imagine_cms 3.0.0.beta4 → 3.0.0.beta5

data/.gitignore

@@ -1,4 +1,5 @@
 *.gem
 .bundle
 Gemfile.lock
+gems
 pkg/*

data/app/controllers/management/application_controller.rb

@@ -0,0 +1,4 @@
+class Management::ApplicationController < ApplicationController
+  before_filter :authenticate_user
+  layout 'management'
+end

data/app/controllers/management/default_controller.rb

@@ -0,0 +1,6 @@
+class Management::DefaultController < Management::ApplicationController
+  
+  def index
+  end
+  
+end

data/app/controllers/management/user_controller.rb

@@ -0,0 +1,116 @@
+class Management::UserController < Management::ApplicationController
+  skip_before_filter :authenticate_user, :only => [ :login, :logout, :create_first ]
+  
+  ###
+  ### login
+  ###
+  
+  # login page
+  def login
+    if request.post?
+      test = ::User.find_by_username(params[:login][:username]) rescue nil
+      if (test && test.password_hash == User.hash_password(params[:login][:password], test.password_hash[0,16]))
+        if (test.active != 1)
+          flash[:error] = 'Your account has been disabled by an administrator.'
+          redirect_to :action => 'login' and return false
+        end
+        session[:user_authenticated] = true
+      
+        session[:user_id] = test.id
+        session[:user_username] = test.username
+        session[:user_first_name] = test.first_name
+        session[:user_last_name] = test.last_name
+      
+        complete_login(test)
+      
+        if params[:redirect_on_success]
+          redirect_to params[:redirect_on_success] and return
+        else
+          restore_request(test)
+        end
+      else
+        flash[:error] = 'Invalid username or password, please try again.'
+        redirect_to params[:redirect_on_failure] || { :action => 'login' }
+      end
+    end
+  end
+  
+  def complete_login(user)
+  end
+  
+  def restore_request(user)
+    # restore saved request uri & params if they exist
+    if session[:saved_user_uri]
+      uri = session[:saved_user_uri]
+      session[:saved_user_uri] = nil
+      redirect_to uri
+    else
+      return redirect_to_default(user)
+    end
+  end
+  
+  def redirect_to_default(user)
+    redirect_to UserRedirectAfterLogin and return if defined?(UserRedirectAfterLogin)
+    redirect_to :controller => '/manage/default', :action => 'index'
+  end
+  
+  
+  ###
+  ### logout
+  ###
+  
+  def logout
+    complete_logout(User.find_by_id(session[:user_id])) if session[:authenticated]
+    reset_session
+    cookies.delete(:user_auth_status)
+    flash[:notice] = 'You have been logged out of the system.'
+    redirect_to UserRedirectAfterLogout and return if defined?(UserRedirectAfterLogout)
+    redirect_to params[:redirect] and return unless params[:redirect].blank?
+    redirect_to :action => 'login'
+  end
+  
+  def complete_logout(user)
+  end
+  
+  
+  ###
+  ### update profile
+  ###
+  
+  def profile
+    @user = User.find(session[:user_id])
+    
+    if request.post?
+      @user.attributes = @user.attributes.update(params[:user])
+      
+      if @user.save
+        flash[:notice] = 'Your profile has been updated.'
+        redirect_to :action => 'profile' and return true
+      end
+    end
+  end
+  
+  
+  ###
+  ### first time setup
+  ###
+  
+  def create_first
+    redirect_to :action => 'login' and return unless User.list.empty?
+    @user = User.new(params[:user])
+    
+    if request.post?
+      @user.active = true
+      @user.is_superuser = true
+      
+      if @user.save
+        flash[:notice] = 'User created successfully. Please log in now.'
+        redirect_to :controller => 'user', :action => 'login'
+      else
+        @errors = 'The following errors occurred:'
+        @errors = @user.errors.full_messages
+        flash.now[:error] = @errors
+      end
+    end
+  end
+end

data/app/controllers/management/users_controller.rb

@@ -0,0 +1,77 @@
+class Management::UsersController < Management::ApplicationController
+  before_filter :check_permissions, :except => [ :edit ]
+  
+  def check_permissions
+    render :action => 'permission_denied' if !user_has_permission?(:manage_users)
+  end
+  
+  ###
+  ### user list
+  ###
+  
+  def index
+    @users = User.all
+  end
+  
+  def create
+    @user = User.new(params[:user])
+    @user.active = true
+    
+    if request.post?
+      if @user.save
+        flash[:notice] = "User created successfully. Please check the boxes below to set this user's permissions, then click Save when you are done."
+        redirect_to :action => 'edit', :id => @user.id
+      else
+        flash.now[:error] = @user.errors.full_messages
+      end
+    end
+  end
+  
+  def edit
+    @user = authenticate_user
+    unless @user.is_superuser || @user.can_manage_users || @user.id.to_s == params[:id]
+      render :layout => true, :text => "Sorry, you don't have permission to access this section." and return false
+    end
+    
+    @user = User.find(params[:id])
+    
+    if request.post?
+      @user.update_attributes(params[:user])
+      
+      if @user.save
+        flash[:notice] = 'User updated successfully. Please note that the user must log out and log back in for permission changes to take effect.'
+        user = authenticate_user
+        if user.is_superuser || user.can_manage_users
+          redirect_to :action => 'index'
+        else
+          redirect_to :controller => '/manage/default', :action => 'index'
+        end
+      else
+        flash.now[:error] = @user.errors.full_messages
+      end
+    end
+  end
+  
+  def disable
+    @user = User.find(params[:id])
+    @user.active = false
+    @user.save
+    flash[:notice] = 'Login privileges have been suspended for ' + @user.username + '.'
+    redirect_to :action => 'index'
+  end
+  
+  def enable
+    @user = User.find(params[:id])
+    @user.active = true
+    @user.save
+    flash[:notice] = 'Login privileges for ' + @user.username + ' have been restored.'
+    redirect_to :action => 'index'
+  end
+  
+  def destroy
+    @user = User.find(params[:id])
+    flash[:notice] = @user.username + ' has been removed from the system.'
+    @user.destroy
+    redirect_to :action => 'index'
+  end
+end

