dm_cms 4.2.2.1 → 4.2.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 74181697b3c0b59038fb35a92caef0c15e8bebf4
-  data.tar.gz: bce62a212728b510ea2bbfb44e8936268f5c15e2
+  metadata.gz: 318424545cbdec0781df43c99e5a76d488e0b3d9
+  data.tar.gz: f023f53a9384f293eee4c54d36a54336bfdf6e84
 SHA512:
-  metadata.gz: 3cbc96dc2a87d103d2e6e4d225e518771c3254fc34dfe2933774c8697c062fb554a8968a5df8d9955609d31cd5491607dc5fe873ca587e53513574af69a38df6
-  data.tar.gz: 7b67c179c6837c278d2d75c6e39c1a196e64004ce3e84d07340f5e7f3a3e8053867b6f31803602c61d1ffcccdea0d3fab7f637f1d4951e56f092b9bfe51b406f
+  metadata.gz: 678f4916b0bada5afa062f2ff768a01172897eb29dd5631c7a701a3774b855c69916bfc9945694423654e37b6f4f5a4d91a18f5eaacb1f5ac59f0dae7df0f342
+  data.tar.gz: 6daff2cce4b7097572cd69ec2890eacf40833221c740b6b45e03463c2d5a15783c483886c3b2eafba1edcb617c33ca0df170dc6a4fe881ad5fa02cfb9460e3f6

data/app/controllers/dm_cms/admin/admin_controller.rb

@@ -5,7 +5,7 @@ protected
 
   #------------------------------------------------------------------------------
   def authorize_access
-    unless can?(:manage_content, :all)
+    unless can?(:access_content_section, :all)
       flash[:alert] = "Unauthorized Access!"
       redirect_to current_account.index_path 
     end

data/app/controllers/dm_cms/admin/cms_blogs_controller.rb

@@ -6,20 +6,19 @@ class DmCms::Admin::CmsBlogsController < DmCms::Admin::AdminController
   
   #------------------------------------------------------------------------------
   def index
-    @blogs = CmsBlog.all
+    authorize! :access_content_section, :all
+    @blogs = can?(:manage_content, :all) ? CmsBlog.all : CmsBlog.with_role(:manage_content, current_user)
   end
 
   #------------------------------------------------------------------------------
   def new
+    authorize! :manage_content, :all
     @blog = CmsBlog.new
   end
 
-  #------------------------------------------------------------------------------
-  def edit
-  end
-
   #------------------------------------------------------------------------------
   def create
+    authorize! :manage_content, :all
     @blog = CmsBlog.new(cms_blog_params)
     
     if @blog.save
@@ -29,24 +28,38 @@ class DmCms::Admin::CmsBlogsController < DmCms::Admin::AdminController
     end
   end
 
+  #------------------------------------------------------------------------------
+  def edit
+    authorize! :manage_content, @blog
+  end
+
   #------------------------------------------------------------------------------
   def update
+    authorize! :manage_content, @blog
     if @blog.update_attributes(cms_blog_params)
       redirect_to admin_cms_blog_url(@blog), notice: 'Blog was successfully updated.'
     else
       render action: :edit
     end
   end
+  
+  #------------------------------------------------------------------------------
+  def show
+    authorize! :manage_content, @blog
+  end
 
   #------------------------------------------------------------------------------
   def destroy
+    authorize! :manage_content, :all
     @blog.destroy
     redirect_to admin_cms_blogs_url
   end
   
   #------------------------------------------------------------------------------
   def sort
-    @blog.update_attribute(:row_order_position, params[:item][:row_order_position])
+    if can :manage_content, :all
+      @blog.update_attribute(:row_order_position, params[:item][:row_order_position])
+    end
 
     #--- this action will be called via ajax
     render nothing: true
@@ -54,6 +67,7 @@ class DmCms::Admin::CmsBlogsController < DmCms::Admin::AdminController
 
   #------------------------------------------------------------------------------
   def blog_users
+    authorize! :manage_content, @blog
     respond_to do |format|
       format.json { render json: BlogUserDatatable.new(view_context, @blog) }
     end
@@ -63,6 +77,7 @@ class DmCms::Admin::CmsBlogsController < DmCms::Admin::AdminController
   # => user_id: add a single user
   #------------------------------------------------------------------------------
   def blog_add_member
+    authorize! :manage_content, @blog
     if !params[:user_id].blank?
       user = User.find(params[:user_id])
       @blog.add_member(user)
@@ -74,11 +89,43 @@ class DmCms::Admin::CmsBlogsController < DmCms::Admin::AdminController
   
