caboose-cms 0.9.194 → 0.9.195
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/caboose/admin_controller.rb +0 -4
- data/app/controllers/caboose/domains_controller.rb +18 -11
- data/app/controllers/caboose/logout_controller.rb +0 -1
- data/app/controllers/caboose/my_account_controller.rb +5 -3
- data/app/controllers/caboose/post_custom_fields_controller.rb +0 -2
- data/app/controllers/caboose/posts_controller.rb +38 -50
- data/app/controllers/caboose/roles_controller.rb +19 -6
- data/app/controllers/caboose/sites_controller.rb +16 -2
- data/app/controllers/caboose/sns_controller.rb +0 -10
- data/app/controllers/caboose/users_controller.rb +4 -1
- data/app/views/caboose/roles/edit.html.erb +4 -4
- data/app/views/caboose/sites/admin_edit.html.erb +1 -1
- data/lib/caboose/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 23803eb2e4de5b950f3968d7232e8c15324c2a08
|
|
4
|
+
data.tar.gz: 7b04e7ca4a9102717531603e8dcb2387f338e8c8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 923cf92e138005734a17250f5d47b0e31671c023266334916b3437b371e0e191983c320fa8c6b3ab4268cfbe10a7906b50d507e678d4a845945f19668efbd1d1
|
|
7
|
+
data.tar.gz: 911d24ae64333b88ee701a9927a7c1c1f984b3b7d921196f2e2521275608bdbab6909b66c05a7d717545189b0656c60e812f580f9dfc9b2461408a9f057cedf5
|
|
@@ -11,16 +11,15 @@ module Caboose
|
|
|
11
11
|
# @route POST /admin/sites/:site_id/domains
|
|
12
12
|
def admin_add
|
|
13
13
|
return if !user_is_allowed('domains', 'edit')
|
|
14
|
-
|
|
15
|
-
resp = Caboose::StdClass.new
|
|
14
|
+
return if params[:site_id] != @site.id.to_s && !@site.is_master
|
|
15
|
+
resp = Caboose::StdClass.new
|
|
16
16
|
d = Domain.where(:domain => params[:domain]).first
|
|
17
|
-
|
|
18
17
|
if d && d.site_id != params[:site_id]
|
|
19
18
|
resp.error = "That domain is already associated with another site."
|
|
20
19
|
elsif d && d.site_id == params[:site_id]
|
|
21
20
|
resp.refresh = true
|
|
22
21
|
elsif d.nil?
|
|
23
|
-
primary = Domain.where(:site_id => params[:site_id]).count == 0
|
|
22
|
+
primary = Domain.where(:site_id => params[:site_id]).count == 0
|
|
24
23
|
d = Domain.create(:site_id => params[:site_id], :domain => params[:domain], :primary => primary)
|
|
25
24
|
resp.refresh = true
|
|
26
25
|
end
|
|
@@ -30,10 +29,9 @@ module Caboose
|
|
|
30
29
|
# @route PUT /admin/sites/:site_id/domains/:id
|
|
31
30
|
def admin_update
|
|
32
31
|
return if !user_is_allowed('domains', 'edit')
|
|
33
|
-
|
|
32
|
+
return if params[:site_id] != @site.id.to_s && !@site.is_master
|
|
34
33
|
resp = StdClass.new
|
|
35
|
-
