caboose-cms 0.9.194 → 0.9.195
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/caboose/admin_controller.rb +0 -4
- data/app/controllers/caboose/domains_controller.rb +18 -11
- data/app/controllers/caboose/logout_controller.rb +0 -1
- data/app/controllers/caboose/my_account_controller.rb +5 -3
- data/app/controllers/caboose/post_custom_fields_controller.rb +0 -2
- data/app/controllers/caboose/posts_controller.rb +38 -50
- data/app/controllers/caboose/roles_controller.rb +19 -6
- data/app/controllers/caboose/sites_controller.rb +16 -2
- data/app/controllers/caboose/sns_controller.rb +0 -10
- data/app/controllers/caboose/users_controller.rb +4 -1
- data/app/views/caboose/roles/edit.html.erb +4 -4
- data/app/views/caboose/sites/admin_edit.html.erb +1 -1
- data/lib/caboose/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 23803eb2e4de5b950f3968d7232e8c15324c2a08
|
|
4
|
+
data.tar.gz: 7b04e7ca4a9102717531603e8dcb2387f338e8c8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 923cf92e138005734a17250f5d47b0e31671c023266334916b3437b371e0e191983c320fa8c6b3ab4268cfbe10a7906b50d507e678d4a845945f19668efbd1d1
|
|
7
|
+
data.tar.gz: 911d24ae64333b88ee701a9927a7c1c1f984b3b7d921196f2e2521275608bdbab6909b66c05a7d717545189b0656c60e812f580f9dfc9b2461408a9f057cedf5
|
|
@@ -11,16 +11,15 @@ module Caboose
|
|
|
11
11
|
# @route POST /admin/sites/:site_id/domains
|
|
12
12
|
def admin_add
|
|
13
13
|
return if !user_is_allowed('domains', 'edit')
|
|
14
|
-
|
|
15
|
-
resp = Caboose::StdClass.new
|
|
14
|
+
return if params[:site_id] != @site.id.to_s && !@site.is_master
|
|
15
|
+
resp = Caboose::StdClass.new
|
|
16
16
|
d = Domain.where(:domain => params[:domain]).first
|
|
17
|
-
|
|
18
17
|
if d && d.site_id != params[:site_id]
|
|
19
18
|
resp.error = "That domain is already associated with another site."
|
|
20
19
|
elsif d && d.site_id == params[:site_id]
|
|
21
20
|
resp.refresh = true
|
|
22
21
|
elsif d.nil?
|
|
23
|
-
primary = Domain.where(:site_id => params[:site_id]).count == 0
|
|
22
|
+
primary = Domain.where(:site_id => params[:site_id]).count == 0
|
|
24
23
|
d = Domain.create(:site_id => params[:site_id], :domain => params[:domain], :primary => primary)
|
|
25
24
|
resp.refresh = true
|
|
26
25
|
end
|
|
@@ -30,10 +29,9 @@ module Caboose
|
|
|
30
29
|
# @route PUT /admin/sites/:site_id/domains/:id
|
|
31
30
|
def admin_update
|
|
32
31
|
return if !user_is_allowed('domains', 'edit')
|
|
33
|
-
|
|
32
|
+
return if params[:site_id] != @site.id.to_s && !@site.is_master
|
|
34
33
|
resp = StdClass.new
|
|
35
|
-