   #------------------------------------------------------------------------------
   def blog_delete_member
+    authorize! :manage_content, @blog
     user = User.find(params[:user_id])
     @blog.remove_member(user)
     redirect_to admin_cms_blog_url(@blog), notice: "Blog access removed for #{user.full_name}"
   end
 
+  #------------------------------------------------------------------------------
+  def permissions
+    authorize! :manage_content, :all
+    if put_or_post?
+      if params[:user][:user_id]
+        user = User.find(params[:user][:user_id])
+        if user
+          roles = params[:user].delete(:roles)
+          [:manage_content].each do |role|
+            roles[role].as_boolean ? user.add_role(role, @blog) : user.remove_role(role, @blog)
+          end
+          user.save!
+        end
+      end
+    end
+    @content_managers = User.with_role(:content_manager)
+    @content_managers_alacarte = User.with_role(:content_manager_alacarte)
+  end
+
+  #------------------------------------------------------------------------------
+  def ajax_toggle_permission
+    authorize! :manage_content, :all
+    user = User.find(params[:user_id])
+    role = params[:role].to_sym
+    if user && [:manage_content].include?(role)
+      user.has_role?(role, @blog) ? user.remove_role(role, @blog) : user.add_role(role, @blog)
+      user.save!
+    end
+    render nothing: true
+  end
+
 private
 
   #------------------------------------------------------------------------------

data/app/controllers/dm_cms/admin/cms_contentitems_controller.rb

@@ -8,12 +8,14 @@ class DmCms::Admin::CmsContentitemsController < DmCms::Admin::AdminController
 
   #------------------------------------------------------------------------------
   def new_content
+    authorize! :manage_content, @current_page
     @cms_contentitem        = CmsContentitem.new
     @cms_contentitem.container  = 'body'
   end
 
   #------------------------------------------------------------------------------
   def create_content
+    authorize! :manage_content, @current_page
     @cms_contentitem = @current_page.cms_contentitems.new(cms_contentitem_params)
     if @cms_contentitem.save
       redirect_to admin_cms_page_url(@current_page), notice: 'Content successfully created.'
@@ -24,10 +26,12 @@ class DmCms::Admin::CmsContentitemsController < DmCms::Admin::AdminController
 
   #------------------------------------------------------------------------------
   def edit
+    authorize! :manage_content, @current_page
   end
 
   #------------------------------------------------------------------------------
   def update
+    authorize! :manage_content, @current_page
     if @cms_contentitem.update_attributes(cms_contentitem_params)
       redirect_to edit_admin_cms_contentitem_url(@cms_contentitem), notice: 'Content updated'
      else
@@ -37,12 +41,14 @@ class DmCms::Admin::CmsContentitemsController < DmCms::Admin::AdminController
 
   #------------------------------------------------------------------------------
   def destroy
+    authorize! :manage_content, @current_page
     @cms_contentitem.destroy
     redirect_to(:controller => 'dm_cms/admin/cms_pages', :action => :show, :id => @cms_contentitem.cms_page_id)
   end
 
   #------------------------------------------------------------------------------
   def update_fragment
+    authorize! :manage_content, @current_page
     if @cms_contentitem.update_attributes(cms_contentitem_params)
       #@cms_page.merge!(@item.cms_page.get_page_render_values)
       #respond_to do |format| 
@@ -53,12 +59,14 @@ class DmCms::Admin::CmsContentitemsController < DmCms::Admin::AdminController
 
   #------------------------------------------------------------------------------
   def move_up
+    authorize! :manage_content, @current_page
     @cms_contentitem.update_attributes(row_order_position: :up)
     redirect_to(:controller => 'dm_cms/admin/cms_pages', :action => :show, :id => @cms_contentitem.cms_page_id)
   end
 
   #------------------------------------------------------------------------------
   def move_down
+    authorize! :manage_content, @current_page
     @cms_contentitem.update_attributes(row_order_position: :down)
     redirect_to(:controller => 'dm_cms/admin/cms_pages', :action => :show, :id => @cms_contentitem.cms_page_id)
   end

data/app/controllers/dm_cms/admin/cms_pages_controller.rb

@@ -6,6 +6,7 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
 
   #------------------------------------------------------------------------------
   def index
+    authorize! :access_content_section, :all
     CmsPage.create_default_site if CmsPage.roots.empty?
     # @tree = CmsPage.arrange(order: :position)
     @tree = CmsPage.arrange(order: :row_order)
@@ -13,11 +14,13 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
   