d =
|
|
36
|
-
|
|
34
|
+
d = get_edit_domain(params[:id], @site.id)
|
|
37
35
|
save = true
|
|
38
36
|
params.each do |name,value|
|
|
39
37
|
case name
|
|
@@ -51,7 +49,6 @@ module Caboose
|
|
|
51
49
|
end
|
|
52
50
|
end
|
|
53
51
|
end
|
|
54
|
-
|
|
55
52
|
resp.success = save && d.save
|
|
56
53
|
render :json => resp
|
|
57
54
|
end
|
|
@@ -59,17 +56,19 @@ module Caboose
|
|
|
59
56
|
# @route DELETE /admin/sites/:site_id/domains/:id
|
|
60
57
|
def admin_delete
|
|
61
58
|
return if !user_is_allowed('sites', 'delete')
|
|
62
|
-
|
|
59
|
+
return if params[:site_id] != @site.id.to_s && !@site.is_master
|
|
60
|
+
domain = get_edit_domain(params[:id], @site.id)
|
|
61
|
+
domain.destroy if domain
|
|
63
62
|
render :json => { 'refresh' => "/admin/sites/#{params[:site_id]}" }
|
|
64
63
|
end
|
|
65
64
|
|
|
66
65
|
# @route PUT /admin/sites/:site_id/domains/:id/set-primary
|
|
67
66
|
def admin_set_primary
|
|
68
67
|
return if !user_is_allowed('domains', 'edit')
|
|
68
|
+
return if params[:site_id] != @site.id.to_s && !@site.is_master
|
|
69
69
|
resp = StdClass.new
|
|
70
|
-
d =
|
|
70
|
+
d = get_edit_domain(params[:id], @site.id)
|
|
71
71
|
save = true
|
|
72
|
-
#d.primary = value
|
|
73
72
|
Domain.where(:site_id => params[:site_id]).all.each do |d2|
|
|
74
73
|
d2.primary = d2.id == d.id ? true : false
|
|
75
74
|
d2.save
|
|
@@ -77,6 +76,14 @@ module Caboose
|
|
|
77
76
|
resp.success = save && d.save
|
|
78
77
|
render :json => resp
|
|
79
78
|
end
|
|
79
|
+
|
|
80
|
+
private
|
|
81
|
+
|
|
82
|
+
def get_edit_domain(domain_id, site_id)
|
|
83
|
+
domain = Domain.find(domain_id)
|
|
84
|
+
return domain if domain && (domain.site_id == site_id || logged_in_user.is_super_admin?)
|
|
85
|
+
return nil
|
|
86
|
+
end
|
|
80
87
|
|
|
81
88
|
end
|
|
82
89
|
end
|
|
@@ -25,8 +25,10 @@ module Caboose
|
|
|
25
25
|
resp.error = "Username must be at least three characters."
|
|
26
26
|
elsif Caboose::User.where(:username => uname, :site_id => @site.id).where('id != ?',user.id).exists?
|
|
27
27
|
resp.error = "That username is already taken."
|
|
28
|
+
elsif uname == 'superadmin'
|
|
29
|
+
resp.error = "Choose a different username."
|
|
28
30
|
else
|
|
29
|
-
user.username
|
|
31
|
+
user.username = uname
|
|
30
32
|
end
|
|
31
33
|
when "email"
|
|
32
34
|
email = value.strip.downcase
|
|
@@ -35,9 +37,9 @@ module Caboose
|
|
|
35
37
|
elsif Caboose::User.where(:email => email, :site_id => @site.id).where('id != ?',user.id).exists?
|
|
36
38
|
resp.error = "That email address is already in the system."