d =
|
|
36
|
-
|
|
34
|
+
d = get_edit_domain(params[:id], @site.id)
|
|
37
35
|
save = true
|
|
38
36
|
params.each do |name,value|
|
|
39
37
|
case name
|
|
@@ -51,7 +49,6 @@ module Caboose
|
|
|
51
49
|
end
|
|
52
50
|
end
|
|
53
51
|
end
|
|
54
|
-
|
|
55
52
|
resp.success = save && d.save
|
|
56
53
|
render :json => resp
|
|
57
54
|
end
|
|
@@ -59,17 +56,19 @@ module Caboose
|
|
|
59
56
|
# @route DELETE /admin/sites/:site_id/domains/:id
|
|
60
57
|
def admin_delete
|
|
61
58
|
return if !user_is_allowed('sites', 'delete')
|
|
62
|
-
|
|
59
|
+
return if params[:site_id] != @site.id.to_s && !@site.is_master
|
|
60
|
+
domain = get_edit_domain(params[:id], @site.id)
|
|
61
|
+
domain.destroy if domain
|
|
63
62
|
render :json => { 'refresh' => "/admin/sites/#{params[:site_id]}" }
|
|
64
63
|
end
|
|
65
64
|
|
|
66
65
|
# @route PUT /admin/sites/:site_id/domains/:id/set-primary
|
|
67
66
|
def admin_set_primary
|
|
68
67
|
return if !user_is_allowed('domains', 'edit')
|
|
68
|
+
return if params[:site_id] != @site.id.to_s && !@site.is_master
|
|
69
69
|
resp = StdClass.new
|
|
70
|
-
d =
|
|
70
|
+
d = get_edit_domain(params[:id], @site.id)
|
|
71
71
|
save = true
|
|
72
|
-
#d.primary = value
|
|
73
72
|
Domain.where(:site_id => params[:site_id]).all.each do |d2|
|
|
74
73
|
d2.primary = d2.id == d.id ? true : false
|
|
75
74
|
d2.save
|
|
@@ -77,6 +76,14 @@ module Caboose
|
|
|
77
76
|
resp.success = save && d.save
|
|
78
77
|
render :json => resp
|
|
79
78
|
end
|
|
79
|
+
|
|
80
|
+
private
|
|
81
|
+
|
|
82
|
+
def get_edit_domain(domain_id, site_id)
|
|
83
|
+
domain = Domain.find(domain_id)
|
|
84
|
+
return domain if domain && (domain.site_id == site_id || logged_in_user.is_super_admin?)
|
|
85
|
+
return nil
|
|
86
|
+
end
|
|
80
87
|
|
|
81
88
|
end
|
|
82
89
|
end
|
|
@@ -25,8 +25,10 @@ module Caboose
|
|
|
25
25
|
resp.error = "Username must be at least three characters."
|
|
26
26
|
elsif Caboose::User.where(:username => uname, :site_id => @site.id).where('id != ?',user.id).exists?
|
|
27
27
|
resp.error = "That username is already taken."
|
|
28
|
+
elsif uname == 'superadmin'
|
|
29
|
+
resp.error = "Choose a different username."
|
|
28
30
|
else
|
|
29
|
-
user.username
|
|
31
|
+
user.username = uname
|
|
30
32
|
end
|
|
31
33
|
when "email"
|
|
32
34
|
email = value.strip.downcase
|
|
@@ -35,9 +37,9 @@ module Caboose
|
|
|
35
37
|
elsif Caboose::User.where(:email => email, :site_id => @site.id).where('id != ?',user.id).exists?
|
|
36
38
|
resp.error = "That email address is already in the system."
