dm_cms 4.2.2.1 → 4.2.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 74181697b3c0b59038fb35a92caef0c15e8bebf4
4
- data.tar.gz: bce62a212728b510ea2bbfb44e8936268f5c15e2
3
+ metadata.gz: 318424545cbdec0781df43c99e5a76d488e0b3d9
4
+ data.tar.gz: f023f53a9384f293eee4c54d36a54336bfdf6e84
5
5
  SHA512:
6
- metadata.gz: 3cbc96dc2a87d103d2e6e4d225e518771c3254fc34dfe2933774c8697c062fb554a8968a5df8d9955609d31cd5491607dc5fe873ca587e53513574af69a38df6
7
- data.tar.gz: 7b67c179c6837c278d2d75c6e39c1a196e64004ce3e84d07340f5e7f3a3e8053867b6f31803602c61d1ffcccdea0d3fab7f637f1d4951e56f092b9bfe51b406f
6
+ metadata.gz: 678f4916b0bada5afa062f2ff768a01172897eb29dd5631c7a701a3774b855c69916bfc9945694423654e37b6f4f5a4d91a18f5eaacb1f5ac59f0dae7df0f342
7
+ data.tar.gz: 6daff2cce4b7097572cd69ec2890eacf40833221c740b6b45e03463c2d5a15783c483886c3b2eafba1edcb617c33ca0df170dc6a4fe881ad5fa02cfb9460e3f6
@@ -5,7 +5,7 @@ protected
5
5
 
6
6
  #------------------------------------------------------------------------------
7
7
  def authorize_access
8
- unless can?(:manage_content, :all)
8
+ unless can?(:access_content_section, :all)
9
9
  flash[:alert] = "Unauthorized Access!"
10
10
  redirect_to current_account.index_path
11
11
  end
@@ -6,20 +6,19 @@ class DmCms::Admin::CmsBlogsController < DmCms::Admin::AdminController
6
6
 
7
7
  #------------------------------------------------------------------------------
8
8
  def index
9
- @blogs = CmsBlog.all
9
+ authorize! :access_content_section, :all
10
+ @blogs = can?(:manage_content, :all) ? CmsBlog.all : CmsBlog.with_role(:manage_content, current_user)
10
11
  end
11
12
 
12
13
  #------------------------------------------------------------------------------
13
14
  def new
15
+ authorize! :manage_content, :all
14
16
  @blog = CmsBlog.new
15
17
  end
16
18
 
17
- #------------------------------------------------------------------------------
18
- def edit
19
- end
20
-
21
19
  #------------------------------------------------------------------------------
22
20
  def create
21
+ authorize! :manage_content, :all
23
22
  @blog = CmsBlog.new(cms_blog_params)
24
23
 
25
24
  if @blog.save
@@ -29,24 +28,38 @@ class DmCms::Admin::CmsBlogsController < DmCms::Admin::AdminController
29
28
  end
30
29
  end
31
30
 
31
+ #------------------------------------------------------------------------------
32
+ def edit
33
+ authorize! :manage_content, @blog
34
+ end
35
+
32
36
  #------------------------------------------------------------------------------
33
37
  def update
38
+ authorize! :manage_content, @blog
34
39
  if @blog.update_attributes(cms_blog_params)
35
40
  redirect_to admin_cms_blog_url(@blog), notice: 'Blog was successfully updated.'
36
41
  else
37
42
  render action: :edit
38
43
  end
39
44
  end
45
+
46
+ #------------------------------------------------------------------------------
47
+ def show
48
+ authorize! :manage_content, @blog
49
+ end
40
50
 
41
51
  #------------------------------------------------------------------------------
42
52
  def destroy
53
+ authorize! :manage_content, :all
43
54
  @blog.destroy
44
55
  redirect_to admin_cms_blogs_url
45
56
  end
46
57
 
47
58
  #------------------------------------------------------------------------------
48
59
  def sort
49
- @blog.update_attribute(:row_order_position, params[:item][:row_order_position])
60
+ if can :manage_content, :all
61
+ @blog.update_attribute(:row_order_position, params[:item][:row_order_position])
62
+ end
50
63
 
51
64
  #--- this action will be called via ajax
52
65
  render nothing: true
@@ -54,6 +67,7 @@ class DmCms::Admin::CmsBlogsController < DmCms::Admin::AdminController
54
67
 
