cortex-reaver 0.0.7 → 0.0.8

data/bin/cortex_reaver

@@ -162,8 +162,11 @@ module CortexReaver
   when :migrate
     version = @values[:schema_version]
 
+    # Get ready
     reload_config
     setup_db false
+    init
+
     puts "Using database #{config[:database][:host]}/#{config[:database][:database]}."
 
     current_version = Sequel::Migrator.get_current_migration_version(db)

data/lib/cortex_reaver.rb

@@ -180,14 +180,20 @@ module CortexReaver
     # Shutdown callback
     at_exit do
       # Unlink templates
-      Find.find(config[:view_root]) do |path|
-        if File.symlink? path # TODO: identify link target
-          begin
-            File.delete path
-          rescue => e
-            Ramaze::Log.error "Unable to unlink symlinked view #{path}: #{e}"
+      begin
+        if config[:view_root]
+          Find.find(config[:view_root]) do |path|
+            if File.symlink? path # TODO: identify link target
+              begin
+                File.delete path
+              rescue => e
+                Ramaze::Log.error "Unable to unlink symlinked view #{path}: #{e}"
+              end
+            end
           end
         end
+      rescue => e2
+        Ramaze::Log.error "Unable to unlink symlinked views in #{config[:view_root]}: #{e}"
       end
 
       # Remove pidfile

data/lib/cortex_reaver/controller/admin.rb

@@ -8,11 +8,26 @@ module CortexReaver
     helper :error,
       :auth,
       :form,
-      :workflow
+      :workflow,
+      :aspect
     
+    before_all do
+      require_roles :admin
+    end
+
     def index
     end
 
+    # Recalculate comment counts
+    def update_comments
+      [Journal, Page, Project, Photograph].each do |klass|
+        klass.refresh_comment_counts
+      end
+
+      flash[:notice] = "Comment counts updated."
+      redirect Rs()
+    end
+
     # Recalculate tag counts and vacuum unused tags
     def update_tags
       @updated = Tag.refresh_counts

data/lib/cortex_reaver/controller/comment.rb

@@ -34,7 +34,7 @@ module CortexReaver
       # User-specific properties
       if session[:user]
         # A user is logged in.
-        comment.user = session[:user]
+        comment.creator = session[:user]
       else
         # Save the anonymous comment.
         comment.name = request[:name].blank? ? nil : request[:name]
@@ -43,6 +43,10 @@ module CortexReaver
       end
     end
 
+    on_update do |journal, request|
+      journal.updater = session[:user]
+    end
+
     for_feed do |comment, x|
       x.content comment.body_cache, :type => 'html'
     end
@@ -84,7 +88,7 @@ module CortexReaver
 
           if session[:user]
             # A user is logged in. Use their account.
-            @comment.user = session[:user]
+            @comment.creator = session[:user]
           else
             # Use anonymous info, if it won't conflict.
             if User.filter(:email => request[:email]).count > 0

data/lib/cortex_reaver/controller/documentation.rb

@@ -6,5 +6,8 @@ module CortexReaver
 
     def formatting
     end
+
+    def users
+    end
   end
 end

data/lib/cortex_reaver/controller/journal.rb

@@ -34,7 +34,14 @@ module CortexReaver
     on_save do |journal, request|
       journal.title = request[:title]
       journal.name = Journal.canonicalize(request[:name], :id => journal.id)
-      journal.user = session[:user]
+    end
+
+    on_create do |journal, request|
+      journal.creator = session[:user]
+    end
+
+    on_update do |journal, request|
+      journal.updater = session[:user]
     end
 
     for_feed do |journal, x|

data/lib/cortex_reaver/controller/main.rb

@@ -24,9 +24,13 @@ module CortexReaver
       if not ids.empty? and @page = Page.get(ids)
         # Render that page.
         @title = @page.title
-        
-        workflow "Edit this page", R(PageController, :edit, @page.id)
-        workflow "Delete this page", R(PageController, :delete, @page.id)
+       
+        if user.can_edit? Page.new
+          workflow "Edit this page", R(PageController, :edit, @page.id)
+        end
+        if user.can_delete? Page.new
+          workflow "Delete this page", R(PageController, :delete, @page.id)
+        end
 
         render_template 'pages/show'
       elsif not ids.empty?
@@ -42,10 +46,18 @@ module CortexReaver
           @sidebar.unshift render_template('photographs/sidebar.rhtml')
         end
 