|
|
37
39
|
else
|
|
38
|
-
user.email
|
|
40
|
+
user.email = email
|
|
39
41
|
end
|
|
40
|
-
when "phone" then user.phone
|
|
42
|
+
when "phone" then user.phone = value
|
|
41
43
|
|
|
42
44
|
when "address" then user.address = value
|
|
43
45
|
when "address2" then user.address2 = value
|
|
@@ -50,10 +50,8 @@ module Caboose
|
|
|
50
50
|
# @route PUT /admin/post-custom-fields/:id
|
|
51
51
|
def admin_update
|
|
52
52
|
return if !user_is_allowed('postcustomfields', 'edit')
|
|
53
|
-
|
|
54
53
|
resp = Caboose::StdClass.new
|
|
55
54
|
f = PostCustomField.find(params[:id])
|
|
56
|
-
|
|
57
55
|
save = true
|
|
58
56
|
params.each do |name, value|
|
|
59
57
|
case name
|
|
@@ -3,11 +3,6 @@ module Caboose
|
|
|
3
3
|
|
|
4
4
|
helper :application
|
|
5
5
|
|
|
6
|
-
# @route GET /posts
|
|
7
|
-
# def index
|
|
8
|
-
# @posts = Post.where(:published => true, :site_id => @site.id).limit(10).reorder('created_at DESC')
|
|
9
|
-
# end
|
|
10
|
-
|
|
11
6
|
# @route GET /posts/:id
|
|
12
7
|
# @route GET /posts/:year/:month/:day/:slug
|
|
13
8
|
def show
|
|
@@ -29,7 +24,6 @@ module Caboose
|
|
|
29
24
|
@editing = false
|
|
30
25
|
@preview = false
|
|
31
26
|
@post = Caboose.plugin_hook('post_content', @post)
|
|
32
|
-
# @editmode = !params['edit'].nil? && user.is_allowed('posts', 'edit') ? true : false
|
|
33
27
|
end
|
|
34
28
|
|
|
35
29
|
#=============================================================================
|
|
@@ -46,17 +40,18 @@ module Caboose
|
|
|
46
40
|
# @route GET /admin/posts/json
|
|
47
41
|
def admin_json
|
|
48
42
|
return if !user_is_allowed('posts', 'view')
|
|
49
|
-
|
|
50
43
|
pager = PageBarGenerator.new(params, {
|
|
51
44
|
'site_id' => @site.id,
|
|
52
45
|
'title_like' => '',
|
|
53
|
-
},
|
|
46
|
+
},
|
|
47
|
+
{
|
|
54
48
|
'model' => 'Caboose::Post',
|
|
55
49
|
'sort' => 'created_at',
|
|
56
50
|
'desc' => true,
|
|
57
51
|
'base_url' => '/admin/posts',
|
|
58
52
|
'items_per_page' => 50,
|
|
59
|
-
'use_url_params' => false
|
|
53
|
+
'use_url_params' => false,
|
|
54
|
+
'additional_where' => [ "(site_id = #{@site.id})" ]
|
|
60
55
|
})
|
|
61
56
|
render :json => {
|
|
62
57
|
:pager => pager,
|
|
@@ -67,21 +62,21 @@ module Caboose
|
|
|
67
62
|
# @route GET /admin/posts/:id/json
|
|
68
63
|
def admin_json_single
|
|
69
64
|
return if !user_is_allowed('posts', 'edit')
|
|
70
|
-
@post =
|
|
65
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
71
66
|
render :json => @post
|
|
72
67
|
end
|
|
73
68
|
|
|
74
69
|
# @route GET /admin/posts/:id/preview
|
|
75
70
|
def admin_edit_preview
|
|
76
71
|
return if !user_is_allowed('posts', 'edit')
|
|
77
|
-
@post =
|
|
72
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
78
73
|
render :layout => 'caboose/admin'
|
|
79
74
|
end
|
|
80
75
|
|
|
81
76
|
# @route GET /admin/posts/:id/publish
|
|
82
77
|
def admin_publish
|
|
83
78
|
return unless user_is_allowed('posts', 'edit')
|
|
84
|
-
post =
|
|
79
|
+