55
68
  #------------------------------------------------------------------------------
56
69
  def blog_users
70
+ authorize! :manage_content, @blog
57
71
  respond_to do |format|
58
72
  format.json { render json: BlogUserDatatable.new(view_context, @blog) }
59
73
  end
@@ -63,6 +77,7 @@ class DmCms::Admin::CmsBlogsController < DmCms::Admin::AdminController
63
77
  # => user_id: add a single user
64
78
  #------------------------------------------------------------------------------
65
79
  def blog_add_member
80
+ authorize! :manage_content, @blog
66
81
  if !params[:user_id].blank?
67
82
  user = User.find(params[:user_id])
68
83
  @blog.add_member(user)
@@ -74,11 +89,43 @@ class DmCms::Admin::CmsBlogsController < DmCms::Admin::AdminController
74
89
 
75
90
  #------------------------------------------------------------------------------
76
91
  def blog_delete_member
92
+ authorize! :manage_content, @blog
77
93
  user = User.find(params[:user_id])
78
94
  @blog.remove_member(user)
79
95
  redirect_to admin_cms_blog_url(@blog), notice: "Blog access removed for #{user.full_name}"
80
96
  end
81
97
 
98
+ #------------------------------------------------------------------------------
99
+ def permissions
100
+ authorize! :manage_content, :all
101
+ if put_or_post?
102
+ if params[:user][:user_id]
103
+ user = User.find(params[:user][:user_id])
104
+ if user
105
+ roles = params[:user].delete(:roles)
106
+ [:manage_content].each do |role|
107
+ roles[role].as_boolean ? user.add_role(role, @blog) : user.remove_role(role, @blog)
108
+ end
109
+ user.save!
110
+ end
111
+ end
112
+ end
113
+ @content_managers = User.with_role(:content_manager)
114
+ @content_managers_alacarte = User.with_role(:content_manager_alacarte)
115
+ end
116
+
117
+ #------------------------------------------------------------------------------
118
+ def ajax_toggle_permission
119
+ authorize! :manage_content, :all
120
+ user = User.find(params[:user_id])
121
+ role = params[:role].to_sym
122
+ if user && [:manage_content].include?(role)
123
+ user.has_role?(role, @blog) ? user.remove_role(role, @blog) : user.add_role(role, @blog)
124
+ user.save!
125
+ end
126
+ render nothing: true
127
+ end
128
+
82
129
  private
83
130
 
84
131
  #------------------------------------------------------------------------------
@@ -8,12 +8,14 @@ class DmCms::Admin::CmsContentitemsController < DmCms::Admin::AdminController
8
8
 
9
9
  #------------------------------------------------------------------------------
10
10
  def new_content
11
+ authorize! :manage_content, @current_page
11
12
  @cms_contentitem = CmsContentitem.new
12
13
  @cms_contentitem.container = 'body'
13
14
  end
14
15
 
15
16
  #------------------------------------------------------------------------------
16
17
  def create_content
18
+ authorize! :manage_content, @current_page
17
19
  @cms_contentitem = @current_page.cms_contentitems.new(cms_contentitem_params)
18
20
  if @cms_contentitem.save
19
21
  redirect_to admin_cms_page_url(@current_page), notice: 'Content successfully created.'
@@ -24,10 +26,12 @@ class DmCms::Admin::CmsContentitemsController < DmCms::Admin::AdminController
24
26
 
25
27
  #------------------------------------------------------------------------------
26
28
  def edit
29
+ authorize! :manage_content, @current_page
27
30
  end
28
31
 
29
32
  #------------------------------------------------------------------------------
30
33
  def update
34
+ authorize! :manage_content, @current_page
31
35
  if @cms_contentitem.update_attributes(cms_contentitem_params)
32
36
  redirect_to edit_admin_cms_contentitem_url(@cms_contentitem), notice: 'Content updated'
33
37
  else
@@ -37,12 +41,14 @@ class DmCms::Admin::CmsContentitemsController < DmCms::Admin::AdminController
37
41
 
38
42
  #------------------------------------------------------------------------------
39
43
  def destroy
44
+ authorize! :manage_content, @current_page
40
45
  @cms_contentitem.destroy
41
46
  redirect_to(:controller => 'dm_cms/admin/cms_pages', :action => :show, :id => @cms_contentitem.cms_page_id)
42
47
  end
43
48
 
