caboose-cms 0.9.97 → 0.9.98
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/caboose/pages_controller.rb +51 -12
- data/lib/caboose/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ca1352e277b5912b8d76b35ede5fb8844a065142
|
|
4
|
+
data.tar.gz: c946efea7125a13ceebfac7784482686c00c2e25
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1d7807b7d666bd2b9063f667408bd3b83c6c8572ecb75edf289f678939713eb10f22842aa1ba62d92058b86edb09dfdbc1dad60caadc5ef3a5c534f4fa986bac
|
|
7
|
+
data.tar.gz: c647c6574f4030e03b451b2379706de9c452e4d85e578fbfe6abb7e326c4aabf98931b6aec88ca16d770be2ff76f13679128d458059c53649862fe642e3745f3
|
|
@@ -169,7 +169,11 @@ module Caboose
|
|
|
169
169
|
def admin_edit_permissions
|
|
170
170
|
return unless user_is_allowed('pages', 'edit')
|
|
171
171
|
@page = Page.find(params[:id])
|
|
172
|
-
|
|
172
|
+
if @page.site_id != @logged_in_user.site_id
|
|
173
|
+
redirect_to '/admin/pages'
|
|
174
|
+
else
|
|
175
|
+
render :layout => 'caboose/admin'
|
|
176
|
+
end
|
|
173
177
|
end
|
|
174
178
|
|
|
175
179
|
# @route PUT /admin/pages/:id/update-child-permissions
|
|
@@ -186,7 +190,7 @@ module Caboose
|
|
|
186
190
|
def admin_edit_content
|
|
187
191
|
@page = Page.find(params[:id])
|
|
188
192
|
redirect_to "/login?return_url=/admin/pages/#{@page.id}/content" and return if @logged_in_user.nil?
|
|
189
|
-
condition = @logged_in_user && ( @logged_in_user.is_allowed('all','all') || @logged_in_user.is_allowed('pages','edit') && Page.permissible_actions(@logged_in_user, @page.id).include?('edit'))
|
|
193
|
+
condition = @logged_in_user && @logged_in_user.site_id == @page.site_id && ( @logged_in_user.is_allowed('all','all') || @logged_in_user.is_allowed('pages','edit') && Page.permissible_actions(@logged_in_user, @page.id).include?('edit'))
|
|
190
194
|
redirect_to "/admin/pages" and return unless condition
|
|
191
195
|
if @page.block.nil?
|
|
192
196
|
redirect_to "/admin/pages/#{@page.id}/layout"
|
|
@@ -199,7 +203,11 @@ module Caboose
|
|
|
199
203
|
def admin_edit_layout
|
|
200
204
|
return unless user_is_allowed('pages', 'edit')
|
|
201
205
|
@page = Page.find(params[:id])
|
|
202
|
-
|
|
206
|
+
if @page.site_id != @logged_in_user.site_id
|
|
207
|
+
redirect_to '/admin/pages'
|
|
208
|
+
else
|
|
209
|
+
render :layout => 'caboose/admin'
|
|
210
|
+
end
|
|
203
211
|
end
|
|
204
212
|
|
|
205
213
|
# @route PUT /admin/pages/:id/layout
|
|
@@ -267,28 +275,44 @@ module Caboose
|
|
|
267
275
|
def admin_edit_css
|
|
268
276
|
return unless user_is_allowed('pages', 'edit')
|
|
269
277
|
@page = Page.find(params[:id])
|
|
270
|
-
|
|
278
|
+
if @page.site_id != @logged_in_user.site_id
|
|
279
|
+
redirect_to '/admin/pages'
|
|
280
|
+
else
|
|
281
|
+
render :layout => 'caboose/admin'
|
|
282
|
+
end
|
|
271
283
|
end
|
|
272
284
|
|
|
273
285
|
# @route GET /admin/pages/:id/js
|
|
274
286
|
def admin_edit_js
|
|
275
287
|
return unless user_is_allowed('pages', 'edit')
|
|
276
288
|
@page = Page.find(params[:id])
|
|
277
|
-
|
|
289
|
+
if @page.site_id != @logged_in_user.site_id
|
|
290
|
+
redirect_to '/admin/pages'
|
|
291
|
+
else
|
|
292