post = get_edit_post(params[:id], @site.id)
|
|
85
80
|
post.publish
|
|
86
81
|
redirect_to "/admin/posts/#{post.id}/content"
|
|
87
82
|
end
|
|
@@ -89,7 +84,7 @@ module Caboose
|
|
|
89
84
|
# @route GET /admin/posts/:id/revert
|
|
90
85
|
def admin_revert
|
|
91
86
|
return unless user_is_allowed('posts', 'edit')
|
|
92
|
-
post =
|
|
87
|
+
post = get_edit_post(params[:id], @site.id)
|
|
93
88
|
post.revert
|
|
94
89
|
redirect_to "/admin/posts/#{post.id}/content"
|
|
95
90
|
end
|
|
@@ -97,7 +92,7 @@ module Caboose
|
|
|
97
92
|
# @route GET /admin/posts/:id/content
|
|
98
93
|
def admin_edit_content
|
|
99
94
|
return if !user_is_allowed('posts', 'edit')
|
|
100
|
-
@post =
|
|
95
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
101
96
|
if @post.body
|
|
102
97
|
@post.preview = @post.body
|
|
103
98
|
@post.body = nil
|
|
@@ -116,7 +111,7 @@ module Caboose
|
|
|
116
111
|
# @route GET /admin/posts/:id/preview-post
|
|
117
112
|
def admin_preview_post
|
|
118
113
|
return if !user_is_allowed('posts', 'edit')
|
|
119
|
-
@post =
|
|
114
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
120
115
|
@editing = true
|
|
121
116
|
@preview = true
|
|
122
117
|
end
|
|
@@ -124,7 +119,7 @@ module Caboose
|
|
|
124
119
|
# @route GET /admin/posts/:id/categories
|
|
125
120
|
def admin_edit_categories
|
|
126
121
|
return if !user_is_allowed('posts', 'edit')
|
|
127
|
-
@post =
|
|
122
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
128
123
|
@categories = PostCategory.where(:site_id => @site.id).reorder(:name).all
|
|
129
124
|
if @categories.nil? || @categories.count == 0
|
|
130
125
|
PostCategory.create(:site_id => @site.id, :name => 'General News')
|
|
@@ -136,14 +131,14 @@ module Caboose
|
|
|
136
131
|
# @route GET /admin/posts/:id/layout
|
|
137
132
|
def admin_edit_layout
|
|
138
133
|
return unless user_is_allowed('posts', 'edit')
|
|
139
|
-
@post =
|
|
134
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
140
135
|
render :layout => 'caboose/admin'
|
|
141
136
|
end
|
|
142
137
|
|
|
143
138
|
# @route GET /admin/posts/:id/delete
|
|
144
139
|
def admin_delete_form
|
|
145
140
|
return if !user_is_allowed('posts', 'delete')
|
|
146
|
-
@post =
|
|
141
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
147
142
|
render :layout => 'caboose/admin'
|
|
148
143
|
end
|
|
149
144
|
|
|
@@ -151,7 +146,7 @@ module Caboose
|
|
|
151
146
|
# @route GET /admin/posts/:id/edit
|
|
152
147
|
def admin_edit_general
|
|
153
148
|
return if !user_is_allowed('posts', 'edit')
|
|
154
|
-
@post =
|
|
149
|
+
@post = get_edit_post(params[:id], @site.id)
|
|
155
150
|
@post.verify_custom_field_values_exist
|
|
156
151
|
render :layout => 'caboose/admin'
|
|
157
152
|
end
|
|
@@ -160,8 +155,9 @@ module Caboose
|
|
|
160
155
|
def admin_update_layout
|
|
161
156
|
return unless user_is_allowed('posts', 'edit')
|
|
162
157
|
bt = BlockType.find(params[:block_type_id])
|
|
163
|
-
|
|
164
|
-
Block.