data/app/helpers/cms_application_helper.rb

@@ -88,21 +88,52 @@ module CmsApplicationHelper
   
   # Similar to button_to, but takes a url for a button image as its first argument.
   def image_button_to(source, options = {}, html_options = {})
-    html_options.stringify_keys!
-    html_options[:type] = 'image'
-    html_options[:src] = image_path(source)
+    # html_options.stringify_keys!
+    # html_options[:type] = 'image'
+    # html_options[:src] = image_path(source)
+    # 
+    # convert_boolean_attributes!(html_options, %w( disabled ))
+    # 
+    # if confirm = html_options.delete("confirm")
+    #   html_options["onclick"] = "return #{confirm_javascript_function(confirm)};"
+    # end
+    # 
+    # url = options.is_a?(String) ? options : url_for(options)
+    # name ||= url
+    # 
+    # "<form method=\"post\" action=\"#{h url}\" class=\"image-button-to\"><div>" +
+    #   tag("input", html_options) + "</div></form>"
+    html_options = html_options.stringify_keys
     
     convert_boolean_attributes!(html_options, %w( disabled ))
-    
-    if confirm = html_options.delete("confirm")
-      html_options["onclick"] = "return #{confirm_javascript_function(confirm)};"
+
+    method_tag = ''
+    if (method = html_options.delete('method')) && %w{put delete}.include?(method.to_s)
+      method_tag = tag('input', :type => 'hidden', :name => '_method', :value => method.to_s)
     end
-    
-    url = options.is_a?(String) ? options : url_for(options)
+
+    form_method = method.to_s == 'get' ? 'get' : 'post'
+    form_options = html_options.delete('form') || {}
+    form_options[:class] ||= html_options.delete('form_class') || 'button_to'
+
+    remote = html_options.delete('remote')
+
+    request_token_tag = ''
+    if form_method == 'post' && protect_against_forgery?
+      request_token_tag = tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token)
+    end
+
+    url = options.is_a?(String) ? options : self.url_for(options)
     name ||= url
-    
-    "<form method=\"post\" action=\"#{h url}\" class=\"image-button-to\"><div>" +
-      tag("input", html_options) + "</div></form>"
+
+    html_options = convert_options_to_data_attributes(options, html_options)
+
+    html_options.merge!("type" => "image", "value" => name, "src" => image_path(source))
+
+    form_options.merge!(:method => form_method, :action => url, :class => "image-button-to")
+    form_options.merge!("data-remote" => "true") if remote
+
+    "#{tag(:form, form_options, true)}<div>#{method_tag}#{tag("input", html_options)}#{request_token_tag}</div></form>".html_safe
   end
   
   # Similar to submit_to_remote, but takes a url for a button image as its

data/app/models/user.rb

@@ -0,0 +1,49 @@
+class User < ActiveRecord::Base # :nodoc:
+  require 'dynamic_methods'
+  include DynamicMethods
+  
+  attr_reader :password # :nodoc:
+  
+  has_and_belongs_to_many :groups, :class_name => 'UserGroup', :join_table => 'user_group_memberships'
+  
+  validates_presence_of [ :username, :password, :first_name, :last_name ], :message => 'is required'
+  validates_length_of :password, :minimum => 4
+  validates_uniqueness_of :username, :message => 'already in use'
+  validates_confirmation_of :password
+  
+  def name ; [self.first_name, self.last_name].compact.join(" ") ; end
+  
+  SaltLength = 16 # :nodoc:
+  
+  def password=(val) # :nodoc:
+    @password = val
+    self.password_hash = User.hash_password(val) if (val ||= "") != ""
+  end
+  
+  def self.hash_password(val, salt = '') # :nodoc:
+    require 'digest/sha1'
+    
+    # create the salt if we need to
+    if salt.length != SaltLength
+      salt = ''
+      allowed_chars = (('a'..'f').to_a).concat(('0'..'9').to_a)
+      SaltLength.times do
+        salt << allowed_chars[rand(allowed_chars.length)]
+      end
+    end
+    
+    # now, let the hashing begin
+    digest = Digest::SHA1.new
+    digest << salt << val
+    salt << digest.hexdigest
+  end
+  
+  def before_validation_on_update # :nodoc:
+    # if password is blank, user is not trying to change it.
+    # just appease the validator by setting something valid
+    if ((@password ||= "") == "")
+      @password = "imapassword" 
+      @password_confirmation = "imapassword" 
+    end
+  end
+end