   #------------------------------------------------------------------------------
   def new_page
+    authorize! :manage_content, :all
     @cms_page = CmsPage.new
   end
 
   #------------------------------------------------------------------------------
   def create_page
+    authorize! :manage_content, :all
     @cms_page = @current_page.children.new(cms_page_params)
     respond_to do |format|
       if @cms_page.save
@@ -32,11 +35,13 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
 
   #------------------------------------------------------------------------------
   def edit
+    authorize! :manage_content, @current_page
     @cms_page = @current_page
   end
 
   #------------------------------------------------------------------------------
   def update
+    authorize! :manage_content, @current_page
     if @current_page.update_attributes(cms_page_params)
       redirect_to :action => :show, :id => @current_page
      else
@@ -47,10 +52,12 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
 
   #------------------------------------------------------------------------------
   def show
+    authorize! :manage_content, @current_page
   end
   
   #------------------------------------------------------------------------------
   def duplicate_page
+    authorize! :manage_content, :all
     new_page = @current_page.duplicate_with_associations
     if new_page.nil?
       redirect_to admin_cms_page_url(@current_page), :flash => { :error => 'A duplicate page already exists' }
@@ -63,7 +70,9 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
   # Note that position comes in as 0-based, increment to make 1-based
   #------------------------------------------------------------------------------
   def ajax_sort
-    @current_page.update_attributes(row_order_position: params[:item][:position], parent_id: params[:item][:parent_id])
+    if can? :manage_content, :all
+      @current_page.update_attributes(row_order_position: params[:item][:position], parent_id: params[:item][:parent_id])
+    end
 
     #--- this action will be called via ajax
     render nothing: true
@@ -71,6 +80,7 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
   
   #------------------------------------------------------------------------------
   def destroy
+    authorize! :manage_content, :all
     @current_page.destroy
     redirect_to :action => :index
   end
@@ -90,6 +100,37 @@ class DmCms::Admin::CmsPagesController < DmCms::Admin::AdminController
     end
   end
 
+  #------------------------------------------------------------------------------
+  def permissions
+    authorize! :manage_content, :all
+    if put_or_post?
+      if params[:user][:user_id]
+        user = User.find(params[:user][:user_id])
+        if user
+          roles = params[:user].delete(:roles)
+          [:manage_content].each do |role|
+            roles[role].as_boolean ? user.add_role(role, @current_page) : user.remove_role(role, @current_page)
+          end
+          user.save!
+        end
+      end
+    end
+    @content_managers = User.with_role(:content_manager)
+    @content_managers_alacarte = User.with_role(:content_manager_alacarte)
+  end
+
+  #------------------------------------------------------------------------------
+  def ajax_toggle_permission
+    authorize! :manage_content, :all
+    user = User.find(params[:user_id])
+    role = params[:role].to_sym
+    if user && [:manage_content].include?(role)
+      user.has_role?(role, @current_page) ? user.remove_role(role, @current_page) : user.add_role(role, @current_page)
+      user.save!
+    end
+    render nothing: true
+  end
+
 protected
   
   #------------------------------------------------------------------------------

data/app/controllers/dm_cms/admin/cms_posts_controller.rb

@@ -6,15 +6,18 @@ class DmCms::Admin::CmsPostsController < DmCms::Admin::AdminController
   
   #------------------------------------------------------------------------------
   def new
+    authorize! :manage_content, @blog
     @post = @blog.posts.build(comments_allowed: @blog.comments_allowed)
   end
 
   #------------------------------------------------------------------------------
   def edit
+    authorize! :manage_content, @blog
   end
 
   #------------------------------------------------------------------------------
   def create
+    authorize! :manage_content, @blog
     @post = @blog.posts.new(cms_post_params)
 
     if @post.save
@@ -26,6 +29,7 @@ class DmCms::Admin::CmsPostsController < DmCms::Admin::AdminController
 
   #------------------------------------------------------------------------------
   def update
+    authorize! :manage_content, @blog
     if @post.update_attributes(cms_post_params)
       redirect_to admin_cms_blog_url(@blog), notice: 'Post was successfully updated.'
     else
@@ -35,12 +39,14 @@ class DmCms::Admin::CmsPostsController < DmCms::Admin::AdminController
 