|
|
37
39
|
else
|
|
38
|
-
user.email
|
|
40
|
+
user.email = email
|
|
39
41
|
end
|
|
40
|
-
when "phone" then user.phone
|
|
42
|
+
when "phone" then user.phone = value
|
|
41
43
|
|
|
42
44
|
when "address" then user.address = value
|
|
43
45
|
when "address2" then user.address2 = value
|
|
@@ -50,10 +50,8 @@ module Caboose
|
|
|
50
50
|
# @route PUT /admin/post-custom-fields/:id
|
|
51
51
|
def admin_update
|
|
52
52
|
return if !user_is_allowed('postcustomfields', 'edit')
|
|
53
|
-
|
|
54
53
|
resp = Caboose::StdClass.new
|
|
55
54
|
f = PostCustomField.find(params[:id])
|
|
56
|
-
|
|
57
55
|
save = true
|
|
58
56
|
params.each do |name, value|
|
|
59
57
|
case name
|
|
@@ -3,11 +3,6 @@ module Caboose
|
|
|
3
3
|
|
|
4
4
|
helper :application
|
|
5
5
|
|
|
6
|
-
# @route GET /posts
|
|
7
|
-
# def index
|
|
8
|
-
# @posts = Post.where(:published => true, :site_id => @site.id).limit(10).reorder('created_at DESC')
|
|
9
|
-
# end
|
|
10
|
-
|
|
11
6
|
# @route GET /posts/:id
|
|
12
7
|
# @route GET /posts/:year/:month/:day/:slug
|
|
13
8
|
def show
|
|
@@ -29,7 +24,6 @@ module Caboose
|
|
|
29
24
|
@editing = false
|
|
30
25
|
@preview = false
|
|
31
26
|
@post = Caboose.plugin_hook('post_content', @post)
|
|
32
|
-
# @editmode = !params['edit'].nil? && user.is_allowed('posts', 'edit') ? true : false
|
|
33
27
|
end
|
|
34
28
|
|
|
35
29
|
#=============================================================================
|
|
@@ -46,17 +40,18 @@ module Caboose
|
|
|
46
40
|
# @route GET /admin/posts/json
|
|
47
41
|
def admin_json
|
|
48
42
|
return if !user_is_allowed('posts', 'view')
|
|
49
|
-
|
|
50
43
|
pager = PageBarGenerator.new(params, {
|
|
51
44
|
'site_id' => @site.id,
|
|
52
45
|
'title_like' => '',
|
|
53
|
-
},
|
|
46
|
+
},
|
|
47
|
+
{
|
|
54
48
|
'model' => 'Caboose::Post',
|
|
55
49
|
'sort' => 'created_at',
|
|
56
50
|
'desc' => true,
|
|
57
51
|
'base_url' => '/admin/posts',
|
|
58
52
|
'items_per_page' => 50,
|
|
59
|
-
'use_url_params' => false
|
|
53
|
+
'use_url_params' => false,
|
|
54
|
+
'additional_where' => [ "(site_id = #{@site.id})" ]
|
|
60
55
|
})
|
|
61
56
|
render :json => {
|
|
62
57
|
:pager => pager,
|
|
@@ -67,21 +62,21 @@ module Caboose
|
|
|
67
62
|
# @route GET /admin/posts/:id/json
|
|
68
63
|
def admin_json_single
|
|
69
64
|
return if !user_is_allowed('posts', 'edit')
|
|
70
|
-
@post =
|
|
65
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
71
66
|
render :json => @post
|
|
72
67
|
end
|
|
73
68
|
|
|
74
69
|
# @route GET /admin/posts/:id/preview
|
|
75
70
|
def admin_edit_preview
|
|
76
71
|
return if !user_is_allowed('posts', 'edit')
|
|
77
|
-
@post =
|
|
72
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
78
73
|
render :layout => 'caboose/admin'
|
|
79
74
|
end
|
|
80
75
|
|
|
81
76
|
# @route GET /admin/posts/:id/publish
|
|
82
77
|
def admin_publish
|
|
83
78
|
return unless user_is_allowed('posts', 'edit')
|
|
84
|
-
post =
|
|
79
|
+
