caboose-cms 0.9.97 → 0.9.98

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b313b528aff85bf26feb9bb66e90738cd9c31a22
4
- data.tar.gz: 84d6f32889e9ac803b6a63f9985dc3ea4ad8956c
3
+ metadata.gz: ca1352e277b5912b8d76b35ede5fb8844a065142
4
+ data.tar.gz: c946efea7125a13ceebfac7784482686c00c2e25
5
5
  SHA512:
6
- metadata.gz: f9b18df80b08810a8503b674fb0bab6513ccb6397fad41b1db36cfd05dbaa68babd48950ccd9676daf46cca620890162dda40c9a8ac1b49f39053febd1704e1c
7
- data.tar.gz: e0145fa9e2cb9d4f1efbd9374822949d2b35103bf7f902de4e1697f51ce34b5a8975666e0e485ed9131d669417d85c86f405cb1f3787ed92bf341aac29082ebe
6
+ metadata.gz: 1d7807b7d666bd2b9063f667408bd3b83c6c8572ecb75edf289f678939713eb10f22842aa1ba62d92058b86edb09dfdbc1dad60caadc5ef3a5c534f4fa986bac
7
+ data.tar.gz: c647c6574f4030e03b451b2379706de9c452e4d85e578fbfe6abb7e326c4aabf98931b6aec88ca16d770be2ff76f13679128d458059c53649862fe642e3745f3
@@ -169,7 +169,11 @@ module Caboose
169
169
  def admin_edit_permissions
170
170
  return unless user_is_allowed('pages', 'edit')
171
171
  @page = Page.find(params[:id])
172
- render :layout => 'caboose/admin'
172
+ if @page.site_id != @logged_in_user.site_id
173
+ redirect_to '/admin/pages'
174
+ else
175
+ render :layout => 'caboose/admin'
176
+ end
173
177
  end
174
178
 
175
179
  # @route PUT /admin/pages/:id/update-child-permissions
@@ -186,7 +190,7 @@ module Caboose
186
190
  def admin_edit_content
187
191
  @page = Page.find(params[:id])
188
192
  redirect_to "/login?return_url=/admin/pages/#{@page.id}/content" and return if @logged_in_user.nil?
189
- condition = @logged_in_user && ( @logged_in_user.is_allowed('all','all') || @logged_in_user.is_allowed('pages','edit') && Page.permissible_actions(@logged_in_user, @page.id).include?('edit'))
193
+ condition = @logged_in_user && @logged_in_user.site_id == @page.site_id && ( @logged_in_user.is_allowed('all','all') || @logged_in_user.is_allowed('pages','edit') && Page.permissible_actions(@logged_in_user, @page.id).include?('edit'))
190
194
  redirect_to "/admin/pages" and return unless condition
191
195
  if @page.block.nil?
192
196
  redirect_to "/admin/pages/#{@page.id}/layout"
@@ -199,7 +203,11 @@ module Caboose
199
203
  def admin_edit_layout
200
204
  return unless user_is_allowed('pages', 'edit')
201
205
  @page = Page.find(params[:id])
202
- render :layout => 'caboose/admin'
206
+ if @page.site_id != @logged_in_user.site_id
207
+ redirect_to '/admin/pages'
208
+ else
209
+ render :layout => 'caboose/admin'
210
+ end
203
211
  end
204
212
 
205
213
  # @route PUT /admin/pages/:id/layout
@@ -267,28 +275,44 @@ module Caboose
267
275
  def admin_edit_css
268
276
  return unless user_is_allowed('pages', 'edit')
269
277
  @page = Page.find(params[:id])
270
- render :layout => 'caboose/admin'
278
+ if @page.site_id != @logged_in_user.site_id
279
+ redirect_to '/admin/pages'
280
+ else
281
+ render :layout => 'caboose/admin'
282
+ end
271
283
  end
272
284
 