   #------------------------------------------------------------------------------
   def destroy
+    authorize! :manage_content, @blog
     @post.destroy
     redirect_to admin_cms_blog_url(@blog), notice: 'Post was successfully deleted.'
   end
   
   #------------------------------------------------------------------------------
   def send_notifications_emails
+    authorize! :manage_content, @blog
     status = @post.send_notification_emails(params[:test] ? current_user : nil)
     if params[:test] && status == 0
       redirect_to admin_cms_blog_url(@blog), error: "Unable to send test email"

data/app/models/dm_cms/concerns/ability.rb

@@ -16,13 +16,29 @@ module DmCms
         if user
           #--- Admin
           if user.has_role?(:content_manager)
+            can :access_content_section, :all
             can :manage_content, :all
             can :access_media_library, :all
             can :access_admin, :all
+          elsif user.has_role?(:content_manager_alacarte)
+            # allowed to access the backend content section
+            can :access_content_section, :all
+            can :access_admin, :all
+
+            # can edit a page
+            manage_page_ids = @user_roles.select {|r| r.name == 'manage_content' && r.resource_type == 'CmsPage'}.map(&:resource_id)
+            can :manage_content, CmsPage, id: manage_page_ids
+            can(:access_media_library, :all) unless manage_page_ids.empty?
+            
+            # can edit a blog
+            manage_blog_ids = @user_roles.select {|r| r.name == 'manage_content' && r.resource_type == 'CmsBlog'}.map(&:resource_id)
+            can :manage_content, CmsBlog, id: manage_blog_ids
+            can :read, CmsBlog, id: manage_blog_ids
+            can(:access_media_library, :all) unless manage_blog_ids.empty?
           end
 
           #--- Blog
-          can(:read, CmsBlog)   { |blog| blog.can_be_read_by?(user) }
+          can(:read,  CmsBlog)  { |blog| blog.can_be_read_by?(user) }
           can(:reply, CmsBlog)  { |blog| blog.can_be_replied_by?(user) }
           # can :moderate, CmsBlog, :id => CmsBlog.published.with_role(:moderator, user).map(&:id)
           

data/app/models/dm_cms/permitted_params.rb

@@ -3,32 +3,32 @@ module DmCms
 
     #------------------------------------------------------------------------------
     def cms_snippet_params
-      params.require(:cms_snippet).permit! if can? :manage_content, :all
+      params.require(:cms_snippet).permit!
     end
 
     #------------------------------------------------------------------------------
     def cms_blog_params
-      params.require(:cms_blog).permit! if can? :manage_content, :all
+      params.require(:cms_blog).permit!
     end
 
     #------------------------------------------------------------------------------
     def cms_post_params
-      params.require(:cms_post).permit! if can? :manage_content, :all
+      params.require(:cms_post).permit!
     end
 
     #------------------------------------------------------------------------------
     def cms_page_params
-      params.require(:cms_page).permit! if can? :manage_content, :all
+      params.require(:cms_page).permit!
     end
 
     #------------------------------------------------------------------------------
     def cms_contentitem_params
-      params.require(:cms_contentitem).permit! if can? :manage_content, :all
+      params.require(:cms_contentitem).permit!
     end
 
     #------------------------------------------------------------------------------
     def media_file_params
-      params.require(:media_file).permit! if can? :manage_content, :all
+      params.require(:media_file).permit!
     end
   end
 end

data/app/views/dm_cms/admin/cms_blogs/index.html.erb

@@ -1,22 +1,19 @@
 <% content_for :content_title, icon_label('font-bullhorn', 'Blogs') %>
 <% content_for :content_title_extra do %>
-  <div class="visible-xs header-element-toggle">
-    <a class="btn btn-primary btn-icon" data-toggle="collapse" data-target="#header-buttons"><i class="icon-stats2"></i></a>
-  </div>
-  <div class="header-buttons">
-    <div class="collapse" id="header-buttons">
-      <div class="well">
-        <%= link_to icon_label(:new, 'New Blog'), new_admin_cms_blog_path, title: 'New Blog', class: 'btn btn-xs btn-default' %>
-      </div>
-    </div>
-  </div>
+  <% if can? :manage_content, :all %>
+    <%= page_header_buttons do %>
+      <%= link_to icon_label(:new, 'New Blog'), new_admin_cms_blog_path, title: 'New Blog', class: 'btn btn-xs btn-default' %>
+    <% end %>
+  <% end %>
 <% end %>
 
