caboose-cms 0.9.97 → 0.9.98
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/caboose/pages_controller.rb +51 -12
- data/lib/caboose/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ca1352e277b5912b8d76b35ede5fb8844a065142
|
|
4
|
+
data.tar.gz: c946efea7125a13ceebfac7784482686c00c2e25
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1d7807b7d666bd2b9063f667408bd3b83c6c8572ecb75edf289f678939713eb10f22842aa1ba62d92058b86edb09dfdbc1dad60caadc5ef3a5c534f4fa986bac
|
|
7
|
+
data.tar.gz: c647c6574f4030e03b451b2379706de9c452e4d85e578fbfe6abb7e326c4aabf98931b6aec88ca16d770be2ff76f13679128d458059c53649862fe642e3745f3
|
|
@@ -169,7 +169,11 @@ module Caboose
|
|
|
169
169
|
def admin_edit_permissions
|
|
170
170
|
return unless user_is_allowed('pages', 'edit')
|
|
171
171
|
@page = Page.find(params[:id])
|
|
172
|
-
|
|
172
|
+
if @page.site_id != @logged_in_user.site_id
|
|
173
|
+
redirect_to '/admin/pages'
|
|
174
|
+
else
|
|
175
|
+
render :layout => 'caboose/admin'
|
|
176
|
+
end
|
|
173
177
|
end
|
|
174
178
|
|
|
175
179
|
# @route PUT /admin/pages/:id/update-child-permissions
|
|
@@ -186,7 +190,7 @@ module Caboose
|
|
|
186
190
|
def admin_edit_content
|
|
187
191
|
@page = Page.find(params[:id])
|
|
188
192
|
redirect_to "/login?return_url=/admin/pages/#{@page.id}/content" and return if @logged_in_user.nil?
|
|
189
|
-
condition = @logged_in_user && ( @logged_in_user.is_allowed('all','all') || @logged_in_user.is_allowed('pages','edit') && Page.permissible_actions(@logged_in_user, @page.id).include?('edit'))
|
|
193
|
+
condition = @logged_in_user && @logged_in_user.site_id == @page.site_id && ( @logged_in_user.is_allowed('all','all') || @logged_in_user.is_allowed('pages','edit') && Page.permissible_actions(@logged_in_user, @page.id).include?('edit'))
|
|
190
194
|
redirect_to "/admin/pages" and return unless condition
|
|
191
195
|
if @page.block.nil?
|
|
192
196
|
redirect_to "/admin/pages/#{@page.id}/layout"
|
|
@@ -199,7 +203,11 @@ module Caboose
|
|
|
199
203
|
def admin_edit_layout
|
|
200
204
|
return unless user_is_allowed('pages', 'edit')
|
|
201
205
|
@page = Page.find(params[:id])
|
|
202
|
-
|
|
206
|
+
if @page.site_id != @logged_in_user.site_id
|
|
207
|
+
redirect_to '/admin/pages'
|
|
208
|
+
else
|
|
209
|
+
render :layout => 'caboose/admin'
|
|
210
|
+
end
|
|
203
211
|
end
|
|
204
212
|
|
|
205
213
|
# @route PUT /admin/pages/:id/layout
|
|
@@ -267,28 +275,44 @@ module Caboose
|
|
|
267
275
|
def admin_edit_css
|
|
268
276
|
return unless user_is_allowed('pages', 'edit')
|
|
269
277
|
@page = Page.find(params[:id])
|
|
270
|
-
|
|
278
|
+
if @page.site_id != @logged_in_user.site_id
|
|
279
|
+
redirect_to '/admin/pages'
|
|
280
|
+
else
|
|
281
|
+
render :layout => 'caboose/admin'
|
|
282
|
+
end
|
|
271
283
|
end
|
|
272
284
|
|
|
273
285
|
# @route GET /admin/pages/:id/js
|
|
274
286
|
def admin_edit_js
|
|
275
287
|
return unless user_is_allowed('pages', 'edit')
|
|
276
288
|
@page = Page.find(params[:id])
|
|
277
|
-
|
|
289
|
+
if @page.site_id != @logged_in_user.site_id
|
|
290
|
+
redirect_to '/admin/pages'
|
|
291
|
+
else
|
|
292