post = get_edit_post(params[:id], @site.id)
|
|
85
80
|
post.publish
|
|
86
81
|
redirect_to "/admin/posts/#{post.id}/content"
|
|
87
82
|
end
|
|
@@ -89,7 +84,7 @@ module Caboose
|
|
|
89
84
|
# @route GET /admin/posts/:id/revert
|
|
90
85
|
def admin_revert
|
|
91
86
|
return unless user_is_allowed('posts', 'edit')
|
|
92
|
-
post =
|
|
87
|
+
post = get_edit_post(params[:id], @site.id)
|
|
93
88
|
post.revert
|
|
94
89
|
redirect_to "/admin/posts/#{post.id}/content"
|
|
95
90
|
end
|
|
@@ -97,7 +92,7 @@ module Caboose
|
|
|
97
92
|
# @route GET /admin/posts/:id/content
|
|
98
93
|
def admin_edit_content
|
|
99
94
|
return if !user_is_allowed('posts', 'edit')
|
|
100
|
-
@post =
|
|
95
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
101
96
|
if @post.body
|
|
102
97
|
@post.preview = @post.body
|
|
103
98
|
@post.body = nil
|
|
@@ -116,7 +111,7 @@ module Caboose
|
|
|
116
111
|
# @route GET /admin/posts/:id/preview-post
|
|
117
112
|
def admin_preview_post
|
|
118
113
|
return if !user_is_allowed('posts', 'edit')
|
|
119
|
-
@post =
|
|
114
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
120
115
|
@editing = true
|
|
121
116
|
@preview = true
|
|
122
117
|
end
|
|
@@ -124,7 +119,7 @@ module Caboose
|
|
|
124
119
|
# @route GET /admin/posts/:id/categories
|
|
125
120
|
def admin_edit_categories
|
|
126
121
|
return if !user_is_allowed('posts', 'edit')
|
|
127
|
-
@post =
|
|
122
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
128
123
|
@categories = PostCategory.where(:site_id => @site.id).reorder(:name).all
|
|
129
124
|
if @categories.nil? || @categories.count == 0
|
|
130
125
|
PostCategory.create(:site_id => @site.id, :name => 'General News')
|
|
@@ -136,14 +131,14 @@ module Caboose
|
|
|
136
131
|
# @route GET /admin/posts/:id/layout
|
|
137
132
|
def admin_edit_layout
|
|
138
133
|
return unless user_is_allowed('posts', 'edit')
|
|
139
|
-
@post =
|
|
134
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
140
135
|
render :layout => 'caboose/admin'
|
|
141
136
|
end
|
|
142
137
|
|
|
143
138
|
# @route GET /admin/posts/:id/delete
|
|
144
139
|
def admin_delete_form
|
|
145
140
|
return if !user_is_allowed('posts', 'delete')
|
|
146
|
-
@post =
|
|
141
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
147
142
|
render :layout => 'caboose/admin'
|
|
148
143
|
end
|
|
149
144
|
|
|
@@ -151,7 +146,7 @@ module Caboose
|
|
|
151
146
|
# @route GET /admin/posts/:id/edit
|
|
152
147
|
def admin_edit_general
|
|
153
148
|
return if !user_is_allowed('posts', 'edit')
|
|
154
|
-
@post =
|
|
149
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
155
150
|
@post.verify_custom_field_values_exist
|
|
156
151
|
render :layout => 'caboose/admin'
|
|
157
152
|
end
|
|
@@ -160,8 +155,9 @@ module Caboose
|
|
|
160
155
|
def admin_update_layout
|
|
161
156
|
return unless user_is_allowed('posts', 'edit')
|
|
162
157
|
bt = BlockType.find(params[:block_type_id])
|
|
163
|
-
|
|
164
|
-
Block.