 <%= panel title: 'Current Blogs', body: false do %>
   <table id="drag_sort" class="table table-striped table-bordered table-condensed" data-update_url="<%= dm_cms.admin_cms_blog_sort_path %>">
     <thead>
       <tr>
-        <th class="sort_handle"></th>
+        <% if can?(:manage_content, :all) %>
+          <th class="sort_handle"></th>
+        <% end %>
         <th>Title</th>
         <th>Associated Event</th>
         <th width="50">Type</th>
@@ -28,7 +25,9 @@
       <% @blogs.each do |blog| %>
         <% present blog do |blog_presenter| %>
           <tr class="item" data-item_id="<%= blog.id %>">
-            <td class="sort_handle"></td>
+            <% if can?(:manage_content, :all) %>
+              <td class="sort_handle"></td>
+            <% end %>
             <td>
               <%= link_to blog.title, admin_cms_blog_path(blog) %>
             </td>

data/app/views/dm_cms/admin/cms_blogs/permissions.html.erb

@@ -0,0 +1,54 @@
+<% content_for :content_title, "Permissions" %>
+<% content_for :content_subtitle, "#{@blog.title}" %>
+
+<div class="row">
+  <div class="col-md-8">
+    <%= panel body: false, title: "Permissions" do %>
+      <div class="panel-body">
+        <p>The users below can be granted access to this particular blog.</p>
+  
+        <% @content_managers_alacarte.each do |user| %>
+          <div class="row">
+            <div class="col-md-12">
+              <%= subsection title: user.full_name do %>
+                <% manage_content_state = user.has_role?(:manage_content, @blog) ? 'btn-success active' : 'btn-default' %>
+                <%= link_to 'Manage Blog', dm_cms.ajax_toggle_permission_admin_cms_blog_path(@blog, user.id, :manage_content), class: "permission_btn btn btn-xs #{manage_content_state}", role: 'button', remote: true, method: :patch %>
+              <% end %>
+            </div>
+          </div>
+        <% end %>
+      </div>
+
+    <% end %>
+  </div>
+  <div class="col-md-4">
+    <%= panel body: false, title: "Conent Managers" do %>
+      <div class="panel-body">
+        <p>Current users that can fully manage blogs</p>
+      </div>
+  
+      <table class="table table-bordered table-condensed table-striped">
+        <tbody>
+          <% @content_managers.each do |user| %>
+            <tr>
+              <td><%= user.full_name %></td>
+            </tr>
+          <% end %>
+        </tbody>
+      </table>
+    <% end %>
+  </div>
+</div>
+<script>
+$(document).ready(function() {
+  $('.permission_btn').on("ajax:success", function(e, content) {
+    if ($(this).is(".active")) {
+      $(this).addClass("btn-default");
+      $(this).removeClass("active").removeClass("btn-success");
+    } else {
+      $(this).addClass("active").addClass("btn-success");
+      $(this).removeClass("btn-default");
+    }
+  });
+});
+</script

data/app/views/dm_cms/admin/cms_blogs/show.html.erb

@@ -5,6 +5,14 @@
     <%= present(@blog).label_published %>
     <%= link_to icon_label(:view, 'View'),  blog_show_url(@blog),   class: "btn btn-xs btn-default", title: 'View', target: '_blank' %>
     <%= link_to(icon_label(:edit, 'Edit'),    [:edit, :admin, @blog], class: "btn btn-xs btn-default", title: 'Edit') %>
+    <% if can?(:manage_content, :all) %>
+      <div class="btn-group">
+        <button class="btn btn-default btn-xs dropdown-toggle" data-toggle="dropdown"><i class="icon-cog"></i> <span class="caret"></span></button>
+        <ul class="dropdown-menu dropdown-menu-right icons-right">
+          <li><%= link_to label_icon('Permissions', 'icon-lock'), permissions_admin_cms_blog_path(@blog) %></li>
+        </ul>
+      </div>
+    <% end %>
   <% end %>
 <% end %>
 

data/app/views/dm_cms/admin/cms_pages/_form.html.erb

@@ -43,7 +43,11 @@
                hint: 'Text used when a page liked on Facebook.  Is not visible on the page'%>
       <% end %>
     <% end %>
-    <%= submit_or_cancel cancel_url: {action: :show, id: @current_page}, delete: 'Delete Page', delete_url: admin_cms_page_path(@current_page), delete_confirm: 'Are you sure you wish to delete this page?' %>
+    <% if can? :manage_content, :all %>
+      <%= submit_or_cancel cancel_url: {action: :show, id: @current_page}, delete: 'Delete Page', delete_url: admin_cms_page_path(@current_page), delete_confirm: 'Are you sure you wish to delete this page?' %>
+    <% else %>
+      <%= submit_or_cancel cancel_url: {action: :show, id: @current_page} %>
+    <% end %>
 