44
49
  #------------------------------------------------------------------------------
45
50
  def update_fragment
51
+ authorize! :manage_content, @current_page
46
52
  if @cms_contentitem.update_attributes(cms_contentitem_params)
47
53
  #@cms_page.merge!(@item.cms_page.get_page_render_values)
48
54
  #respond_to do |format|
@@ -53,12 +59,14 @@ class DmCms::Admin::CmsContentitemsController < DmCms::Admin::AdminController
53
59
 
54
60
  #------------------------------------------------------------------------------
55
61
  def move_up
62
+ authorize! :manage_content, @current_page
56
63
  @cms_contentitem.update_attributes(row_order_position: :up)
57
64
  redirect_to(:controller => 'dm_cms/admin/cms_pages', :action => :show, :id => @cms_contentitem.cms_page_id)
58
65
  end
59
66
 
60
67
  #------------------------------------------------------------------------------
61
68
  def move_down
69
+ authorize! :manage_content, @current_page
62
70
  @cms_contentitem.update_attributes(row_order_position: :down)
63
71
  redirect_to(:controller => 'dm_cms/admin/cms_pages', :action => :show, :id => @cms_contentitem.cms_page_id)
64
72
  end
@@ -6,6 +6,7 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
6
6
 
7
7
  #------------------------------------------------------------------------------
8
8
  def index
9
+ authorize! :access_content_section, :all
9
10
  CmsPage.create_default_site if CmsPage.roots.empty?
10
11
  # @tree = CmsPage.arrange(order: :position)
11
12
  @tree = CmsPage.arrange(order: :row_order)
@@ -13,11 +14,13 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
13
14
 
14
15
  #------------------------------------------------------------------------------
15
16
  def new_page
17
+ authorize! :manage_content, :all
16
18
  @cms_page = CmsPage.new
17
19
  end
18
20
 
19
21
  #------------------------------------------------------------------------------
20
22
  def create_page
23
+ authorize! :manage_content, :all
21
24
  @cms_page = @current_page.children.new(cms_page_params)
22
25
  respond_to do |format|
23
26
  if @cms_page.save
@@ -32,11 +35,13 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
32
35
 
33
36
  #------------------------------------------------------------------------------
34
37
  def edit
38
+ authorize! :manage_content, @current_page
35
39
  @cms_page = @current_page
36
40
  end
37
41
 
38
42
  #------------------------------------------------------------------------------
39
43
  def update
44
+ authorize! :manage_content, @current_page
40
45
  if @current_page.update_attributes(cms_page_params)
41
46
  redirect_to :action => :show, :id => @current_page
42
47
  else
@@ -47,10 +52,12 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
47
52
 
48
53
  #------------------------------------------------------------------------------
49
54
  def show
55
+ authorize! :manage_content, @current_page
50
56
  end
51
57
 
52
58
  #------------------------------------------------------------------------------
53
59
  def duplicate_page
60
+ authorize! :manage_content, :all
54
61
  new_page = @current_page.duplicate_with_associations
55
62
  if new_page.nil?
56
63
  redirect_to admin_cms_page_url(@current_page), :flash => { :error => 'A duplicate page already exists' }
@@ -63,7 +70,9 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
63
70
  # Note that position comes in as 0-based, increment to make 1-based
64
71
  #------------------------------------------------------------------------------
65
72
  def ajax_sort
66
- @current_page.update_attributes(row_order_position: params[:item][:position], parent_id: params[:item][:parent_id])
73
+ if can? :manage_content, :all
74
+ @current_page.update_attributes(row_order_position: params[:item][:position], parent_id: params[:item][:parent_id])
75
+ end
67
76
 
68
77
  #--- this action will be called via ajax
69
78
  render nothing: true
@@ -71,6 +80,7 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
71
80
 
72
81
  #------------------------------------------------------------------------------
73
82
  def destroy
83
+ authorize! :manage_content, :all
74
84
  @current_page.destroy
75
85
  redirect_to :action => :index
76
86
  end
@@ -90,6 +100,37 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
90
100
  end
91
101
  end
92
102
 