|
|
158
|
+
post = get_edit_post(params[:id], @site.id)
|
|
159
|
+
Block.where(:post_id => post.id).destroy_all if post
|
|
160
|
+
Block.create(:post_id => post.id, :block_type_id => params[:block_type_id], :name => bt.name) if post
|
|
165
161
|
resp = Caboose::StdClass.new({
|
|
166
162
|
'redirect' => "/admin/posts/#{params[:id]}/content"
|
|
167
163
|
})
|
|
@@ -171,10 +167,8 @@ module Caboose
|
|
|
171
167
|
# @route PUT /admin/posts/:id
|
|
172
168
|
def admin_update
|
|
173
169
|
return if !user_is_allowed('posts', 'edit')
|
|
174
|
-
|
|
175
170
|
resp = Caboose::StdClass.new({'attributes' => {}})
|
|
176
|
-
post =
|
|
177
|
-
|
|
171
|
+
post = get_edit_post(params[:id], @site.id)
|
|
178
172
|
save = true
|
|
179
173
|
params.each do |name, value|
|
|
180
174
|
case name
|
|
@@ -198,14 +192,12 @@ module Caboose
|
|
|
198
192
|
|
|
199
193
|
# @route POST /admin/posts/:id/image
|
|
200
194
|
def admin_update_image
|
|
201
|
-
return if !user_is_allowed('posts', 'edit')
|
|
202
|
-
|
|
195
|
+
return if !user_is_allowed('posts', 'edit')
|
|
203
196
|
resp = Caboose::StdClass.new
|
|
204
|
-
post =
|
|
197
|
+
post = get_edit_post(params[:id], @site.id)
|
|
205
198
|
post.image = params[:image]
|
|
206
199
|
resp.success = post.save
|
|
207
200
|
resp.attributes = { 'image' => { 'value' => post.image.url(:thumb) }}
|
|
208
|
-
|
|
209
201
|
render :text => resp.to_json
|
|
210
202
|
end
|
|
211
203
|
|
|
@@ -220,66 +212,62 @@ module Caboose
|
|
|
220
212
|
# @route POST /admin/posts
|
|
221
213
|
def admin_add
|
|
222
214
|
return if !user_is_allowed('posts', 'add')
|
|
223
|
-
|
|
224
215
|
resp = Caboose::StdClass.new({
|
|
225
216
|
'error' => nil,
|
|
226
217
|
'redirect' => nil
|
|
227
218
|
})
|
|
228
|
-
|
|
229
219
|
post = Post.new
|
|
230
220
|
post.site_id = @site.id
|
|
231
221
|
post.title = params[:title]
|
|
232
222
|
post.published = false
|
|
233
|
-
|
|
234
|
-
if post.title == nil || post.title.length == 0
|
|
223
|
+
if post.title.blank?
|
|
235
224
|
resp.error = 'A title is required.'
|
|
236
225
|
else
|
|
237
226
|
post.save
|
|
238
227
|
post.set_slug_and_uri(post.title)
|
|
239
228
|
resp.redirect = "/admin/posts/#{post.id}"
|
|
240
229
|
end
|
|
241
|
-
|
|
242
230
|
render :json => resp
|
|
243
231
|
end
|
|
244
232
|
|
|
245
233
|
# @route GET /admin/posts/:id/add-to-category
|
|
246
234
|
def admin_add_to_category
|
|
247
235
|
return if !user_is_allowed('posts', 'edit')
|
|
248
|
-
|
|
249
|
-
post_id = params[:id]
|
|
236
|
+
post = get_edit_post(params[:id], @site.id)
|
|
250
237
|
cat_id = params[:post_category_id]
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
PostCategoryMembership.create(:post_id => post_id, :post_category_id => cat_id)
|
|
238
|
+
if post && !PostCategoryMembership.exists?(:post_id => post.id, :post_category_id => cat_id)
|
|
239
|
+
PostCategoryMembership.create(:post_id => post.id, :post_category_id => cat_id)
|
|
254
240
|
end
|
|
255
|
-
|
|
256
241
|
render :json => true
|
|
257
242
|
end
|
|
258
243
|
|
|
259
244
|
# @route GET /admin/posts/:id/remove-from-category
|
|
260
245
|
def admin_remove_from_category
|
|
261
246
|
return if !user_is_allowed('posts', 'edit')
|
|
262
|
-
|
|
263
|
-
post_id = params[:id]
|
|
247
|
+
post = get_edit_post(params[:id], @site.id)
|
|
264
248
|
cat_id = params[:post_category_id]
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
PostCategoryMembership.where(:post_id => post_id, :post_category_id => cat_id).destroy_all
|
|
249
|
+
if post && PostCategoryMembership.exists?(:post_id => post.id, :post_category_id => cat_id)
|
|
250
|
+
PostCategoryMembership.where(:post_id => post.id, :post_category_id => cat_id).destroy_all
|
|
268
251
|
end
|
|
269
|
-
|
|
270
252
|
render :json => true
|
|
271
253
|
end
|
|
272
254
|
|
|
273
255
|
# @route DELETE /admin/posts/:id
|
|
274
256
|
def admin_delete
|
|
275
257
|
return if !user_is_allowed('posts', 'edit')
|
|
276
|
-
|
|
277
|
-
post_id
|
|
278
|
-
|
|
279
|
-
Post.where(:id => post_id).destroy_all
|
|
280
|
-
|
|
258
|
+
post = get_edit_post(params[:id], @site.id)
|
|
259
|
+
PostCategoryMembership.where(:post_id => post.id).destroy_all if post
|
|
260
|
+
Post.where(:id => post.id).destroy_all if post
|
|
281
261
|
render :json => { 'redirect' => '/admin/posts' }
|
|
282
262
|
end
|
|
263
|
+
|
|
264
|
+
private
|
|
265
|
+
|
|
266
|
+
def get_edit_post(post_id, site_id)
|
|
267
|
+
post = Post.find(post_id)
|
|
268
|
+
return post if post && (post.site_id == site_id || logged_in_user.is_super_admin?)