-        workflow "New Journal", R(JournalController, :new)
-        workflow "New Page", R(PageController, :new)
-        workflow "New Photograph", R(PhotographController, :new)
-        workflow "New Project", R(ProjectController, :new)
+        if user.can_create? Journal.new
+          workflow "New Journal", R(JournalController, :new)
+        end
+        if user.can_create? Page.new
+          workflow "New Page", R(PageController, :new)
+        end
+        if user.can_create? Photograph.new
+          workflow "New Photograph", R(PhotographController, :new)
+        end
+        if user.can_create? Project.new
+          workflow "New Project", R(ProjectController, :new)
+        end
 
         feed 'Photographs', Rs(PhotographController, :atom)
         feed 'Journals', Rs(JournalController, :atom)

data/lib/cortex_reaver/controller/page.rb

@@ -30,7 +30,14 @@ module CortexReaver
       page.page_id = request[:page_id]
       page.name = Page.canonicalize request[:name], :id => page.id, :page_id => page.page_id
       page.body = request[:body]
-      page.user = session[:user]
+    end
+
+    on_create do |page, request|
+      page.creator = session[:user]
+    end
+
+    on_update do |page, request|
+      page.updater = session[:user]
     end
   end
 end

data/lib/cortex_reaver/controller/photograph.rb

@@ -31,7 +31,6 @@ module CortexReaver
     on_save do |photograph, request|
       photograph.title = request[:title]
       photograph.name = Photograph.canonicalize request[:name], :id => photograph.id
-      photograph.user = session[:user]
     end
 
     on_second_save do |photograph, request|
@@ -39,7 +38,15 @@ module CortexReaver
       photograph.image = request[:image][:tempfile] if request[:image]
       photograph.infer_date_from_exif! if request[:infer_date]
 
-      MainController.action_cache.clear
+      MainController.send(:action_cache).clear
+    end
+
+    on_create do |photograph, request|
+      photograph.creator = session[:user]
+    end
+
+    on_update do |photograph, request|
+      photograph.updater = session[:user]
     end
 
     for_feed do |photograph, x|

data/lib/cortex_reaver/controller/project.rb

@@ -33,7 +33,14 @@ module CortexReaver
       project.description = request[:description]
       project.name = Project.canonicalize request[:name], :id => project.id
       project.body = request[:body]
-      project.user = session[:user]
+    end
+
+    on_create do |project, request|
+      project.creator = session[:user]
+    end
+
+    on_update do |project, request|
+      project.updater = session[:user]
     end
 
     for_feed do |project, x|

data/lib/cortex_reaver/controller/user.rb

@@ -25,6 +25,9 @@ module CortexReaver
       user.http = request[:http]
       user.email = request[:email]
       user.admin = request[:admin] || false
+      user.editor = request[:editor] || false
+      user.contributor = request[:contributor] || false
+      user.moderator = request[:moderator] || false
 
       unless request[:password].blank? and request[:password_confirmation].blank?
         # Set password
@@ -35,7 +38,9 @@ module CortexReaver
 
     # Listing users outright is a little dodgy.
     before :index do
-      require_admin
+      for_auth do |u|
+        u.admin?
+      end
     end
 
     def login

data/lib/cortex_reaver/helper/attachments.rb

@@ -6,13 +6,16 @@ module Ramaze
 
       # Deletes an attachment on a model identified by id.
       def delete_attachment(id, name)
-        require_admin
-        
         unless @model = model_class.get(id)
           flash[:error] = "No such #{model_class.to_s.downcase} (#{h id}) exists."
           redirect Rs()
         end
 
+        # You need to be able to edit the model before removing attachments!
+        for_auth do |u|
+          u.can_edit? @model
+        end
+
         unless attachment = @model.attachment(name)
           flash[:error] = "No such attachment (#{h name}) exists."
           redirect @model.url

data/lib/cortex_reaver/helper/auth.rb

@@ -7,6 +7,20 @@ module Ramaze
         u = session[:user] and u.admin?
       end
 
+      def for_auth(&block)
+        unless yield user
+          # Failed block
+          if session[:user]
+            flash[:error] = "You don't have permission to do this."
+            redirect :/
+          else
+            flash[:notice] = "Please log in first."
+            session[:target_uri] = request.request_uri
+            redirect R('/users', :login)
+          end
+        end
+      end
+
       # Tries to log in a user by login and password. If successful, sets
       # session[:user] to the user and returns that user. Otherwise returns
       # false.
@@ -24,19 +38,19 @@ module Ramaze
         session.delete :user
       end
 
-      def require_admin
-        if session[:user] and session[:user].admin?
-          true
-        elsif session[:user]
-          flash[:error] = "You must have administrative privileges to do this."
-          redirect :/
-        else
-          flash[:notice] = "Please log in first."
-          session[:target_uri] = request.request_uri
-          redirect R('/users', :login)
+      def require_roles(*roles)
+        for_auth do |u|
+          roles.any? do |role|
+            u.send role
+          end
         end
       end
 
+      # Shortcut for current user or an anonymous proxy
+      def user
+        session[:user] || CortexReaver::User.new(:name => 'Anonymous')
+      end
+
       def error_403
         respond 'Forbidden', 403
       end

data/lib/cortex_reaver/helper/crud.rb

@@ -94,7 +94,10 @@ module Ramaze
 
           # This action can't be in the normal module body, or it breaks things.
           def new
-            require_admin
+            # You need to be able to create one of these.
+            for_auth do |u|
+              u.can_create? model_class.new
+            end
 
