/content_library.js +36 -0
- data/public/javascripts/cms/sitemap.js +21 -9
- data/public/stylesheets/cms/form_layout.css +16 -2
- data/public/stylesheets/cms/nav.css +4 -3
- data/test/functional/cms/content_block_controller_test.rb +120 -0
- data/test/functional/cms/content_controller_test.rb +135 -80
- data/test/functional/cms/links_controller_test.rb +89 -1
- data/test/functional/cms/pages_controller_test.rb +138 -0
- data/test/functional/cms/section_nodes_controller_test.rb +45 -5
- data/test/functional/cms/sections_controller_test.rb +148 -1
- data/test/functional/cms/sessions_controller_test.rb +26 -2
- data/test/functional/cms/users_controller_test.rb +49 -2
- data/test/test_helper.rb +3 -1
- data/test/unit/behaviors/attaching_test.rb +26 -0
- data/test/unit/helpers/menu_helper_test.rb +118 -278
- data/test/unit/models/group_test.rb +6 -0
- data/test/unit/models/user_test.rb +127 -29
- metadata +12 -4
data/lib/tasks/cms.rake
CHANGED
@@ -9,24 +9,6 @@ end
|
|
9
9
|
|
10
10
|
namespace :cms do
|
11
11
|
|
12
|
-
desc "DEPRECATED"
|
13
|
-
task :install do
|
14
|
-
puts "This task has been deprecated, please use 'rake install' instead"
|
15
|
-
end
|
16
|
-
|
17
|
-
desc "Bumps the build number in lib/cms/init.rb"
|
18
|
-
task :bump_build_number do
|
19
|
-
init_file = Rails.root.join("lib/cms/init.rb")
|
20
|
-
s = File.read(init_file)
|
21
|
-
open(init_file, 'w') do |f|
|
22
|
-
f << s.sub(/def build_number; (\d+) end/) do |s|
|
23
|
-
new_build_number = $1.to_i + 1
|
24
|
-
puts "Build number bumped to #{new_build_number}"
|
25
|
-
"def build_number; #{new_build_number} end"
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
12
|
desc "Generate guides for the CMS"
|
31
13
|
task :guides do
|
32
14
|
require 'rubygems'
|
@@ -0,0 +1,36 @@
|
|
1
|
+
jQuery(function($){
|
2
|
+
|
3
|
+
//----- Helper Functions -----------------------------------------------------
|
4
|
+
//In all of this code, we are defining functions that we use later
|
5
|
+
//None of this actually manipulates the DOM in any way
|
6
|
+
|
7
|
+
//This is used to get the id part of an elementId
|
8
|
+
//For example, if you have section_node_5,
|
9
|
+
//you pass this 'section_node_5', 'section_node'
|
10
|
+
//and this returns 5
|
11
|
+
var getId = function(elementId, s) {
|
12
|
+
return elementId.replace(s,'')
|
13
|
+
}
|
14
|
+
|
15
|
+
|
16
|
+
var nodeOnDoubleClick = function() {
|
17
|
+
if($('#edit_button').hasClass('disabled')) {
|
18
|
+
//$('#view_button').click()
|
19
|
+
location.href = $('#view_button')[0].href
|
20
|
+
} else {
|
21
|
+
//$('#edit_button').click()
|
22
|
+
location.href = $('#edit_button')[0].href
|
23
|
+
}
|
24
|
+
}
|
25
|
+
|
26
|
+
var addNodeOnDoubleClick = function() {
|
27
|
+
$('#blocks tr').dblclick(nodeOnDoubleClick)
|
28
|
+
}
|
29
|
+
|
30
|
+
//----- Init -----------------------------------------------------------------
|
31
|
+
//In other words, stuff that happens when the page loads
|
32
|
+
//This is where we actually manipulate the DOM, fire events, etc.