103
+ #------------------------------------------------------------------------------
104
+ def permissions
105
+ authorize! :manage_content, :all
106
+ if put_or_post?
107
+ if params[:user][:user_id]
108
+ user = User.find(params[:user][:user_id])
109
+ if user
110
+ roles = params[:user].delete(:roles)
111
+ [:manage_content].each do |role|
112
+ roles[role].as_boolean ? user.add_role(role, @current_page) : user.remove_role(role, @current_page)
113
+ end
114
+ user.save!
115
+ end
116
+ end
117
+ end
118
+ @content_managers = User.with_role(:content_manager)
119
+ @content_managers_alacarte = User.with_role(:content_manager_alacarte)
120
+ end
121
+
122
+ #------------------------------------------------------------------------------
123
+ def ajax_toggle_permission
124
+ authorize! :manage_content, :all
125
+ user = User.find(params[:user_id])
126
+ role = params[:role].to_sym
127
+ if user && [:manage_content].include?(role)
128
+ user.has_role?(role, @current_page) ? user.remove_role(role, @current_page) : user.add_role(role, @current_page)
129
+ user.save!
130
+ end
131
+ render nothing: true
132
+ end
133
+
93
134
  protected
94
135
 
95
136
  #------------------------------------------------------------------------------
@@ -6,15 +6,18 @@ class DmCms::Admin::CmsPostsController < DmCms::Admin::AdminController
6
6
 
7
7
  #------------------------------------------------------------------------------
8
8
  def new
9
+ authorize! :manage_content, @blog
9
10
  @post = @blog.posts.build(comments_allowed: @blog.comments_allowed)
10
11
  end
11
12
 
12
13
  #------------------------------------------------------------------------------
13
14
  def edit
15
+ authorize! :manage_content, @blog
14
16
  end
15
17
 
16
18
  #------------------------------------------------------------------------------
17
19
  def create
20
+ authorize! :manage_content, @blog
18
21
  @post = @blog.posts.new(cms_post_params)
19
22
 
20
23
  if @post.save
@@ -26,6 +29,7 @@ class DmCms::Admin::CmsPostsController < DmCms::Admin::AdminController
26
29
 
27
30
  #------------------------------------------------------------------------------
28
31
  def update
32
+ authorize! :manage_content, @blog
29
33
  if @post.update_attributes(cms_post_params)
30
34
  redirect_to admin_cms_blog_url(@blog), notice: 'Post was successfully updated.'
31
35
  else
@@ -35,12 +39,14 @@ class DmCms::Admin::CmsPostsController < DmCms::Admin::AdminController
35
39
 
36
40
  #------------------------------------------------------------------------------
37
41
  def destroy
42
+ authorize! :manage_content, @blog
38
43
  @post.destroy
39
44
  redirect_to admin_cms_blog_url(@blog), notice: 'Post was successfully deleted.'
40
45
  end
41
46
 
42
47
  #------------------------------------------------------------------------------
43
48
  def send_notifications_emails
49
+ authorize! :manage_content, @blog
44
50
  status = @post.send_notification_emails(params[:test] ? current_user : nil)
45
51
  if params[:test] && status == 0
46
52
  redirect_to admin_cms_blog_url(@blog), error: "Unable to send test email"
@@ -16,13 +16,29 @@ module DmCms
16
16
  if user
17
17
  #--- Admin
18
18
  if user.has_role?(:content_manager)
19
+ can :access_content_section, :all
19
20
  can :manage_content, :all
20
21
  can :access_media_library, :all
21
22
  can :access_admin, :all
23
+ elsif user.has_role?(:content_manager_alacarte)
24
+ # allowed to access the backend content section
25
+ can :access_content_section, :all
26
+ can :access_admin, :all
27
+
28
+ # can edit a page
29
+ manage_page_ids = @user_roles.select {|r| r.name == 'manage_content' && r.resource_type == 'CmsPage'}.map(&:resource_id)
30
+ can :manage_content, CmsPage, id: manage_page_ids
31
+ can(:access_media_library, :all) unless manage_page_ids.empty?
32
+
33
+ # can edit a blog
34
+ manage_blog_ids = @user_roles.select {|r| r.name == 'manage_content' && r.resource_type == 'CmsBlog'}.map(&:resource_id)
35
+ can :manage_content, CmsBlog, id: manage_blog_ids
36
+ can :read, CmsBlog, id: manage_blog_ids
37
+ can(:access_media_library, :all) unless manage_blog_ids.empty?
22
38
  end
23
39
 