   <% end %>
 

data/app/views/dm_cms/admin/cms_pages/_tree.html.erb

@@ -6,14 +6,16 @@
         <a href="#" class="tree_expand"></a>
       <% end %>
       <% if item.divider? %>
-        <%= link_to "&mdash; #{item.menutitle} &mdash;".html_safe, :action => :show, :id => item %>
+        <% item_title = "&mdash; #{item.menutitle} &mdash;".html_safe %>
+        <%= can?(:manage_content, item) ? link_to(item_title, :action => :show, :id => item) : item_title %>
       <% else %>
-        <%= link_to (item.title.blank? ? item.slug : item.title), :action => :show, :id => item %>
+        <% item_title = (item.title.blank? ? item.slug : item.title) %>
+        <%= can?(:manage_content, item) ? link_to(item_title, :action => :show, :id => item) : item_title %>
       <% end %>
     </dt>
     <dd><%= present(item).label_published %></dd>
     <dd>
-      <%= link_to "New Child", new_page_admin_cms_page_path(item) %>
+      <%= link_to "New Child", new_page_admin_cms_page_path(item) if can? :manage_content, :all %>
     </dd>
   </dl>
   <%= (sub_items.blank? ? '' : content_tag(:ul, nested_tree(sub_items), :class => 'sub_tree', :style => ((item.is_root? || open_or_closed == 'tree_open') ? '' : 'display:none'))) %>

data/app/views/dm_cms/admin/cms_pages/index.html.erb

@@ -4,7 +4,7 @@
     <div class="collapse" id="header-buttons">
       <div class="well">
         <div class="btn-group">
-          <%= link_to('Snippets', dm_cms.admin_cms_snippets_path, class: 'btn btn-default btn-xs') %>
+          <%= link_to('Snippets', dm_cms.admin_cms_snippets_path, class: 'btn btn-default btn-xs') if can? :manage_content, :all %>
           <button class="btn btn-default btn-xs dropdown-toggle" data-toggle="dropdown"><i class="icon-cog"></i> <span class="caret"></span></button>
           <ul class="dropdown-menu dropdown-menu-right icons-right">
             <li>

data/app/views/dm_cms/admin/cms_pages/permissions.html.erb

@@ -0,0 +1,54 @@
+<% content_for :content_title, "Permissions" %>
+<% content_for :content_subtitle, "#{@current_page.title}" %>
+
+<div class="row">
+  <div class="col-md-8">
+    <%= panel body: false, title: "Permissions" do %>
+      <div class="panel-body">
+        <p>The users below can be granted access to this particular page.</p>
+  
+        <% @content_managers_alacarte.each do |user| %>
+          <div class="row">
+            <div class="col-md-12">
+              <%= subsection title: user.full_name do %>
+                <% manage_content_state = user.has_role?(:manage_content, @current_page) ? 'btn-success active' : 'btn-default' %>
+                <%= link_to 'Page Editing',     dm_cms.ajax_toggle_permission_admin_cms_page_path(@current_page, user.id, :manage_content), class: "permission_btn btn btn-xs #{manage_content_state}", role: 'button', remote: true, method: :patch %>
+              <% end %>
+            </div>
+          </div>
+        <% end %>
+      </div>
+
+    <% end %>
+  </div>
+  <div class="col-md-4">
+    <%= panel body: false, title: "Conent Managers" do %>
+      <div class="panel-body">
+        <p>Current users that can fully manage pages</p>
+      </div>
+  
+      <table class="table table-bordered table-condensed table-striped">
+        <tbody>
+          <% @content_managers.each do |user| %>
+            <tr>
+              <td><%= user.full_name %></td>
+            </tr>
+          <% end %>
+        </tbody>
+      </table>
+    <% end %>
+  </div>
+</div>
+<script>
+$(document).ready(function() {
+  $('.permission_btn').on("ajax:success", function(e, content) {
+    if ($(this).is(".active")) {
+      $(this).addClass("btn-default");
+      $(this).removeClass("active").removeClass("btn-success");
+    } else {
+      $(this).addClass("active").addClass("btn-success");
+      $(this).removeClass("btn-default");
+    }
+  });
+});
+</script