|
33
|
+
|
34
|
+
addNodeOnDoubleClick()
|
35
|
+
|
36
|
+
})
|
@@ -187,15 +187,26 @@ jQuery(function($){
|
|
187
187
|
}
|
188
188
|
|
189
189
|
var enableButtonsForNode = function(node) {
|
190
|
-
var id = getId(node.id, /(section|page|link)_/)
|
191
|
-
if(
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
190
|
+
var id = getId(node.id, /(section|page|link)_/);
|
191
|
+
if(!$(node).is(".non-editable")) {
|
192
|
+
if($(node).hasClass('section')) {
|
193
|
+
enableButtonsForSection(id);
|
194
|
+
} else if($(node).hasClass('page')) {
|
195
|
+
enableButtonsForPage(id);
|
196
|
+
} else if($(node).hasClass('link')) {
|
197
|
+
enableButtonsForLink(id);
|
198
|
+
}
|
199
|
+
}else if($(node).hasClass('page')) {
|
200
|
+
$('#edit-button')
|
201
|
+
.html('<span>View Page</span>')
|
202
|
+
.removeClass('disabled')
|
203
|
+
.attr('href','/cms/pages/'+id)
|
204
|
+
.unbind('click')
|
205
|
+
.click(function(){return true});
|
206
|
+
} else {
|
207
|
+
$('#properties-button').attr('href','/cms/sitemap');
|
208
|
+
}
|
209
|
+
};
|
199
210
|
|
200
211
|
var enableButtonsForSection = function(id) {
|
201
212
|
$('#properties-button')
|
@@ -253,6 +264,7 @@ jQuery(function($){
|
|
253
264
|
|
254
265
|
var enableButtonsForPage = function(id) {
|
255
266
|
$('#edit-button')
|
267
|
+
.html('<span>Edit Page</span>')
|
256
268
|
.removeClass('disabled')
|
257
269
|
.attr('href','/cms/pages/'+id)
|
258
270
|
.unbind('click')
|
@@ -1,6 +1,6 @@
|
|
1
1
|
@import url(/stylesheets/cms/selectbox.css);
|
2
2
|
|
3
|
-
form {
|
3
|
+
form, .faux_form {
|
4
4
|
font-size: 10pt;
|
5
5
|
font-family: "Trebuchet MS", Helvetica, Verdana, Arial, sans-serif;
|
6
6
|
color:#485561;
|
@@ -21,6 +21,19 @@ padding: 10px 0;
|
|
21
21
|
background: url(/images/cms/dashed.gif) repeat-x 100% 100%;
|
22
22
|
}
|
23
23
|
|
24
|
+
/* Fake forms */
|
25
|
+
.faux_form .fields {
|
26
|
+
padding: 22px 0 10px 0;
|
27
|
+
font-size: 12px;
|
28
|
+
overflow: hidden;
|
29
|
+
}
|
30
|
+
.faux_form .fields .label {
|
31
|
+
padding: 0 0 12px 0;
|
32
|
+
float: left;
|
33
|
+
width: 140px;
|
34
|
+
font-weight: bold;
|
35
|
+
}
|
36
|
+
|
24
37
|
/* LABELS */
|
25
38
|
.text_fields label,
|
26
39
|
.textarea_fields label,
|
@@ -39,7 +52,8 @@ font-size: 12px;
|
|
39
52
|
.select_fields label,
|
40
53
|
.text_editor_fields label,
|
41
54
|
.file_fields label,
|
42
|
-
.checkboxes label
|
55
|
+
.checkboxes label,
|
56
|
+
.faux_label
|
43
57
|
{
|
44
58
|
font-weight: bold;
|
45
59
|
font-size: 12px;
|
@@ -70,13 +70,14 @@ color: #666;
|
|
70
70
|
font-weight: bold;
|
71
71
|
}
|
72
72
|
|
73
|
-
#nav ul#userlinks li a
|
74
|
-
padding:
|
73
|
+
#nav ul#userlinks li a {
|
74
|
+
padding: 4px 19px 11px 19px;
|
75
75
|
background: url(/images/cms/usercontrols_bg_cap.png) no-repeat 100% 0;
|
76
76
|
color: #666;
|
77
77
|
display: block;
|
78
78
|
float: left;
|
79
79
|
text-decoration: none;
|
80
|
+
line-height: 18px;
|
80
81
|
}
|
81
82
|
|
82
83
|
#nav ul#userlinks li span {
|
@@ -88,7 +89,7 @@ padding: 9px 10px;
|
|
88
89
|
}
|
89
90
|
#nav ul#userlinks li#user_info img {
|
90
91
|
float:left;
|
91
|
-
margin:
|
92
|
+
margin: 0 5px 0 0;
|
92
93
|
}
|
93
94
|
|
94
95
|
#nav .cmssearch {
|
@@ -0,0 +1,120 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), '/../../test_helper')
|
2
|
+
|
3
|
+
class PermissionsForContentBlockControllerTest < ActionController::TestCase
|
4
|
+
include Cms::ControllerTestHelper
|
5
|
+
tests Cms::ContentBlockController
|
6
|
+
|
7
|
+
# We're stubbing a lot because we *just* want to isolate the behaviour for checking permissions
|
8
|
+
def setup
|
9
|
+
login_as_cms_admin
|
10
|
+
@user = User.first
|
11
|
+