|
|
269
|
+
return nil
|
|
270
|
+
end
|
|
283
271
|
|
|
284
272
|
end
|
|
285
273
|
end
|
|
@@ -24,7 +24,7 @@ module Caboose
|
|
|
24
24
|
# @route GET /admin/roles/:id
|
|
25
25
|
def edit
|
|
26
26
|
return unless user_is_allowed('roles', 'edit')
|
|
27
|
-
@role =
|
|
27
|
+
@role = get_edit_role(params[:id], @site.id)
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
# @route POST /admin/roles
|
|
@@ -56,7 +56,7 @@ module Caboose
|
|
|
56
56
|
return unless user_is_allowed('roles', 'edit')
|
|
57
57
|
|
|
58
58
|
resp = StdClass.new
|
|
59
|
-
role =
|
|
59
|
+
role = get_edit_role(params[:id], @site.id)
|
|
60
60
|
|
|
61
61
|
save = true
|
|
62
62
|
params.each do |name,value|
|
|
@@ -99,7 +99,7 @@ module Caboose
|
|
|
99
99
|
# @route DELETE /admin/roles/:id
|
|
100
100
|
def destroy
|
|
101
101
|
return unless user_is_allowed('roles', 'delete')
|
|
102
|
-
@role =
|
|
102
|
+
@role = get_edit_role(params[:id], @site.id)
|
|
103
103
|
@role.destroy
|
|
104
104
|
render json: { 'redirect' => '/admin/roles' }
|
|
105
105
|
end
|
|
@@ -107,8 +107,9 @@ module Caboose
|
|
|
107
107
|
# @route POST /admin/roles/:id/permissions/:permission_id
|
|
108
108
|
def add_permission
|
|
109
109
|
return if !user_is_allowed('roles', 'edit')
|
|
110
|
-
|
|
111
|
-
|
|
110
|
+
role = get_edit_role(params[:id], @site.id)
|
|
111
|
+
if role && !RolePermission.where(:role_id => role.id, :permission_id => params[:permission_id], ).exists?
|
|
112
|
+
RolePermission.create(:role_id => role.id, :permission_id => params[:permission_id])
|
|
112
113
|
end
|
|
113
114
|
render :json => true
|
|
114
115
|
end
|
|
@@ -116,7 +117,8 @@ module Caboose
|
|
|
116
117
|
# @route DELETE /admin/roles/:id/permissions/:permission_id
|
|
117
118
|
def remove_permission
|
|
118
119
|
return if !user_is_allowed('roles', 'edit')
|
|
119
|
-
|
|
120
|
+
role = get_edit_role(params[:id], @site.id)
|
|
121
|
+
RolePermission.where(:role_id => role.id, :permission_id => params[:permission_id]).destroy_all if role
|
|
120
122
|
render :json => true
|
|
121
123
|
end
|
|
122
124
|
|
|
@@ -143,5 +145,16 @@ module Caboose
|
|
|
143
145
|
end
|
|
144
146
|
return arr
|
|
145
147
|
end
|
|
148
|
+
|
|
149
|
+
|
|
150
|
+
private
|
|
151
|
+
|
|
152
|
+
def get_edit_role(role_id, site_id)
|
|
153
|
+
role = Role.find(role_id)
|
|
154
|
+
return role if role && (role.site_id == site_id || logged_in_user.is_super_admin?)