24
40
  #--- Blog
25
- can(:read, CmsBlog) { |blog| blog.can_be_read_by?(user) }
41
+ can(:read, CmsBlog) { |blog| blog.can_be_read_by?(user) }
26
42
  can(:reply, CmsBlog) { |blog| blog.can_be_replied_by?(user) }
27
43
  # can :moderate, CmsBlog, :id => CmsBlog.published.with_role(:moderator, user).map(&:id)
28
44
 
@@ -3,32 +3,32 @@ module DmCms
3
3
 
4
4
  #------------------------------------------------------------------------------
5
5
  def cms_snippet_params
6
- params.require(:cms_snippet).permit! if can? :manage_content, :all
6
+ params.require(:cms_snippet).permit!
7
7
  end
8
8
 
9
9
  #------------------------------------------------------------------------------
10
10
  def cms_blog_params
11
- params.require(:cms_blog).permit! if can? :manage_content, :all
11
+ params.require(:cms_blog).permit!
12
12
  end
13
13
 
14
14
  #------------------------------------------------------------------------------
15
15
  def cms_post_params
16
- params.require(:cms_post).permit! if can? :manage_content, :all
16
+ params.require(:cms_post).permit!
17
17
  end
18
18
 
19
19
  #------------------------------------------------------------------------------
20
20
  def cms_page_params
21
- params.require(:cms_page).permit! if can? :manage_content, :all
21
+ params.require(:cms_page).permit!
22
22
  end
23
23
 
24
24
  #------------------------------------------------------------------------------
25
25
  def cms_contentitem_params
26
- params.require(:cms_contentitem).permit! if can? :manage_content, :all
26
+ params.require(:cms_contentitem).permit!
27
27
  end
28
28
 
29
29
  #------------------------------------------------------------------------------
30
30
  def media_file_params
31
- params.require(:media_file).permit! if can? :manage_content, :all
31
+ params.require(:media_file).permit!
32
32
  end
33
33
  end
34
34
  end
@@ -1,22 +1,19 @@
1
1
  <% content_for :content_title, icon_label('font-bullhorn', 'Blogs') %>
2
2
  <% content_for :content_title_extra do %>
3
- <div class="visible-xs header-element-toggle">
4
- <a class="btn btn-primary btn-icon" data-toggle="collapse" data-target="#header-buttons"><i class="icon-stats2"></i></a>
5
- </div>
6
- <div class="header-buttons">
7
- <div class="collapse" id="header-buttons">
8
- <div class="well">
9
- <%= link_to icon_label(:new, 'New Blog'), new_admin_cms_blog_path, title: 'New Blog', class: 'btn btn-xs btn-default' %>
10
- </div>
11
- </div>
12
- </div>
3
+ <% if can? :manage_content, :all %>
4
+ <%= page_header_buttons do %>
5
+ <%= link_to icon_label(:new, 'New Blog'), new_admin_cms_blog_path, title: 'New Blog', class: 'btn btn-xs btn-default' %>
6
+ <% end %>
7
+ <% end %>
13
8
  <% end %>
14
9
 