@controller.stubs(:current_user).returns(@user)
|
12
|
+
@controller.stubs(:render)
|
13
|
+
@controller.stubs(:model_class).returns(ContentBlock)
|
14
|
+
@controller.stubs(:set_default_category)
|
15
|
+
@controller.stubs(:blocks_path).returns("/cms/content_block")
|
16
|
+
@controller.stubs(:redirect_to_first).returns("/cms/content_block")
|
17
|
+
|
18
|
+
@block = stub_everything("block")
|
19
|
+
@block.stubs(:as_of_draft_version).returns(@block)
|
20
|
+
@block.stubs(:as_of_version).returns(@block)
|
21
|
+
@block.stubs(:connected_pages).returns(stub(:all => stub))
|
22
|
+
|
23
|
+
ContentBlock.stubs(:find).returns(@block)
|
24
|
+
ContentBlock.stubs(:new).returns(@block)
|
25
|
+
ContentBlock.stubs(:paginate)
|
26
|
+
end
|
27
|
+
|
28
|
+
def expect_access_denied
|
29
|
+
@controller.expects(:render).with(has_entry(:status => 403))
|
30
|
+
end
|
31
|
+
|
32
|
+
def expect_success
|
33
|
+
expect_access_denied.never
|
34
|
+
end
|
35
|
+
|
36
|
+
test "GET index allows any user" do
|
37
|
+
expect_success
|
38
|
+
get :index
|
39
|
+
end
|
40
|
+
|
41
|
+
test "GET show allows any user" do
|
42
|
+
expect_success
|
43
|
+
get :show, :id => 5
|
44
|
+
end
|
45
|
+
|
46
|
+
test "GET new allows any user" do
|
47
|
+
expect_success
|
48
|
+
get :new
|
49
|
+
end
|
50
|
+
|
51
|
+
test "POST create allows any user" do
|
52
|
+
expect_success
|
53
|
+
post :create
|
54
|
+
end
|
55
|
+
|
56
|
+
test "GET version allows any user" do
|
57
|
+
expect_success
|
58
|
+
get :version, :id => 5, :version => 3
|
59
|
+
end
|
60
|
+
|
61
|
+
test "GET versions allows any user" do
|
62
|
+
expect_success
|
63
|
+
get :versions, :id => 5
|
64
|
+
end
|
65
|
+
|
66
|
+
test "GET usages allows any user" do
|
67
|
+
expect_success
|
68
|
+
get :usages, :id => 5
|
69
|
+
end
|
70
|
+
|
71
|
+
test "GET edit allows only users who are able to edit the block" do
|
72
|
+
@user.stubs(:able_to_edit?).with(@block).returns(false)
|
73
|
+
expect_access_denied
|
74
|
+
get :edit, :id => 5
|
75
|
+
|
76
|
+
@user.stubs(:able_to_edit?).with(@block).returns(true)
|
77
|
+
expect_success
|
78
|
+
get :edit, :id => 5
|
79
|
+
end
|
80
|
+
|
81
|
+
test "PUT update allows only users who are able to edit the block" do
|
82
|
+
@user.stubs(:able_to_edit?).with(@block).returns(false)
|
83
|
+
expect_access_denied
|
84
|
+
put :update, :id => 5
|
85
|
+
|
86
|
+
@user.stubs(:able_to_edit?).with(@block).returns(true)
|
87
|
+
expect_success
|
88
|
+
put :update, :id => 5
|
89
|
+
end
|
90
|
+
|
91
|
+
test "DELETE destroy allows only users who are able to publish the block" do
|
92
|
+
@user.stubs(:able_to_publish?).with(@block).returns(false)
|
93
|
+
expect_access_denied
|
94
|
+
delete :destroy, :id => 5
|
95
|
+
|
96
|
+
@user.stubs(:able_to_publish?).with(@block).returns(true)
|
97
|
+
expect_success
|
98
|
+
delete :destroy, :id => 5
|
99
|
+
end
|
100
|
+
|
101
|
+
test "PUT publish allows only users who are able to publish the block" do
|
102
|
+
@user.stubs(:able_to_publish?).with(@block).returns(false)
|
103
|
+
expect_access_denied
|
104
|
+
put :publish, :id => 5
|
105
|
+
|
106
|
+
@user.stubs(:able_to_publish?).with(@block).returns(true)
|
107
|
+
expect_success
|
108
|
+
put :publish, :id => 5
|
109
|
+
end
|
110
|
+
|
111
|
+
test "PUT revert_to allows only users who are able to publish the block" do
|
112
|
+
@user.stubs(:able_to_publish?).with(@block).returns(false)
|
113
|
+
expect_access_denied
|
114
|
+
put :revert_to, :id => 5, :version => 1
|
115
|
+
|
116
|
+
@user.stubs(:able_to_publish?).with(@block).returns(true)
|
117
|
+
expect_success
|
118
|
+
put :revert_to, :id => 5, :version => 1
|
119
|
+
end
|
120
|
+
end
|