             @title = "New #{h model_class.to_s.demodulize.titleize}"
             @form_action = :new
@@ -174,9 +177,11 @@ module Ramaze
       end
 
       def delete(id)
-        require_admin
-
         if @model = model_class[id]
+          for_auth do |u|
+            u.can_edit? @model
+          end
+
           if @model.destroy
             flash[:notice] = "#{model_class.to_s.demodulize.downcase} #{h @model.to_s} deleted."
             redirect Rs()
@@ -191,9 +196,11 @@ module Ramaze
       end
 
       def edit(id = nil)
-        require_admin
-
         if @model = model_class[id]
+          for_auth do |u|
+            u.can_edit? @model
+          end
+        
           @title = "Edit #{model_class.to_s.demodulize.downcase} #{h @model.to_s}"
           @form_action = "edit/#{@model.id}"
 
@@ -270,7 +277,9 @@ module Ramaze
 
         set_plural_model_var @models
 
-        workflow "New #{model_class.to_s.demodulize}", Rs(:new)
+        if user.can_create? model_class.new
+          workflow "New #{model_class.to_s.demodulize}", Rs(:new)
+        end
 
         render_template :list
       end
@@ -284,24 +293,30 @@ module Ramaze
           @title = h @model.to_s
           set_singular_model_var @model
 
-          # Retrieve pending comment from session, if applicable.
-          if comment = session[:pending_comment] and comment.parent == @model
-            @new_comment = session.delete :pending_comment
-          else
-            # Create a comment to be posted
-            @new_comment = CortexReaver::Comment.new
-            @new_comment.send("#{model_class.to_s.demodulize.underscore.downcase}=", @model)
-          end
+          if @model.class.associations.include? :comments
+            # Retrieve pending comment from session, if applicable.
+            if comment = session[:pending_comment] and comment.parent == @model
+              @new_comment = session.delete :pending_comment
+            else
+              # Create a comment to be posted
+              @new_comment = CortexReaver::Comment.new
+              @new_comment.send("#{model_class.to_s.demodulize.underscore.downcase}=", @model)
+            end
 
-          if session[:user]
-            @new_comment.user = session[:user]
+            if session[:user]
+              @new_comment.creator = session[:user]
+            end
           end
           
-          # ID component of edit/delete links
-
-          workflow "New #{model_class.to_s.demodulize}", Rs(:new)
-          workflow "Edit this #{model_class.to_s.demodulize}", Rs(:edit, @model.id)
-          workflow "Delete this #{model_class.to_s.demodulize}", Rs(:delete, @model.id)
+          if user.can_create? model_class.new
+            workflow "New #{model_class.to_s.demodulize}", Rs(:new)
+          end
+          if user.can_edit? @model
+            workflow "Edit this #{model_class.to_s.demodulize}", Rs(:edit, @model.id)
+          end
+          if user.can_delete? @model
+            workflow "Delete this #{model_class.to_s.demodulize}", Rs(:delete, @model.id)
+          end
           
           render_template :show
         elsif id

data/lib/cortex_reaver/helper/feeds.rb

@@ -77,10 +77,10 @@ module Ramaze
               x.link :href => (url_base + model.url), :rel => 'alternate'
 
               x.author do
-                x.name model.user.name
+                x.name model.creator.name
 
-                if model.user.http
-                  x.uri model.user.http
+                if model.creator.http
+                  x.uri model.creator.http
                 end
               end
 

data/lib/cortex_reaver/helper/navigation.rb

@@ -121,15 +121,15 @@ module Ramaze
       end
 
       # Returns a link to a user.
-      def user_link(x)
+      def user_link(x, who=:creator)
         case x
         when CortexReaver::User
           name = x.name || x.login
           A(name, :href => x.url)
         when CortexReaver::Comment
-          if x.user
-            # Use attached user
-            user_link x.user
+          if x.send(who)
+            # Use attached creator/whoever
+            user_link x.send(who)
           else
             # Use anonymous info
             name = x.name || x.email || 'Anonymous'
@@ -146,8 +146,8 @@ module Ramaze
             end
           end
         else
-          if x.respond_to? :user
-            user_link x.user
+          if x.respond_to? who
+            user_link x.send(who)
           else
             raise ArgumentError.new("don't know how to make a user link to #{x.inspect}")
           end

data/lib/cortex_reaver/migrations/010_pageparents.rb

@@ -2,8 +2,9 @@ module CortexReaver
   class PageparentsSchema < Sequel::Migration
     def down
       alter_table :pages do
-        drop_index :page_id
-        drop_column :page_id
+        # Can't undo this cleanly yet. Fracking mysql. :/
+#       drop_index :page_id
+#       drop_column :page_id
       end
     end
 

data/lib/cortex_reaver/migrations/011_user_roles.rb

@@ -0,0 +1,19 @@
+module CortexReaver
+  class UserrolesSchema < Sequel::Migration
+    def down
+      alter_table :users do
+        drop_column :contributor
+        drop_column :editor
+        drop_column :moderator
+      end
+    end
+    
+    def up
+      alter_table :users do
+        add_column :contributor, :boolean, :default => false
+        add_column :editor, :boolean, :default => false
+        add_column :moderator, :boolean, :default => false
+      end
+    end
+  end
+end