15
10
  <%= panel title: 'Current Blogs', body: false do %>
16
11
  <table id="drag_sort" class="table table-striped table-bordered table-condensed" data-update_url="<%= dm_cms.admin_cms_blog_sort_path %>">
17
12
  <thead>
18
13
  <tr>
19
- <th class="sort_handle"></th>
14
+ <% if can?(:manage_content, :all) %>
15
+ <th class="sort_handle"></th>
16
+ <% end %>
20
17
  <th>Title</th>
21
18
  <th>Associated Event</th>
22
19
  <th width="50">Type</th>
@@ -28,7 +25,9 @@
28
25
  <% @blogs.each do |blog| %>
29
26
  <% present blog do |blog_presenter| %>
30
27
  <tr class="item" data-item_id="<%= blog.id %>">
31
- <td class="sort_handle"></td>
28
+ <% if can?(:manage_content, :all) %>
29
+ <td class="sort_handle"></td>
30
+ <% end %>
32
31
  <td>
33
32
  <%= link_to blog.title, admin_cms_blog_path(blog) %>
34
33
  </td>
@@ -0,0 +1,54 @@
1
+ <% content_for :content_title, "Permissions" %>
2
+ <% content_for :content_subtitle, "#{@blog.title}" %>
3
+
4
+ <div class="row">
5
+ <div class="col-md-8">
6
+ <%= panel body: false, title: "Permissions" do %>
7
+ <div class="panel-body">
8
+ <p>The users below can be granted access to this particular blog.</p>
9
+
10
+ <% @content_managers_alacarte.each do |user| %>
11
+ <div class="row">
12
+ <div class="col-md-12">
13
+ <%= subsection title: user.full_name do %>
14
+ <% manage_content_state = user.has_role?(:manage_content, @blog) ? 'btn-success active' : 'btn-default' %>
15
+ <%= link_to 'Manage Blog', dm_cms.ajax_toggle_permission_admin_cms_blog_path(@blog, user.id, :manage_content), class: "permission_btn btn btn-xs #{manage_content_state}", role: 'button', remote: true, method: :patch %>
16
+ <% end %>
17
+ </div>
18
+ </div>
19
+ <% end %>
20
+ </div>
21
+
22
+ <% end %>
23
+ </div>
24
+ <div class="col-md-4">
25
+ <%= panel body: false, title: "Conent Managers" do %>
26
+ <div class="panel-body">
27
+ <p>Current users that can fully manage blogs</p>
28
+ </div>
29
+
30
+ <table class="table table-bordered table-condensed table-striped">
31
+ <tbody>
32
+ <% @content_managers.each do |user| %>
33
+ <tr>
34
+ <td><%= user.full_name %></td>
35
+ </tr>
36
+ <% end %>
37
+ </tbody>
38
+ </table>
39
+ <% end %>
40
+ </div>
41
+ </div>
42
+ <script>
43
+ $(document).ready(function() {
44
+ $('.permission_btn').on("ajax:success", function(e, content) {
45
+ if ($(this).is(".active")) {
46
+ $(this).addClass("btn-default");
47
+ $(this).removeClass("active").removeClass("btn-success");
48
+ } else {
49
+ $(this).addClass("active").addClass("btn-success");
50
+ $(this).removeClass("btn-default");
51
+ }
52
+ });
53
+ });
54
+ </script
@@ -5,6 +5,14 @@
5
5
  <%= present(@blog).label_published %>
6
6
  <%= link_to icon_label(:view, 'View'), blog_show_url(@blog), class: "btn btn-xs btn-default", title: 'View', target: '_blank' %>
7
7
  <%= link_to(icon_label(:edit, 'Edit'), [:edit, :admin, @blog], class: "btn btn-xs btn-default", title: 'Edit') %>
8
+ <% if can?(:manage_content, :all) %>
9
+ <div class="btn-group">
10
+ <button class="btn btn-default btn-xs dropdown-toggle" data-toggle="dropdown"><i class="icon-cog"></i> <span class="caret"></span></button>
11
+ <ul class="dropdown-menu dropdown-menu-right icons-right">
12
+ <li><%= link_to label_icon('Permissions', 'icon-lock'), permissions_admin_cms_blog_path(@blog) %></li>
13
+ </ul>
14
+ </div>
15
+ <% end %>
8
16
  <% end %>
9
17
  <% end %>
10
18
 
@@ -43,7 +43,11 @@
43
43
  hint: 'Text used when a page liked on Facebook. Is not visible on the page'%>
44
44
  <% end %>
45
45
  <% end %>
46
- <%= submit_or_cancel cancel_url: {action: :show, id: @current_page}, delete: 'Delete Page', delete_url: admin_cms_page_path(@current_page), delete_confirm: 'Are you sure you wish to delete this page?' %>
46
+ <% if can? :manage_content, :all %>
47
+ <%= submit_or_cancel cancel_url: {action: :show, id: @current_page}, delete: 'Delete Page', delete_url: admin_cms_page_path(@current_page), delete_confirm: 'Are you sure you wish to delete this page?' %>
48
+ <% else %>
49
+ <%= submit_or_cancel cancel_url: {action: :show, id: @current_page} %>
50
+ <% end %>
47
51
 