|
|
158
|
+
post = get_edit_post(params[:id], @site.id)
|
|
159
|
+
Block.where(:post_id => post.id).destroy_all if post
|
|
160
|
+
Block.create(:post_id => post.id, :block_type_id => params[:block_type_id], :name => bt.name) if post
|
|
165
161
|
resp = Caboose::StdClass.new({
|
|
166
162
|
'redirect' => "/admin/posts/#{params[:id]}/content"
|
|
167
163
|
})
|
|
@@ -171,10 +167,8 @@ module Caboose
|
|
|
171
167
|
# @route PUT /admin/posts/:id
|
|
172
168
|
def admin_update
|
|
173
169
|
return if !user_is_allowed('posts', 'edit')
|
|
174
|
-
|
|
175
170
|
resp = Caboose::StdClass.new({'attributes' => {}})
|
|
176
|
-
post =
|
|
177
|
-
|
|
171
|
+
post = get_edit_post(params[:id], @site.id)
|
|
178
172
|
save = true
|
|
179
173
|
params.each do |name, value|
|
|
180
174
|
case name
|
|
@@ -198,14 +192,12 @@ module Caboose
|
|
|
198
192
|
|
|
199
193
|
# @route POST /admin/posts/:id/image
|
|
200
194
|
def admin_update_image
|
|
201
|
-
return if !user_is_allowed('posts', 'edit')
|
|
202
|
-
|
|
195
|
+
return if !user_is_allowed('posts', 'edit')
|
|
203
196
|
resp = Caboose::StdClass.new
|
|
204
|
-
post =
|
|
197
|
+
post = get_edit_post(params[:id], @site.id)
|
|
205
198
|
post.image = params[:image]
|
|
206
199
|
resp.success = post.save
|
|
207
200
|
resp.attributes = { 'image' => { 'value' => post.image.url(:thumb) }}
|
|
208
|
-
|
|
209
201
|
render :text => resp.to_json
|
|
210
202
|
end
|
|
211
203
|
|
|
@@ -220,66 +212,62 @@ module Caboose
|
|
|
220
212
|
# @route POST /admin/posts
|
|
221
213
|
def admin_add
|
|
222
214
|
return if !user_is_allowed('posts', 'add')
|
|
223
|
-
|
|
224
215
|
resp = Caboose::StdClass.new({
|
|
225
216
|
'error' => nil,
|
|
226
217
|
'redirect' => nil
|
|
227
218
|
})
|
|
228
|
-
|
|
229
219
|
post = Post.new
|
|
230
220
|
post.site_id = @site.id
|
|
231
221
|
post.title = params[:title]
|
|
232
222
|
post.published = false
|
|
233
|
-
|
|
234
|
-
if post.title == nil || post.title.length == 0
|
|
223
|
+
if post.title.blank?
|
|
235
224
|
resp.error = 'A title is required.'
|
|
236
225
|
else
|
|
237
226
|
post.save
|
|
238
227
|
post.set_slug_and_uri(post.title)
|
|
239
228
|
resp.redirect = "/admin/posts/#{post.id}"
|
|
240
229
|
end
|
|
241
|
-
|
|
242
230
|
render :json => resp
|
|
243
231
|
end
|
|
244
232
|
|
|
245
233
|
# @route GET /admin/posts/:id/add-to-category
|
|
246
234
|
def admin_add_to_category
|
|
247
235
|
return if !user_is_allowed('posts', 'edit')
|
|
248
|
-
|
|
249
|
-
post_id = params[:id]
|
|
236
|
+
post = get_edit_post(params[:id], @site.id)
|
|
250
237
|
cat_id = params[:post_category_id]
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
PostCategoryMembership.create(:post_id => post_id, :post_category_id => cat_id)
|
|
238
|
+
if post && !PostCategoryMembership.exists?(:post_id => post.id, :post_category_id => cat_id)
|
|
239
|
+
PostCategoryMembership.create(:post_id => post.id, :post_category_id => cat_id)
|
|
254
240
|
end
|
|
255
|
-
|
|
256
241
|
render :json => true
|
|
257
242
|
end
|
|
258
243
|
|
|
259
244
|
# @route GET /admin/posts/:id/remove-from-category
|
|
260
245
|
def admin_remove_from_category
|
|
261
246
|
return if !user_is_allowed('posts', 'edit')
|
|
262
|
-
|
|
263
|
-
post_id = params[:id]
|
|
247
|
+
post = get_edit_post(params[:id], @site.id)
|
|
264
248
|
cat_id = params[:post_category_id]
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
PostCategoryMembership.where(:post_id => post_id, :post_category_id => cat_id).destroy_all
|
|
249
|
+
if post && PostCategoryMembership.exists?(:post_id => post.id, :post_category_id => cat_id)
|
|
250
|
+
PostCategoryMembership.where(:post_id => post.id, :post_category_id => cat_id).destroy_all
|
|
268
251
|
end
|
|
269
|
-
|
|
270
252
|
render :json => true
|
|
271
253
|
end
|
|
272
254
|
|
|
273
255
|
# @route DELETE /admin/posts/:id
|
|
274
256
|
def admin_delete
|
|
275
257
|
return if !user_is_allowed('posts', 'edit')
|
|
276
|
-
|
|
277
|
-
post_id
|
|
278
|
-
|
|
279
|
-
Post.where(:id => post_id).destroy_all
|
|
280
|
-
|
|
258
|
+
post = get_edit_post(params[:id], @site.id)
|
|
259
|
+
PostCategoryMembership.where(:post_id => post.id).destroy_all if post
|
|
260
|
+
Post.where(:id => post.id).destroy_all if post
|
|
281
261
|
render :json => { 'redirect' => '/admin/posts' }
|
|
282
262
|
end
|
|
263
|
+
|
|
264
|
+
private
|
|
265
|
+
|
|
266
|
+
def get_edit_post(post_id, site_id)
|
|
267
|
+
post = Post.find(post_id)
|
|
268
|
+
return post if post && (post.site_id == site_id || logged_in_user.is_super_admin?)