|
|
155
|
+
return nil
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
|
|
146
159
|
end
|
|
147
160
|
end
|
|
@@ -46,6 +46,10 @@ module Caboose
|
|
|
46
46
|
# @route GET /admin/sites/json
|
|
47
47
|
def admin_json
|
|
48
48
|
return if !user_is_allowed('sites', 'view')
|
|
49
|
+
if !@site.is_master
|
|
50
|
+
@error = "You are not allowed to view sites."
|
|
51
|
+
render :file => 'caboose/extras/error' and return
|
|
52
|
+
end
|
|
49
53
|
h = {
|
|
50
54
|
'name' => '',
|
|
51
55
|
'description' => '',
|
|
@@ -68,14 +72,14 @@ module Caboose
|
|
|
68
72
|
# @route GET /admin/sites/:id/json
|
|
69
73
|
def admin_json_single
|
|
70
74
|
return if !user_is_allowed('sites', 'view')
|
|
71
|
-
site =
|
|
75
|
+
site = get_edit_site(params[:id], @site.id)
|
|
72
76
|
render :json => site.as_json(:include => :domains)
|
|
73
77
|
end
|
|
74
78
|
|
|
75
79
|
# @route GET /admin/sites/new
|
|
76
80
|
def admin_new
|
|
77
81
|
return if !user_is_allowed('sites', 'add')
|
|
78
|
-
if
|
|
82
|
+
if !@site.is_master
|
|
79
83
|
@error = "You are not allowed to edit this site."
|
|
80
84
|
render :file => 'caboose/extras/error' and return
|
|
81
85
|
end
|
|
@@ -299,6 +303,7 @@ module Caboose
|
|
|
299
303
|
# @route GET /admin/sites/:id/:field-options
|
|
300
304
|
def options
|
|
301
305
|
return if !user_is_allowed('sites', 'view')
|
|
306
|
+
render :json => { :error => "You are not allowed to manage sites." } and return if !@site.is_master
|
|
302
307
|
case params[:field]
|
|
303
308
|
when nil
|
|
304
309
|
options = logged_in_user.is_super_admin? ? Site.reorder('name').all.collect { |s| { 'value' => s.id, 'text' => s.name }} : []
|
|
@@ -312,5 +317,14 @@ module Caboose
|
|
|
312
317
|
render :json => options
|
|
313
318
|
end
|
|
314
319
|
|
|
320
|
+
|
|
321
|
+
private
|
|
322
|
+
|
|
323
|
+
def get_edit_site(s_id, site_id)
|
|
324
|
+
site = Site.find(s_id)
|
|
325
|
+
return site if site && (site.id == site_id || logged_in_user.is_super_admin?)