data/lib/cortex_reaver/migrations/012_created_by_edited_by.rb

@@ -0,0 +1,23 @@
+module CortexReaver
+  class CreatedbyeditedbySchema < Sequel::Migration
+    def down
+      [:journals, :comments, :pages, :photographs, :projects].each do |table|
+        alter_table table do
+          rename_column :created_by, :user_id, :type => :integer
+          # Can't do this yet.
+#          drop_column :updated_by
+        end
+      end
+    end
+    
+    def up
+      [:journals, :comments, :pages, :photographs, :projects].each do |table|
+        alter_table table do
+          rename_column :user_id, :created_by, :type => :integer
+          add_foreign_key :updated_by, :users, :key => :id
+          add_index :updated_by
+        end
+      end
+    end
+  end
+end

data/lib/cortex_reaver/model/comment.rb

@@ -6,7 +6,8 @@ module CortexReaver
     include CortexReaver::Model::Comments
     include CortexReaver::Model::Sequenceable
     
-    belongs_to :user, :class => 'CortexReaver::User'
+    belongs_to :creator, :class => 'CortexReaver::User', :key => 'created_by'
+    belongs_to :updater, :class => 'CortexReaver::User', :key => 'updated_by'
     belongs_to :journal, :class => 'CortexReaver::Journal'
     belongs_to :project, :class => 'CortexReaver::Project'
     belongs_to :photograph, :class => 'CortexReaver::Photograph'
@@ -65,7 +66,8 @@ module CortexReaver
       parent.skip_timestamp_update = true
       parent.save
     end
-    after_save(:refresh_parent_comment_count) do
+    
+    after_create(:increment_parent_comment_count) do
       # WARNING: If we *reparent* comments as opposed to just posting, this will break.
       parent = self.parent
       parent.comment_count += 1

data/lib/cortex_reaver/model/journal.rb

@@ -10,7 +10,8 @@ module CortexReaver
     include CortexReaver::Model::Sequenceable
 
     many_to_many :tags, :class => 'CortexReaver::Tag'
-    belongs_to :user, :class => 'CortexReaver::User'
+    belongs_to :creator, :class => 'CortexReaver::User', :key => 'created_by'
+    belongs_to :updater, :class => 'CortexReaver::User', :key => 'updated_by'
     has_many :comments, :class => 'CortexReaver::Comment'
 
     validates do

data/lib/cortex_reaver/model/page.rb

@@ -11,7 +11,8 @@ module CortexReaver
 
     belongs_to :page, :class => 'CortexReaver::Page'
     has_many   :pages, :class => 'CortexReaver::Page'
-    belongs_to :user, :class => 'CortexReaver::User'
+    belongs_to :creator, :class => 'CortexReaver::User', :key => 'created_by'
+    belongs_to :updater, :class => 'CortexReaver::User', :key => 'updated_by' 
     has_many   :comments, :class => 'CortexReaver::Comment'
     many_to_many :tags, :class => 'CortexReaver::Tag'
 

data/lib/cortex_reaver/model/photograph.rb

@@ -18,7 +18,8 @@ module CortexReaver
     }
 
     many_to_many :tags, :class => 'CortexReaver::Tag'
-    belongs_to :user, :class => 'CortexReaver::User'
+    belongs_to :creator, :class => 'CortexReaver::User', :key => 'created_by'
+    belongs_to :updater, :class => 'CortexReaver::User', :key => 'updated_by'
     has_many :comments, :class => 'CortexReaver::Comment'
 
     validates do

data/lib/cortex_reaver/model/project.rb

@@ -10,7 +10,8 @@ module CortexReaver
     include CortexReaver::Model::Sequenceable
 
     many_to_many :tags, :class => 'CortexReaver::Tag'
-    belongs_to :user, :class => 'CortexReaver::User'
+    belongs_to :creator, :class => 'CortexReaver::User', :key => 'created_by'
+    belongs_to :updater, :class => 'CortexReaver::User', :key => 'updated_by'
     has_many :comments, :class => 'CortexReaver::Comment'
 
     validates do

data/lib/cortex_reaver/model/user.rb

@@ -5,11 +5,16 @@ module CortexReaver
     include CortexReaver::Model::Timestamps
     include CortexReaver::Model::Sequenceable
 