|
|
269
|
+
return nil
|
|
270
|
+
end
|
|
283
271
|
|
|
284
272
|
end
|
|
285
273
|
end
|
|
@@ -24,7 +24,7 @@ module Caboose
|
|
|
24
24
|
# @route GET /admin/roles/:id
|
|
25
25
|
def edit
|
|
26
26
|
return unless user_is_allowed('roles', 'edit')
|
|
27
|
-
@role =
|
|
27
|
+
@role = get_edit_role(params[:id], @site.id)
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
# @route POST /admin/roles
|
|
@@ -56,7 +56,7 @@ module Caboose
|
|
|
56
56
|
return unless user_is_allowed('roles', 'edit')
|
|
57
57
|
|
|
58
58
|
resp = StdClass.new
|
|
59
|
-
role =
|
|
59
|
+
role = get_edit_role(params[:id], @site.id)
|
|
60
60
|
|
|
61
61
|
save = true
|
|
62
62
|
params.each do |name,value|
|
|
@@ -99,7 +99,7 @@ module Caboose
|
|
|
99
99
|
# @route DELETE /admin/roles/:id
|
|
100
100
|
def destroy
|
|
101
101
|
return unless user_is_allowed('roles', 'delete')
|
|
102
|
-
@role =
|
|
102
|
+
@role = get_edit_role(params[:id], @site.id)
|
|
103
103
|
@role.destroy
|
|
104
104
|
render json: { 'redirect' => '/admin/roles' }
|
|
105
105
|
end
|
|
@@ -107,8 +107,9 @@ module Caboose
|
|
|
107
107
|
# @route POST /admin/roles/:id/permissions/:permission_id
|
|
108
108
|
def add_permission
|
|
109
109
|
return if !user_is_allowed('roles', 'edit')
|
|
110
|
-
|
|
111
|
-
|
|
110
|
+
role = get_edit_role(params[:id], @site.id)
|
|
111
|
+
if role && !RolePermission.where(:role_id => role.id, :permission_id => params[:permission_id], ).exists?
|
|
112
|
+
RolePermission.create(:role_id => role.id, :permission_id => params[:permission_id])
|
|
112
113
|
end
|
|
113
114
|
render :json => true
|
|
114
115
|
end
|
|
@@ -116,7 +117,8 @@ module Caboose
|
|
|
116
117
|
# @route DELETE /admin/roles/:id/permissions/:permission_id
|
|
117
118
|
def remove_permission
|
|
118
119
|
return if !user_is_allowed('roles', 'edit')
|
|
119
|
-
|
|
120
|
+
role = get_edit_role(params[:id], @site.id)
|
|
121
|
+
RolePermission.where(:role_id => role.id, :permission_id => params[:permission_id]).destroy_all if role
|
|
120
122
|
render :json => true
|
|
121
123
|
end
|
|
122
124
|
|
|
@@ -143,5 +145,16 @@ module Caboose
|
|
|
143
145
|
end
|
|
144
146
|
return arr
|
|
145
147
|
end
|
|
148
|
+
|
|
149
|
+
|
|
150
|
+
private
|
|
151
|
+
|
|
152
|
+
def get_edit_role(role_id, site_id)
|
|
153
|
+
role = Role.find(role_id)
|
|
154
|
+
return role if role && (role.site_id == site_id || logged_in_user.is_super_admin?)