273
285
  # @route GET /admin/pages/:id/js
274
286
  def admin_edit_js
275
287
  return unless user_is_allowed('pages', 'edit')
276
288
  @page = Page.find(params[:id])
277
- render :layout => 'caboose/admin'
289
+ if @page.site_id != @logged_in_user.site_id
290
+ redirect_to '/admin/pages'
291
+ else
292
+ render :layout => 'caboose/admin'
293
+ end
278
294
  end
279
295
 
280
296
  # @route GET /admin/pages/:id/seo
281
297
  def admin_edit_seo
282
298
  return unless user_is_allowed('pages', 'edit')
283
299
  @page = Page.find(params[:id])
284
- render :layout => 'caboose/admin'
300
+ if @page.site_id != @logged_in_user.site_id
301
+ redirect_to '/admin/pages'
302
+ else
303
+ render :layout => 'caboose/admin'
304
+ end
285
305
  end
286
306
 
287
307
  # @route GET /admin/pages/:id/child-order
288
308
  def admin_edit_child_sort_order
289
309
  return unless user_is_allowed('pages', 'edit')
290
310
  @page = Page.find(params[:id])
291
- render :layout => 'caboose/admin'
311
+ if @page.site_id != @logged_in_user.site_id
312
+ redirect_to '/admin/pages'
313
+ else
314
+ render :layout => 'caboose/admin'
315
+ end
292
316
  end
293
317
 
294
318
  # @route PUT /admin/pages/:id/child-order
@@ -310,7 +334,11 @@ module Caboose
310
334
  def admin_duplicate_form
311
335
  return unless user_is_allowed('pages', 'add')
312
336
  @page = Page.find(params[:id])
313
- render :layout => 'caboose/admin'
337
+ if @page.site_id != @logged_in_user.site_id
338
+ redirect_to '/admin/pages'
339
+ else
340
+ render :layout => 'caboose/admin'
341
+ end
314
342
  end
315
343
 
316
344
  # @route POST /admin/pages/:id/duplicate
@@ -341,7 +369,11 @@ module Caboose
341
369
  def admin_delete_form
342
370
  return unless user_is_allowed('pages', 'delete')
343
371
  @page = Page.find(params[:id])
344
- render :layout => 'caboose/admin'
372
+ if @page.site_id != @logged_in_user.site_id
373
+ redirect_to '/admin/pages'
374
+ else
375
+ render :layout => 'caboose/admin'
376
+ end
345
377
  end
346
378
 
347
379
  # @route GET /admin/pages/:id/uri
@@ -355,7 +387,11 @@ module Caboose
355
387
  def admin_sitemap
356
388
  return unless user_is_allowed('pages', 'delete')
357
389
  @page = Page.find(params[:id])
358
- render :layout => 'caboose/admin'
390
+ if @page.site_id != @logged_in_user.site_id
391
+ redirect_to '/admin/pages'
392
+ else
393
+ render :layout => 'caboose/admin'
394
+ end
359
395
  end
360
396
 
361
397
  # @route GET /admin/pages/:id
@@ -363,7 +399,11 @@ module Caboose
363
399
  return if !user_is_allowed('pages', 'edit')
364
400
  #return if !Page.is_allowed(logged_in_user, params[:id], 'edit')
365
401
  @page = Page.find(params[:id])
366
- render :layout => 'caboose/admin'
402
+ if @page.site_id != @logged_in_user.site_id
403
+ redirect_to '/admin/pages'
404
+ else
405
+ render :layout => 'caboose/admin'
406
+ end
367
407
  end
368
408
 
369
409
  # @route POST /admin/pages
@@ -557,7 +597,6 @@ module Caboose
557
597
  return unless user_is_allowed('pages', 'delete')
558
598
  p = Page.find(params[:id])
559
599
  p.destroy
560
-
561
600
  resp = StdClass.new({
562
601
  'redirect' => '/admin/pages'
563
602
  })
@@ -1,3 +1,3 @@
1
1
  module Caboose
2
- VERSION = '0.9.97'
2
+ VERSION = '0.9.98'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: caboose-cms
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.97
4
+ version: 0.9.98
5
5
  platform: ruby
6
6
  authors:
7
7
  - William Barry