-    has_many :comments, :class => 'CortexReaver::Comment'
-    has_many :journals, :class => 'CortexReaver::Journal'
-    has_many :pages, :class => 'CortexReaver::Page'
-    has_many :photographs, :class => 'CortexReaver::Photograph'
-    has_many :projects, :class => 'CortexReaver::Project'
+    has_many :created_comments, :key => 'created_by', :class => 'CortexReaver::Comment'
+    has_many :created_journals, :key => 'created_by', :class => 'CortexReaver::Journal'
+    has_many :created_pages, :key => 'created_by', :class => 'CortexReaver::Page'
+    has_many :created_photographs, :key => 'created_by', :class => 'CortexReaver::Photograph'
+    has_many :created_projects, :key => 'created_by', :class => 'CortexReaver::Project'
+    has_many :updated_comments, :key => 'updated_by', :class => 'CortexReaver::Comment'
+    has_many :updated_journals, :key => 'updated_by', :class => 'CortexReaver::Journal'
+   has_many :updated_pages, :key => 'updated_by', :class => 'CortexReaver::Page'
+    has_many :updated_photographs, :key => 'updated_by', :class => 'CortexReaver::Photograph'
+    has_many :updated_projects, :key => 'updated_by', :class => 'CortexReaver::Project'
 
     validates do
       uniqueness_of :login
@@ -29,10 +34,9 @@ module CortexReaver
       end
     end
 
-    # Ensure an administrator is always available. TODO: This is probably
-    # subject to a race condition, especially between servers. Backup plan?
+    # Ensure an administrator is always available.
     validates_each :admin do |object, attribute, value|
-      if User.filter(:admin => true).count == 1 and not value
+      if admins = User.filter(:admin => true) and admins.size == 1 and admins.first.id == self.id and not value
         object.errors[attribute] << "can't be unset; only one administrator left!"
       end
     end
@@ -48,7 +52,7 @@ module CortexReaver
         nil
       end
     end
-
+    
     # CRUD uses this to construct URLs. Even though we don't need the full
     # power of Canonical, CRUD is pretty useful. :)
     def self.canonical_name_attr
@@ -74,6 +78,80 @@ module CortexReaver
       end
     end
 
+    def can_create?(other)
+      if admin?
+        # Administrators may create anything
+        true
+      elsif contributor?
+        # Contributors may create anything but users
+        case other
+        when User
+          false
+        else
+          true
+        end
+      else
+        # Anyone may create a comment.
+        case other
+        when Comment
+          true
+        else
+          false
+        end
+      end
+    end
+
+    def can_delete?(other)
+      if admin?
+        # Administrators may delete anything
+        true
+      elsif other.respond_to? :created_by and other.created_by == self.id
+        # Anybody may delete their own records.
+        true
+      elsif editor? and not User === other
+        # Editors may delete anything but users.
+        true
+      elsif moderator? and Comment === other
+        # Moderators may delete comments.
+        true
+      else
+        false
+      end
+    end
+
+    def can_edit?(other)
+      if admin?
+        # Administrators may edit anything
+        true
+      elsif other.respond_to? :created_by and other.created_by == self.id
+        # Anybody may edit their own records
+        true
+      elsif editor? and not User === other
+        # Editors may edit anything but other users.
+        true
+      elsif moderator and Comment === other
+        # Moderators may edit comments
+        true
+      else
+        false
+      end
+    end
+
+    # Returns true if user is a contributor
+    def contributor?
+      self.contributor
+    end
+
+    # Returns true if user is an editor
+    def editor?
+      self.editor
+    end
+
+    # Returns true if user is a moderator
+    def moderator?
+      self.moderator
+    end
+
     # Set user password
     def password=(password)
       self.salt ||= self.class.new_salt

data/lib/cortex_reaver/support/comments.rb

@@ -5,7 +5,7 @@ module CortexReaver
       def self.included(base)
         base.class_eval do
           # When we delete a model that has comments, remove the comments too.
-          before_delete(:drop_comments) do
+          before_destroy(:drop_comments) do
             comments = self.comments
             remove_all_comments
             comments.each do |comment|

data/lib/cortex_reaver/version.rb

@@ -1,6 +1,6 @@
 module CortexReaver
   APP_NAME = 'Cortex Reaver'
-  APP_VERSION = '0.0.7'
+  APP_VERSION = '0.0.8'
   APP_AUTHOR = 'aphyr'
   APP_EMAIL = 'aphyr@aphyr.com'
   APP_URL = 'http://aphyr.com'

data/lib/cortex_reaver/view/admin/index.rhtml

@@ -1,5 +1,6 @@
 <h2>Administration</h2>
 
 <ul>
+  <li><%= A('Update comment counts', :href => Rs(:update_comments)) %></li>
   <li><%= A('Update tags', :href => Rs(:update_tags)) %></li>
 </ul>

data/lib/cortex_reaver/view/adminbox.rhtml

@@ -1,5 +1,5 @@
 <div id="adminbox">
-  <% if admin? %>
+  <% if user.admin? or user.contributor? or user.editor? or user.moderator? %>
     <table class="actions-table">
       <tr>
         <td class="title">Sections</td>
@@ -11,8 +11,10 @@
             <li><a href="/photographs">Photographs</a></li>
             <li><a href="/comments">Comments</a></li>
             <li><a href="/tags">Tags</a></li>
-            <li><a href="/users">Users</a></li>
-            <li><a href="/admin">Admin</a></li>
+            <% if user.admin? %>
+              <li><a href="/users">Users</a></li>
+              <li><a href="/admin">Admin</a></li>
+            <% end %>
           </ul>
         </td>
       </tr>