|
|
155
|
+
return nil
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
|
|
146
159
|
end
|
|
147
160
|
end
|
|
@@ -46,6 +46,10 @@ module Caboose
|
|
|
46
46
|
# @route GET /admin/sites/json
|
|
47
47
|
def admin_json
|
|
48
48
|
return if !user_is_allowed('sites', 'view')
|
|
49
|
+
if !@site.is_master
|
|
50
|
+
@error = "You are not allowed to view sites."
|
|
51
|
+
render :file => 'caboose/extras/error' and return
|
|
52
|
+
end
|
|
49
53
|
h = {
|
|
50
54
|
'name' => '',
|
|
51
55
|
'description' => '',
|
|
@@ -68,14 +72,14 @@ module Caboose
|
|
|
68
72
|
# @route GET /admin/sites/:id/json
|
|
69
73
|
def admin_json_single
|
|
70
74
|
return if !user_is_allowed('sites', 'view')
|
|
71
|
-
site =
|
|
75
|
+
site = get_edit_site(params[:id], @site.id)
|
|
72
76
|
render :json => site.as_json(:include => :domains)
|
|
73
77
|
end
|
|
74
78
|
|
|
75
79
|
# @route GET /admin/sites/new
|
|
76
80
|
def admin_new
|
|
77
81
|
return if !user_is_allowed('sites', 'add')
|
|
78
|
-
if
|
|
82
|
+
if !@site.is_master
|
|
79
83
|
@error = "You are not allowed to edit this site."
|
|
80
84
|
render :file => 'caboose/extras/error' and return
|
|
81
85
|
end
|
|
@@ -299,6 +303,7 @@ module Caboose
|
|
|
299
303
|
# @route GET /admin/sites/:id/:field-options
|
|
300
304
|
def options
|
|
301
305
|
return if !user_is_allowed('sites', 'view')
|
|
306
|
+
render :json => { :error => "You are not allowed to manage sites." } and return if !@site.is_master
|
|
302
307
|
case params[:field]
|
|
303
308
|
when nil
|
|
304
309
|
options = logged_in_user.is_super_admin? ? Site.reorder('name').all.collect { |s| { 'value' => s.id, 'text' => s.name }} : []
|
|
@@ -312,5 +317,14 @@ module Caboose
|
|
|
312
317
|
render :json => options
|
|
313
318
|
end
|
|
314
319
|
|
|
320
|
+
|
|
321
|
+
private
|
|
322
|
+
|
|
323
|
+
def get_edit_site(s_id, site_id)
|
|
324
|
+
site = Site.find(s_id)
|
|
325
|
+
return site if site && (site.id == site_id || logged_in_user.is_super_admin?)