|
+
render :layout => 'caboose/admin'
|
|
293
|
+
end
|
|
278
294
|
end
|
|
279
295
|
|
|
280
296
|
# @route GET /admin/pages/:id/seo
|
|
281
297
|
def admin_edit_seo
|
|
282
298
|
return unless user_is_allowed('pages', 'edit')
|
|
283
299
|
@page = Page.find(params[:id])
|
|
284
|
-
|
|
300
|
+
if @page.site_id != @logged_in_user.site_id
|
|
301
|
+
redirect_to '/admin/pages'
|
|
302
|
+
else
|
|
303
|
+
render :layout => 'caboose/admin'
|
|
304
|
+
end
|
|
285
305
|
end
|
|
286
306
|
|
|
287
307
|
# @route GET /admin/pages/:id/child-order
|
|
288
308
|
def admin_edit_child_sort_order
|
|
289
309
|
return unless user_is_allowed('pages', 'edit')
|
|
290
310
|
@page = Page.find(params[:id])
|
|
291
|
-
|
|
311
|
+
if @page.site_id != @logged_in_user.site_id
|
|
312
|
+
redirect_to '/admin/pages'
|
|
313
|
+
else
|
|
314
|
+
render :layout => 'caboose/admin'
|
|
315
|
+
end
|
|
292
316
|
end
|
|
293
317
|
|
|
294
318
|
# @route PUT /admin/pages/:id/child-order
|
|
@@ -310,7 +334,11 @@ module Caboose
|
|
|
310
334
|
def admin_duplicate_form
|
|
311
335
|
return unless user_is_allowed('pages', 'add')
|
|
312
336
|
@page = Page.find(params[:id])
|
|
313
|
-
|
|
337
|
+
if @page.site_id != @logged_in_user.site_id
|
|
338
|
+
redirect_to '/admin/pages'
|
|
339
|
+
else
|
|
340
|
+
render :layout => 'caboose/admin'
|
|
341
|
+
end
|
|
314
342
|
end
|
|
315
343
|
|
|
316
344
|
# @route POST /admin/pages/:id/duplicate
|
|
@@ -341,7 +369,11 @@ module Caboose
|
|
|
341
369
|
def admin_delete_form
|
|
342
370
|
return unless user_is_allowed('pages', 'delete')
|
|
343
371
|
@page = Page.find(params[:id])
|
|
344
|
-
|
|
372
|
+
if @page.site_id != @logged_in_user.site_id
|
|
373
|
+
redirect_to '/admin/pages'
|
|
374
|
+
else
|
|
375
|
+
render :layout => 'caboose/admin'
|
|
376
|
+
end
|
|
345
377
|
end
|
|
346
378
|
|
|
347
379
|
# @route GET /admin/pages/:id/uri
|
|
@@ -355,7 +387,11 @@ module Caboose
|
|
|
355
387
|
def admin_sitemap
|
|
356
388
|
return unless user_is_allowed('pages', 'delete')
|
|
357
389
|
@page = Page.find(params[:id])
|
|
358
|
-
|
|
390
|
+
if @page.site_id != @logged_in_user.site_id
|
|
391
|
+
redirect_to '/admin/pages'
|
|
392
|
+
else
|
|
393
|
+
render :layout => 'caboose/admin'
|
|
394
|
+
end
|
|
359
395
|
end
|
|
360
396
|
|
|
361
397
|
# @route GET /admin/pages/:id
|
|
@@ -363,7 +399,11 @@ module Caboose
|
|
|
363
399
|
return if !user_is_allowed('pages', 'edit')
|
|
364
400
|
#return if !Page.is_allowed(logged_in_user, params[:id], 'edit')
|
|
365
401
|
@page = Page.find(params[:id])
|
|
366
|
-
|
|
402
|
+
if @page.site_id != @logged_in_user.site_id
|
|
403
|
+
redirect_to '/admin/pages'
|
|
404
|
+
else
|
|
405
|
+
render :layout => 'caboose/admin'
|
|
406
|
+
end
|
|
367
407
|
end
|
|
368
408
|
|
|
369
409
|
# @route POST /admin/pages
|
|
@@ -557,7 +597,6 @@ module Caboose
|
|
|
557
597
|
return unless user_is_allowed('pages', 'delete')
|
|
558
598
|
p = Page.find(params[:id])
|
|
559
599
|
p.destroy
|
|
560
|
-
|
|
561
600
|
resp = StdClass.new({
|
|
562
601
|
'redirect' => '/admin/pages'
|
|
563
602
|
})
|
data/lib/caboose/version.rb
CHANGED