data/lib/cortex_reaver/view/comments/comment.rhtml

@@ -14,10 +14,12 @@
         <img src="/images/comment.gif" class="icon" alt="comment" />
         <%= @comment.comment_count %> <%= @comment.comment_count == 1 ? 'comment' : 'comments' %>
       </a></li>
-      <% if admin? %>
+      <% if user.can_edit? @comment %>
         <li><a href="/comments/edit/<%= @comment.id %>">
           <img src="/images/edit.gif" class="icon" alt="edit" /> Edit
         </a></li>
+      <% end %>
+      <% if user.can_delete? @comment %>
         <li>
           <%= A '<img src="/images/delete.gif" class="icon" alt="delete" /> Delete', :href => "/comments/delete/#{@comment.id}", :onclick => "return confirm('Are you sure you wish to delete this comment?');" %></li>
       <% end %>

data/lib/cortex_reaver/view/comments/post_form.rhtml

@@ -26,7 +26,7 @@
       <textarea name="comment" id="comment"></textarea>
     </p>
     
-    <% unless @new_comment.user %>
+    <% unless @new_comment.creator %>
       <%= form_p :name, :model => @new_comment %>
       <%= form_p :email, :model => @new_comment %>
       <%= form_p :http, :model => @new_comment %>

data/lib/cortex_reaver/view/documentation/users.rhtml

@@ -0,0 +1,21 @@
+<div class="documentation">
+  <h2>Cortex Reaver Users</h2>
+  
+  <p>Cortex Reaver has several roles which may apply to any user. These roles control what actions a user may perform.</p>
+
+  <dl>
+    <dt>Admin</dt>
+    <dd>Administrators may do anything: create, read, edit, and delete any post, journal, page, photograph, comment, or user, as well as performing maintenance.</dd>
+    
+    <dt>Contributor</dt>
+    <dd>Contributors may create journals, pages, posts, etc., but can not affect users or site settings. They are also prohibited from editing or deleting work they did not create.
+    
+    <dt>Editor</dt>
+    <dd>Editors review site content. They have permission to edit and delete any journal, page, post, etc. They cannot manage users or site settings.</dd>
+
+    <dt>Moderator</dt>
+    <dd>Moderators may edit and delete comments, to facilitate discussion.</dd>
+  </dl>
+
+  <p>All users may read content, post comments, and edit their own created material.</p>
+</div>

data/lib/cortex_reaver/view/error.rhtml

@@ -1,4 +1,4 @@
-<% if admin? %>
+<% if user.admin? %>
   <link rel="stylesheet" href="/css/ramaze_error.css" />
   <script type="text/javascript" src="/js/jquery.js"></script>
 

data/lib/cortex_reaver/view/journals/journal.rhtml

@@ -2,7 +2,7 @@
   <h2><a id="journal_<%= @journal.name %>" href="<%= @journal.url %>"><%=h @journal.title %></a></h2>
   <div class="byline">
     <span class="written">
-      <%= user_link @journal.user %> on <%= date_line @journal %>
+      <%= user_link @journal.creator %> on <%= date_line @journal %>
     </span>
     <%= tags_on @journal %>
   </div>
@@ -16,11 +16,13 @@
         <img src="/images/comment.gif" class="icon" alt="comment" />
         <%= @journal.comment_count %> <%= @journal.comment_count == 1 ? 'comment' : 'comments' %>
       </a></li>
-      <% if admin? %>
+      <% if user.can_edit? @journal %>
         <li><a class="edit-link" href="/journals/edit/<%= @journal.id %>">
           <img src="/images/edit.gif" class="icon" alt="edit" /> Edit
         </a></li>
-        <li >
+      <% end %>
+      <% if user.can_delete? @journal %>
+        <li>
           <%= A '<img src="/images/delete.gif" class="icon" alt="delete" /> Delete', :href => "/journals/delete/#{@journal.id}", :onclick => "return confirm('Are you sure you want to delete this journal?');" %>
         </li>
       <% end %>

data/lib/cortex_reaver/view/pages/list.rhtml

@@ -4,8 +4,10 @@
       <tr>
         <th>Name</th>
         <th>Title</th>
-        <% if admin? %>
+        <% if user.can_edit? CortexReaver::Page.new %>
           <th></th>
+        <% end %>
+        <% if user.can_delete? CortexReaver::Page.new %>
           <th></th>
         <% end %>
       </tr>
@@ -15,8 +17,10 @@
         <tr>
           <td><%= A(page.name, :href => page.url) %></td>
           <td><%= page.title %></td>
-          <% if admin? %>
+          <% if user.can_edit? page %>
             <td><a href="/pages/edit/<%= page.id %>">Edit</a></td>
+          <% end %>
+          <% if user.can_delete? page %>
             <td><%= A 'Delete', :href => "/pages/delete/#{page.id}", :onclick => "return confirm('Are you sure you want to delete this page?');" %></td>
           <% end %>
         </tr>