|
+
render :layout => 'caboose/admin'
|
|
293
|
+
end
|
|
278
294
|
end
|
|
279
295
|
|
|
280
296
|
# @route GET /admin/pages/:id/seo
|
|
281
297
|
def admin_edit_seo
|
|
282
298
|
return unless user_is_allowed('pages', 'edit')
|
|
283
299
|
@page = Page.find(params[:id])
|
|
284
|
-
|
|
300
|
+
if @page.site_id != @logged_in_user.site_id
|
|
301
|
+
redirect_to '/admin/pages'
|
|
302
|
+
else
|
|
303
|
+
render :layout => 'caboose/admin'
|
|
304
|
+
end
|
|
285
305
|
end
|
|
286
306
|
|
|
287
307
|
# @route GET /admin/pages/:id/child-order
|
|
288
308
|
def admin_edit_child_sort_order
|
|
289
309
|
return unless user_is_allowed('pages', 'edit')
|
|
290
310
|
@page = Page.find(params[:id])
|
|
291
|
-
|
|
311
|
+
if @page.site_id != @logged_in_user.site_id
|
|
312
|
+
redirect_to '/admin/pages'
|
|
313
|
+
else
|
|
314
|
+
render :layout => 'caboose/admin'
|
|
315
|
+
end
|
|
292
316
|
end
|
|
293
317
|
|
|
294
318
|
# @route PUT /admin/pages/:id/child-order
|
|
@@ -310,7 +334,11 @@ module Caboose
|
|
|
310
334
|
def admin_duplicate_form
|
|
311
335
|
return unless user_is_allowed('pages', 'add')
|
|
312
336
|
@page = Page.find(params[:id])
|
|
313
|
-
|
|
337
|
+
if @page.site_id != @logged_in_user.site_id
|
|
338
|
+
redirect_to '/admin/pages'
|
|
339
|
+
else
|
|
340
|
+
render :layout => 'caboose/admin'
|
|
341
|
+
end
|
|
314
342
|
end
|
|
315
343
|
|
|
316
344
|
# @route POST /admin/pages/:id/duplicate
|
|
@@ -341,7 +369,11 @@ module Caboose
|
|
|
341
369
|
def admin_delete_form
|
|
342
370
|
return unless user_is_allowed('pages', 'delete')
|
|
343
371
|
@page = Page.find(params[:id])
|
|
344
|
-
|
|
372
|
+
if @page.site_id != @logged_in_user.site_id
|
|
373
|
+
redirect_to '/admin/pages'
|
|
374
|
+
else
|
|
375
|
+
render :layout => 'caboose/admin'
|
|
376
|
+
end
|
|
345
377
|
end
|
|
346
378
|
|
|
347
379
|
# @route GET /admin/pages/:id/uri
|
|
@@ -355,7 +387,11 @@ module Caboose
|
|
|
355
387
|
def admin_sitemap
|
|
356
388
|
return unless user_is_allowed('pages', 'delete')
|
|
357
389
|
@page = Page.find(params[:id])
|
|
358
|
-
|
|
390
|
+
if @page.site_id != @logged_in_user.site_id
|
|
391
|
+
redirect_to '/admin/pages'
|
|
392
|
+
else
|
|
393
|
+
render :layout => 'caboose/admin'
|
|
394
|
+
end
|
|
359
395
|
end
|
|
360
396
|
|
|
361
397
|
# @route GET /admin/pages/:id
|
|
@@ -363,7 +399,11 @@ module Caboose
|
|
|
363
399
|
return if !user_is_allowed('pages', 'edit')
|
|
364
400
|
#return if !Page.is_allowed(logged_in_user, params[:id], 'edit')
|
|
365
401
|
@page = Page.find(params[:id])
|
|
366
|
-
|
|
402
|
+
if @page.site_id != @logged_in_user.site_id
|
|
403
|
+
redirect_to '/admin/pages'
|
|
404
|
+
else
|
|
405
|
+
render :layout => 'caboose/admin'
|
|
406
|
+
end
|
|
367
407
|
end
|
|
368
408
|
|
|
369
409
|
# @route POST /admin/pages
|
|
@@ -557,7 +597,6 @@ module Caboose
|
|
|
557
597
|
return unless user_is_allowed('pages', 'delete')
|
|
558
598
|
p = Page.find(params[:id])
|
|
559
599
|
p.destroy
|
|
560
|
-
|
|
561
600
|
resp = StdClass.new({
|
|
562
601
|
'redirect' => '/admin/pages'
|
|
563
602
|
})
|
data/lib/caboose/version.rb
CHANGED