48
52
  <% end %>
49
53
 
@@ -6,14 +6,16 @@
6
6
  <a href="#" class="tree_expand"></a>
7
7
  <% end %>
8
8
  <% if item.divider? %>
9
- <%= link_to "&mdash; #{item.menutitle} &mdash;".html_safe, :action => :show, :id => item %>
9
+ <% item_title = "&mdash; #{item.menutitle} &mdash;".html_safe %>
10
+ <%= can?(:manage_content, item) ? link_to(item_title, :action => :show, :id => item) : item_title %>
10
11
  <% else %>
11
- <%= link_to (item.title.blank? ? item.slug : item.title), :action => :show, :id => item %>
12
+ <% item_title = (item.title.blank? ? item.slug : item.title) %>
13
+ <%= can?(:manage_content, item) ? link_to(item_title, :action => :show, :id => item) : item_title %>
12
14
  <% end %>
13
15
  </dt>
14
16
  <dd><%= present(item).label_published %></dd>
15
17
  <dd>
16
- <%= link_to "New Child", new_page_admin_cms_page_path(item) %>
18
+ <%= link_to "New Child", new_page_admin_cms_page_path(item) if can? :manage_content, :all %>
17
19
  </dd>
18
20
  </dl>
19
21
  <%= (sub_items.blank? ? '' : content_tag(:ul, nested_tree(sub_items), :class => 'sub_tree', :style => ((item.is_root? || open_or_closed == 'tree_open') ? '' : 'display:none'))) %>
@@ -4,7 +4,7 @@
4
4
  <div class="collapse" id="header-buttons">
5
5
  <div class="well">
6
6
  <div class="btn-group">
7
- <%= link_to('Snippets', dm_cms.admin_cms_snippets_path, class: 'btn btn-default btn-xs') %>
7
+ <%= link_to('Snippets', dm_cms.admin_cms_snippets_path, class: 'btn btn-default btn-xs') if can? :manage_content, :all %>
8
8
  <button class="btn btn-default btn-xs dropdown-toggle" data-toggle="dropdown"><i class="icon-cog"></i> <span class="caret"></span></button>
9
9
  <ul class="dropdown-menu dropdown-menu-right icons-right">
10
10
  <li>
@@ -0,0 +1,54 @@
1
+ <% content_for :content_title, "Permissions" %>
2
+ <% content_for :content_subtitle, "#{@current_page.title}" %>
3
+
4
+ <div class="row">
5
+ <div class="col-md-8">
6
+ <%= panel body: false, title: "Permissions" do %>
7
+ <div class="panel-body">
8
+ <p>The users below can be granted access to this particular page.</p>
9
+
10
+ <% @content_managers_alacarte.each do |user| %>
11
+ <div class="row">
12
+ <div class="col-md-12">
13
+ <%= subsection title: user.full_name do %>
14
+ <% manage_content_state = user.has_role?(:manage_content, @current_page) ? 'btn-success active' : 'btn-default' %>
15
+ <%= link_to 'Page Editing', dm_cms.ajax_toggle_permission_admin_cms_page_path(@current_page, user.id, :manage_content), class: "permission_btn btn btn-xs #{manage_content_state}", role: 'button', remote: true, method: :patch %>
16
+ <% end %>
17
+ </div>
18
+ </div>
19
+ <% end %>
20
+ </div>
21
+
22
+ <% end %>
23
+ </div>
24
+ <div class="col-md-4">
25
+ <%= panel body: false, title: "Conent Managers" do %>
26
+ <div class="panel-body">
27
+ <p>Current users that can fully manage pages</p>
28
+ </div>
29
+
30
+ <table class="table table-bordered table-condensed table-striped">
31
+ <tbody>
32
+ <% @content_managers.each do |user| %>
33
+ <tr>
34
+ <td><%= user.full_name %></td>
35
+ </tr>
36
+ <% end %>
37
+ </tbody>
38
+ </table>
39
+ <% end %>
40
+ </div>
41
+ </div>
42
+ <script>
43
+ $(document).ready(function() {
44
+ $('.permission_btn').on("ajax:success", function(e, content) {
45
+ if ($(this).is(".active")) {
46
+ $(this).addClass("btn-default");
47
+ $(this).removeClass("active").removeClass("btn-success");
48
+ } else {
49
+ $(this).addClass("active").addClass("btn-success");
50
+ $(this).removeClass("btn-default");
51
+ }
52
+ });
53
+ });
54
+ </script
@@ -4,6 +4,14 @@
4
4
  <%= page_header_buttons do %>
5
5
  <%= link_to icon_label(:new, 'Add Content'), new_content_admin_cms_contentitem_path(@current_page), title: 'Add Content Block', class: 'btn btn-xs btn-default' %>
6
6
  <%= link_to icon_label(:view, 'View Page'), url_for("/#{current_account.preferred_default_locale}/#{@current_page.slug}"), title: 'View Page', class: 'btn btn-xs btn-default', target: '_blank' %>
7
+ <% if can?(:manage_content, :all) %>
8
+ <div class="btn-group">
9
+ <button class="btn btn-default btn-xs dropdown-toggle" data-toggle="dropdown"><i class="icon-cog"></i> <span class="caret"></span></button>
10
+ <ul class="dropdown-menu dropdown-menu-right icons-right">
11
+ <li><%= link_to label_icon('Permissions', 'icon-lock'), permissions_admin_cms_page_path(@current_page) %></li>
12
+ </ul>
13
+ </div>
14
+ <% end %>
7
15
  <% end %>
8
16
  <% end %>
9
17
 