|
|
326
|
+
return nil
|
|
327
|
+
end
|
|
328
|
+
|
|
315
329
|
end
|
|
316
330
|
end
|
|
@@ -12,13 +12,6 @@ module Caboose
|
|
|
12
12
|
def admin_add
|
|
13
13
|
body = JSON.parse(request.raw_post, {symbolize_names: true})
|
|
14
14
|
Caboose.log(body)
|
|
15
|
-
# if body[:Records]
|
|
16
|
-
# records = body[:Records]
|
|
17
|
-
# # if body[:Type] && body[:Type] == "SubscriptionConfirmation"
|
|
18
|
-
# # Caboose.log("SNS Subscription SubscribeURL\n#{body[:SubscribeURL]}")
|
|
19
|
-
# if records['eventSource'] == "aws:s3"
|
|
20
|
-
# msg = JSON.parse(body[:Message])
|
|
21
|
-
# if msg['Records']
|
|
22
15
|
if body && body[:Records]
|
|
23
16
|
body[:Records].each do |r|
|
|
24
17
|
if r[:eventName] && r[:eventName].starts_with?('ObjectCreated')
|
|
@@ -36,9 +29,6 @@ module Caboose
|
|
|
36
29
|
end
|
|
37
30
|
end
|
|
38
31
|
end
|
|
39
|
-
# end
|
|
40
|
-
# end
|
|
41
|
-
# end
|
|
42
32
|
render :json => true
|
|
43
33
|
end
|
|
44
34
|
|
|
@@ -37,7 +37,8 @@ module Caboose
|
|
|
37
37
|
'sort' => 'last_name, first_name',
|
|
38
38
|
'desc' => false,
|
|
39
39
|
'base_url' => '/admin/users',
|
|
40
|
-
'use_url_params' => false
|
|
40
|
+
'use_url_params' => false,
|
|
41
|
+
'additional_where' => [ "(site_id = #{@site.id})" ]
|
|
41
42
|
})
|
|
42
43
|
render :json => {
|
|
43
44
|
:pager => pager,
|
|
@@ -253,6 +254,8 @@ module Caboose
|
|
|
253
254
|
resp.error = "Username must be at least three characters."
|
|
254
255
|
elsif Caboose::User.where(:username => uname, :site_id => @site.id).where('id != ?',user.id).exists?
|
|
255
256
|
resp.error = "That username is already taken."
|
|
257
|
+
elsif uname == 'superadmin'
|
|
258
|
+
resp.error = "Choose a different username."
|
|
256
259
|
else
|
|
257
260
|
user.username = uname
|
|
258
261
|
end
|
|
@@ -3,12 +3,12 @@
|
|
|
3
3
|
|
|
4
4
|
<p><input type='button' value='< Back' onclick="window.location='/admin/roles';" /></p>
|
|
5
5
|
|
|
6
|
-
<div id="role_<%= @role.id %>_name"></div>
|
|
7
|
-
<div id="role_<%= @role.id %>_parent_id"></div>
|
|
8
|
-
<div id="role_<%= @role.id %>_description"></div>
|
|
6
|
+
<p><div id="role_<%= @role.id %>_name"></div></p>
|
|
7
|
+
<p><div id="role_<%= @role.id %>_parent_id"></div></p>
|
|
8
|
+
<p><div id="role_<%= @role.id %>_description"></div></p>
|
|
9
9
|
|
|
10
10
|
<h3>Members</h3>
|
|
11
|
-
<% users = Caboose::User.where(:site_id => @site.id).reorder("last_name, first_name").
|
|
11
|
+
<% users = Caboose::User.where(:site_id => @site.id).reorder("last_name, first_name").limit(100) %>
|
|
12
12
|
<% if users && users.count > 0 %>
|
|
13
13
|
<div id='members'>
|
|
14
14
|
<table class='data'>
|
|
@@ -59,7 +59,7 @@ user_ids = [] if user_ids.nil?
|
|
|
59
59
|
<div id='members'>
|
|
60
60
|
<table class='data'>
|
|
61
61
|
<tr><th>User</th><th>None</th><th>User</th><th>Admin</th></tr>
|
|
62
|
-
<% Caboose::User.where(:site_id => @site.id).reorder('last_name, first_name').
|
|
62
|
+
<% Caboose::User.where(:site_id => @site.id).reorder('last_name, first_name').limit(100).each do |u| %>
|
|
63
63
|
<tr>
|
|
64
64
|
<td><%= u.first_name %> <%= u.last_name %> (<%= u.email %>)</td>
|
|
65
65
|
<td align='center'><input type='radio' name='user<%= u.id %>' <%= !admin_ids.include?(u.id) && !user_ids.include?(u.id) ? "checked='true'" : '' %> onclick="remove_site_membership(<%= s.id %>, <%= u.id %>);" /></td>
|
data/lib/caboose/version.rb
CHANGED