data/app/views/dm_cms/admin/cms_pages/show.html.erb

@@ -4,6 +4,14 @@
   <%= page_header_buttons do %>
     <%= link_to icon_label(:new, 'Add Content'), new_content_admin_cms_contentitem_path(@current_page), title: 'Add Content Block', class: 'btn btn-xs btn-default' %>
     <%= link_to icon_label(:view, 'View Page'), url_for("/#{current_account.preferred_default_locale}/#{@current_page.slug}"), title: 'View Page', class: 'btn btn-xs btn-default', target: '_blank' %>
+    <% if can?(:manage_content, :all) %>
+      <div class="btn-group">
+        <button class="btn btn-default btn-xs dropdown-toggle" data-toggle="dropdown"><i class="icon-cog"></i> <span class="caret"></span></button>
+        <ul class="dropdown-menu dropdown-menu-right icons-right">
+          <li><%= link_to label_icon('Permissions', 'icon-lock'), permissions_admin_cms_page_path(@current_page) %></li>
+        </ul>
+      </div>
+    <% end %>
   <% end %>
 <% end %>
 

data/config/routes.rb

@@ -7,11 +7,13 @@ DmCms::Engine.routes.draw do
       get   '/dashboard/widget_blog_comments(/:comment_day)',   controller: 'dashboard', action: :widget_blog_comments, as: :widget_blog_comments
       resources :cms_pages do
         member do
-          get  :new_page
-          post :create_page
-          put  :duplicate_page
-          post :file_tree
-          get :file_tree
+          get   :new_page
+          post  :create_page
+          put   :duplicate_page
+          post  :file_tree
+          get   :file_tree
+          match 'permissions',                           action: 'permissions', via: [:get, :post, :patch]
+          patch 'ajax_toggle_permission/:user_id/:role', action: 'ajax_toggle_permission', as: 'ajax_toggle_permission'
         end
       end
 
@@ -31,6 +33,8 @@ DmCms::Engine.routes.draw do
           get     'blog_users',          action: :blog_users, as: :blog_users
           match   'blog_add_member',     action: :blog_add_member, as: :blog_add_member, via: [:get, :post]
           delete  'blog_delete_member',  action: :blog_delete_member, as: :blog_delete_member
+          match   'permissions',         action: 'permissions', via: [:get, :post, :patch]
+          patch   'ajax_toggle_permission/:user_id/:role', action: 'ajax_toggle_permission', as: 'ajax_toggle_permission'
         end
         resources :cms_posts do
           member do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dm_cms
 version: !ruby/object:Gem::Version
-  version: 4.2.2.1
+  version: 4.2.2.2
 platform: ruby
 authors:
 - Brett Walker
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-29 00:00:00.000000000 Z
+date: 2016-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dm_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.2.2.1
+        version: 4.2.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.2.2.1
+        version: 4.2.2.2
 - !ruby/object:Gem::Dependency
   name: meta-tags-helpers
   requirement: !ruby/object:Gem::Requirement
@@ -111,6 +111,7 @@ files:
 - app/views/dm_cms/admin/cms_blogs/edit.html.erb
 - app/views/dm_cms/admin/cms_blogs/index.html.erb
 - app/views/dm_cms/admin/cms_blogs/new.html.erb
+- app/views/dm_cms/admin/cms_blogs/permissions.html.erb
 - app/views/dm_cms/admin/cms_blogs/show.html.erb
 - app/views/dm_cms/admin/cms_contentitems/_form.html.erb
 - app/views/dm_cms/admin/cms_contentitems/_form_dialog.html.erb
@@ -124,6 +125,7 @@ files:
 - app/views/dm_cms/admin/cms_pages/edit.html.erb
 - app/views/dm_cms/admin/cms_pages/index.html.erb
 - app/views/dm_cms/admin/cms_pages/new_page.html.erb
+- app/views/dm_cms/admin/cms_pages/permissions.html.erb
 - app/views/dm_cms/admin/cms_pages/show.html.erb
 - app/views/dm_cms/admin/cms_posts/_form.html.erb
 - app/views/dm_cms/admin/cms_posts/edit.html.erb