data/lib/cortex_reaver/view/photographs/show.rhtml

@@ -18,7 +18,7 @@
             <li>
               <a href="<%= @photograph.absolute_window_url %>">Back to Thumbnails</a>
             </li>
-            <% if admin? %>
+            <% if user.can_edit? @photograph %>
               <li>
                 <%= A('Edit', :href => Rs(:edit, @photograph.id)) %>
               </li>

data/lib/cortex_reaver/view/projects/list.rhtml

@@ -5,8 +5,10 @@
       <tr>
         <th>Title</th>
         <th>Description</th>
-        <% if admin? %>
+        <% if user.can_edit? CortexReaver::Project.new %>
           <th></th>
+        <% end %>
+        <% if user.can_delete? CortexReaver::Project.new %>
           <th></th>
         <% end %>
       </tr>
@@ -16,8 +18,10 @@
         <tr>
           <td><%= A(project.title, :href => project.url) %></td>
           <td><%= project.description %></td>
-          <% if admin? %>
+          <% if user.can_edit? project %>
             <td><a href="/projects/edit/<%= project.name %>">Edit</a></td>
+          <% end %>
+          <% if user.can_delete? project %>
             <td><%= A 'Delete', :href => "/projects/delete/#{project.name}", :onclick => "return confirm('Are you sure you want to delete this project?');" %></td>
           <% end %>
         </tr>

data/lib/cortex_reaver/view/projects/show.rhtml

@@ -2,7 +2,7 @@
   <h2><a id="project_<%= @project.name %>" href="<%= @project.url %>"><%=h @project.title %></a></h2>
   <div class="byline">
     <span class="written">
-      <%= user_link @project.user %> on <%= date_line @project %>
+      <%= user_link @project.creator %> on <%= date_line @project %>
     </span>
     <%= tags_on @project %>
   </div>
@@ -17,10 +17,12 @@
         <img src="/images/comment.gif" class="icon" alt="comment" />
         <%= @project.comment_count %> <%= @project.comment_count == 1 ? 'comment' : 'comments' %>
       </a></li>
-      <% if admin? %>
+      <% if user.can_edit? @project %>
         <li><a href="/projects/edit/<%= @project.id %>">
           <img src="/images/edit.gif" class="icon" alt="edit" /> Edit
         </a></li>
+      <% end %>
+      <% if user.can_delete? @project %>
         <li><%= A '<img src="/images/delete.gif" class="icon" alt="delete" /> Delete', :href => "/projects/delete/#{@project.id}", :onclick => "return confirm('Are you sure you want to delete this project?');" %></li>
       <% end %>
     </ul> 

data/lib/cortex_reaver/view/tags/list.rhtml

@@ -4,8 +4,10 @@
     <thead>
       <tr>
         <th>Tag</th>
-        <% if admin? %>
+        <% if user.can_edit? CortexReaver::Tag.new %>
           <th></th>
+        <% end %>
+        <% if user.can_delete? CortexReaver::Tag.new %>
           <th></th>
         <% end %>
         <th>Popularity</th>
@@ -17,8 +19,10 @@
       <% @tags.each do |tag| %>
         <tr>
           <td class="title"><%= A(tag.title, :href => tag.url) %></td>
-           <% if admin? %>
-            <td><a href="/tags/edit/<%= tag.id %>">Edit</a></td>
+           <% if user.can_edit? tag %>
+             <td><a href="/tags/edit/<%= tag.id %>">Edit</a></td>
+           <% end %>
+           <% if user.can_delete? tag %>
             <td><%= A 'Delete', :href => "/tags/delete/#{tag.id}", :onclick => "return confirm('Are you sure you want to delete this tag?');" %></td>
           <% end %>
          <td class="count" style="width: <%= admin? ? 60 : 80 %>%"><div class="percent-bar" style="width: <%= tag.count.to_f / max_count * 100 %>%"><%= tag.count %></div></td>

data/lib/cortex_reaver/view/tags/show.rhtml

@@ -40,10 +40,12 @@
   </div>
   <div class="footer">
     <ul class="actions">
-      <% if admin? and @tags.size == 1 %>
+      <% if @tags.size == 1 and user.can_edit? @tags.first %>
         <li><a href="/tags/edit/<%= @tags.first.id %>">
           <img src="/images/edit.gif" class="icon" alt="comment" /> Edit
         </a></li>
+      <% end %>
+      <% if @tags.size == 1 and user.can_delete? @tags.first %>
         <li><%= A '<img src="/images/delete.gif" class="icon" alt="delete" /> Delete', :href => "/tags/delete/#{@tags.first.id}", :onclick => "return confirm('Are you sure you want to delete this tag?');" %></li>
       <% end %>
     </ul> 