data/config/routes.rb CHANGED
@@ -7,11 +7,13 @@ DmCms::Engine.routes.draw do
7
7
  get '/dashboard/widget_blog_comments(/:comment_day)', controller: 'dashboard', action: :widget_blog_comments, as: :widget_blog_comments
8
8
  resources :cms_pages do
9
9
  member do
10
- get :new_page
11
- post :create_page
12
- put :duplicate_page
13
- post :file_tree
14
- get :file_tree
10
+ get :new_page
11
+ post :create_page
12
+ put :duplicate_page
13
+ post :file_tree
14
+ get :file_tree
15
+ match 'permissions', action: 'permissions', via: [:get, :post, :patch]
16
+ patch 'ajax_toggle_permission/:user_id/:role', action: 'ajax_toggle_permission', as: 'ajax_toggle_permission'
15
17
  end
16
18
  end
17
19
 
@@ -31,6 +33,8 @@ DmCms::Engine.routes.draw do
31
33
  get 'blog_users', action: :blog_users, as: :blog_users
32
34
  match 'blog_add_member', action: :blog_add_member, as: :blog_add_member, via: [:get, :post]
33
35
  delete 'blog_delete_member', action: :blog_delete_member, as: :blog_delete_member
36
+ match 'permissions', action: 'permissions', via: [:get, :post, :patch]
37
+ patch 'ajax_toggle_permission/:user_id/:role', action: 'ajax_toggle_permission', as: 'ajax_toggle_permission'
34
38
  end
35
39
  resources :cms_posts do
36
40
  member do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dm_cms
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.2.2.1
4
+ version: 4.2.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brett Walker
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-09-29 00:00:00.000000000 Z
11
+ date: 2016-11-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dm_core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 4.2.2.1
19
+ version: 4.2.2.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 4.2.2.1
26
+ version: 4.2.2.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: meta-tags-helpers
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -111,6 +111,7 @@ files:
111
111
  - app/views/dm_cms/admin/cms_blogs/edit.html.erb
112
112
  - app/views/dm_cms/admin/cms_blogs/index.html.erb
113
113
  - app/views/dm_cms/admin/cms_blogs/new.html.erb
114
+ - app/views/dm_cms/admin/cms_blogs/permissions.html.erb
114
115
  - app/views/dm_cms/admin/cms_blogs/show.html.erb
115
116
  - app/views/dm_cms/admin/cms_contentitems/_form.html.erb
116
117
  - app/views/dm_cms/admin/cms_contentitems/_form_dialog.html.erb
@@ -124,6 +125,7 @@ files:
124
125
  - app/views/dm_cms/admin/cms_pages/edit.html.erb
125
126
  - app/views/dm_cms/admin/cms_pages/index.html.erb
126
127
  - app/views/dm_cms/admin/cms_pages/new_page.html.erb
128
+ - app/views/dm_cms/admin/cms_pages/permissions.html.erb
127
129
  - app/views/dm_cms/admin/cms_pages/show.html.erb
128
130
  - app/views/dm_cms/admin/cms_posts/_form.html.erb
129
131
  - app/views/dm_cms/admin/cms_posts/edit.html.erb