|
|
326
|
+
return nil
|
|
327
|
+
end
|
|
328
|
+
|
|
315
329
|
end
|
|
316
330
|
end
|
|
@@ -12,13 +12,6 @@ module Caboose
|
|
|
12
12
|
def admin_add
|
|
13
13
|
body = JSON.parse(request.raw_post, {symbolize_names: true})
|
|
14
14
|
Caboose.log(body)
|
|
15
|
-
# if body[:Records]
|
|
16
|
-
# records = body[:Records]
|
|
17
|
-
# # if body[:Type] && body[:Type] == "SubscriptionConfirmation"
|
|
18
|
-
# # Caboose.log("SNS Subscription SubscribeURL\n#{body[:SubscribeURL]}")
|
|
19
|
-
# if records['eventSource'] == "aws:s3"
|
|
20
|
-
# msg = JSON.parse(body[:Message])
|
|
21
|
-
# if msg['Records']
|
|
22
15
|
if body && body[:Records]
|
|
23
16
|
body[:Records].each do |r|
|
|
24
17
|
if r[:eventName] && r[:eventName].starts_with?('ObjectCreated')
|
|
@@ -36,9 +29,6 @@ module Caboose
|
|
|
36
29
|
end
|
|
37
30
|
end
|
|
38
31
|
end
|
|
39
|
-
# end
|
|
40
|
-
# end
|
|
41
|
-
# end
|
|
42
32
|
render :json => true
|
|
43
33
|
end
|
|
44
34
|
|
|
@@ -37,7 +37,8 @@ module Caboose
|
|
|
37
37
|
'sort' => 'last_name, first_name',
|
|
38
38
|
'desc' => false,
|
|
39
39
|
'base_url' => '/admin/users',
|
|
40
|
-
'use_url_params' => false
|
|
40
|
+
'use_url_params' => false,
|
|
41
|
+
'additional_where' => [ "(site_id = #{@site.id})" ]
|
|
41
42
|
})
|
|
42
43
|
render :json => {
|
|
43
44
|
:pager => pager,
|
|
@@ -253,6 +254,8 @@ module Caboose
|
|
|
253
254
|
resp.error = "Username must be at least three characters."
|
|
254
255
|
elsif Caboose::User.where(:username => uname, :site_id => @site.id).where('id != ?',user.id).exists?
|
|
255
256
|
resp.error = "That username is already taken."
|
|
257
|
+
elsif uname == 'superadmin'
|
|
258
|
+
resp.error = "Choose a different username."
|
|
256
259
|
else
|
|
257
260
|
user.username = uname
|
|
258
261
|
end
|
|
@@ -3,12 +3,12 @@
|
|
|
3
3
|
|
|
4
4
|
<p><input type='button' value='< Back' onclick="window.location='/admin/roles';" /></p>
|
|
5
5
|
|
|
6
|
-
<div id="role_<%= @role.id %>_name"></div>
|
|
7
|
-
<div id="role_<%= @role.id %>_parent_id"></div>
|
|
8
|
-
<div id="role_<%= @role.id %>_description"></div>
|
|
6
|
+
<p><div id="role_<%= @role.id %>_name"></div></p>
|
|
7
|
+
<p><div id="role_<%= @role.id %>_parent_id"></div></p>
|
|
8
|
+
<p><div id="role_<%= @role.id %>_description"></div></p>
|
|
9
9
|
|
|
10
10
|
<h3>Members</h3>
|
|
11
|
-
<% users = Caboose::User.where(:site_id => @site.id).reorder("last_name, first_name").
|
|
11
|
+
<% users = Caboose::User.where(:site_id => @site.id).reorder("last_name, first_name").limit(100) %>
|
|
12
12
|
<% if users && users.count > 0 %>
|
|
13
13
|
<div id='members'>
|
|
14
14
|
<table class='data'>
|
|
@@ -59,7 +59,7 @@ user_ids = [] if user_ids.nil?
|
|
|
59
59
|
<div id='members'>
|
|
60
60
|
<table class='data'>
|
|
61
61
|
<tr><th>User</th><th>None</th><th>User</th><th>Admin</th></tr>
|
|
62
|
-
<% Caboose::User.where(:site_id => @site.id).reorder('last_name, first_name').
|
|
62
|
+
<% Caboose::User.where(:site_id => @site.id).reorder('last_name, first_name').limit(100).each do |u| %>
|
|
63
63
|
<tr>
|
|
64
64
|
<td><%= u.first_name %> <%= u.last_name %> (<%= u.email %>)</td>
|
|
65
65
|
<td align='center'><input type='radio' name='user<%= u.id %>' <%= !admin_ids.include?(u.id) && !user_ids.include?(u.id) ? "checked='true'" : '' %> onclick="remove_site_membership(<%= s.id %>, <%= u.id %>);" /></td>
|
data/lib/caboose/version.rb
CHANGED