data/lib/cortex_reaver/view/text_layout.rhtml

@@ -30,7 +30,7 @@
     <script type="text/javascript" src="/js/jquery.js"></script>
     <script type="text/javascript" defer="defer" src="/js/cookie.js"></script>
     <script type="text/javascript" defer="defer" src="/js/admin.js"></script>
-    <% if admin? %>
+    <% if user.admin? or user.contributor? or user.editor? or user.moderator? %>
       <script type="text/javascript" defer="defer" src="/js/autocompletefb.js"></script>
     <% end %>
   

data/lib/cortex_reaver/view/users/form.rhtml

@@ -9,7 +9,10 @@
   <%= form_p 'email', :description => 'E-mail', :model => @user %>
   <%= form_p 'password', :type => 'password'  %>
   <%= form_p 'password_confirmation', :type => 'password', :description => 'Confirm' %>
-  <%= form_p :admin, :model => @user, :type => 'checkbox', :description => 'Admin?' %>
+  <%= form_p :admin, :model => @user, :type => 'checkbox', :description => 'Administrator' %>
+  <%= form_p :editor, :model => @user, :type => 'checkbox', :description => 'Editor' %>
+  <%= form_p :contributor, :model => @user, :type => 'checkbox', :description => 'Contributor' %>
+  <%= form_p :moderator, :model => @user, :type => 'checkbox', :description => 'Moderator' %>
   <p>
     <input type="submit" />
   </p>

data/lib/cortex_reaver/view/users/list.rhtml

@@ -7,8 +7,10 @@
     <tr>
       <th>Login</th>
       <th>Name</th>
-      <% if admin? %>
+      <% if user.can_edit? CortexReaver::User.new %>
         <th></th>
+      <% end %>
+      <% if user.can_delete? CortexReaver::User.new %>
         <th></th>
       <% end %>
     </tr>
@@ -18,12 +20,14 @@
       <tr>
         <td><%= A(user.login, :href => user.url) %></td>
         <td><%= h user.name %></td>
-        <% if admin? %>
+        <% if session[:user].can_edit? user %>
           <td>
             <a class="edit-link" href="/users/edit/<%= user.id %>">
               <img src="/images/edit.gif" class="icon" alt="edit" /> Edit
             </a>
           </td>
+        <% end %>
+        <% if session[:user].can_delete? user %>
           <td>
             <%= A '<img src="/images/delete.gif" class="icon" alt="delete" /> Delete', :href => "/users/delete/#{user.id}", :onclick => "return confirm('Are you sure you want to delete this user?');" %>
           </td>

data/lib/cortex_reaver/view/users/show.rhtml

@@ -1,9 +1,6 @@
 <div class="user">
   <h2><a id="user_<%= @user.login %>" href="<%= @user.url %>">User <%=h @user.name %></a></h2>
   <div class="byline">
-    <% if @user.admin %>
-      Administrator,
-    <% end %>
     Created on <%= date_line @user %>
   </div>
   <div class="body">
@@ -26,8 +23,8 @@
   </div>
   <div class="footer">
     <ul class="actions">
-      <% if admin? %>
-        <li><a href="/users/edit/<%= @user.login %>">
+      <% if user.can_edit? @user %>
+        <li><a href="/users/edit/<%= @user.id %>">
           <img src="/images/edit.gif" class="icon" alt="comment" /> Edit
         </a></li>
         <li><%= A '<img src="/images/delete.gif" class="icon" alt="delete" /> Delete', :href => "/users/delete/#{@user.login}", :onclick => "return confirm('Are you sure you want to delete this user?');" %></li>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: cortex-reaver
 version: !ruby/object:Gem::Version 
-  version: 0.0.7
+  version: 0.0.8
 platform: ruby
 authors: 
 - aphyr
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-03-18 00:00:00 -05:00
+date: 2009-03-23 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -203,6 +203,7 @@ files:
 - lib/cortex_reaver/view/journals/form.rhtml
 - lib/cortex_reaver/view/blank_layout.rhtml
 - lib/cortex_reaver/view/documentation
+- lib/cortex_reaver/view/documentation/users.rhtml
 - lib/cortex_reaver/view/documentation/formatting.rhtml
 - lib/cortex_reaver/plugin.rb
 - lib/cortex_reaver/model
@@ -264,6 +265,7 @@ files:
 - lib/cortex_reaver/snippets/array.rb
 - lib/cortex_reaver/migrations
 - lib/cortex_reaver/migrations/004_photographs.rb
+- lib/cortex_reaver/migrations/011_user_roles.rb
 - lib/cortex_reaver/migrations/002_pages.rb
 - lib/cortex_reaver/migrations/005_projects.rb
 - lib/cortex_reaver/migrations/006_tags.rb
@@ -272,6 +274,7 @@ files:
 - lib/cortex_reaver/migrations/007_comments.rb
 - lib/cortex_reaver/migrations/009_mysql.rb
 - lib/cortex_reaver/migrations/001_users.rb
+- lib/cortex_reaver/migrations/012_created_by_edited_by.rb
 - lib/cortex_reaver/migrations/003_journals.rb
 - lib/cortex_reaver/version.rb
 - lib/cortex_reaver.rb