data/app/views/layouts/management.html.erb

@@ -0,0 +1,60 @@
+<%-
+  @nav_sections = []
+  @subnav_sections = []
+  
+  if is_logged_in_user?
+    @nav_sections << [ 'Users', { :controller => '/manage/users' } ] if user_has_permission?(:manage_users)
+  end
+-%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <title><%= controller.controller_path.split('/').concat([ params[:action] ]).map { |s| s.titlecase }.join(' > ') %></title>
+    <%= stylesheet_link_tag    "application", :media => "all" %>
+    <%= stylesheet_link_tag    "manage", :media => "all" %>
+    <%#= stylesheet_link_tag 'print', :media => 'print' %>
+    <%= javascript_include_tag "application" %>
+    <%= csrf_meta_tag %>
+  </head>
+  
+  <body<%= @onload.blank? ? '' : " onload=\"#{@onload}\"" %>>
+    <table cellpadding="0" cellspacing="0" border="0" width="100%" class="noprint">
+      <tr height="35" bgcolor="#4D4D4D">
+        <td style="padding: 7px 15px 0 15px; border-bottom: solid #ffffff 1px; color: white">
+        <%- if is_logged_in_user? -%>
+          <!-- Header Navigation -->
+          <div style="float: left; padding-top: 2px;">
+            <a href="/manage"><img src="/assets/manage/start.gif" width="44" height="14" alt="Start" /></a>
+          </div>
+          <div style="float: left; padding-left: 20px;">
+            <%= raw @nav_sections.map { |nav| link_to(nav[0], nav[1], :style => 'color: white') }.join(' | ') %>
+          </div>
+          <div style="float: right">
+            <%= link_to 'Change password', { :controller => '/manage/users', :action => 'edit', :id => session[:user_id] }, :style => 'color: white'%> |
+            <%= link_to 'Log out', { :controller => '/manage/user', :action => 'logout' }, :style => 'color: white' %>
+          </div>
+        <%- end -%>
+        </td>
+      </tr>
+      <%- unless @subnav_sections.blank? -%>
+      <tr height="30" bgcolor="#777777">
+        <td style="padding: 7px 15px 0 15px; border-bottom: solid #ffffff 1px; color: white">
+          <!-- Header Navigation -->
+          <div style="float: left; padding-left: 20px;">
+            <%= @subnav_sections.map { |nav| link_to(nav[0], nav[1], :style => 'color: white') }.join(' | ') %>
+          </div>
+          <div style="float: right">
+          </div>
+        </td>
+      </tr>
+      <%- end -%>
+    </table>
+    
+    <div id="management-content" style="padding: 15px 10px 1px 15px">
+      <!-- Main Content -->
+      <%= yield %>
+    </div>
+  </body>
+</html>

data/app/views/management/default/index.html.erb

@@ -0,0 +1,15 @@
+<%-
+  @nav_sections = []
+  
+  if is_logged_in_user?
+    @nav_sections << [ 'Users', { :controller => '/manage/users' } ] if user_has_permission?(:manage_users)
+  end
+-%>
+
+<ul>
+  <li>
+  <%= (@nav_sections.map { |nav| link_to(nav[0], nav[1]) }.safe_join('</li><li>')) %>
+  </li>
+</ul>
+
+<p>You should override this page in your own application.</p>

data/app/views/management/user/create_first.html.erb

@@ -0,0 +1,36 @@
+<%= flash_message %>
+
+<%= form_tag do %>
+<table>
+  <tr>
+    <td>First name:</td>
+    <td><%= text_field :user, :first_name %></td>
+  </tr>
+  
+  <tr>
+    <td>Last name:</td>
+    <td><%= text_field :user, :last_name %></td>
+  </tr>
+  
+  <tr>
+    <td>Username:</td>
+    <td><%= text_field :user, :username %></td>
+  </tr>
+  <tr>
+    <td>Email Address:</td>
+    <td><%= text_field :user, :email_address %></td>
+  </tr>
+  <tr>
+    <td>Password:</td>
+    <td><%= password_field :user, :password %></td>
+  </tr>
+  <tr>
+    <td>Confirm:</td>
+    <td><%= password_field :user, :password_confirmation %></td>
+  </tr>
+  <tr>
+    <td></td>
+    <td><%= submit_tag 'Create' %></td>
+  </tr>
+</table>
+<% end %>

data/app/views/management/user/login.html.erb

@@ -0,0 +1,20 @@
+<%= flash_message %>
+
+<%= form_tag({}, { :name => 'login_form' }) do %>
+<table>
+  <tr>
+    <td align="right">Username:</td>
+    <td><%= text_field :login, :username, { :class => 'form' } %></td>
+  </tr>
+  <tr>
+    <td align="right">Password:</td>
+    <td><%= password_field :login, :password, { :class => 'form' } %></td>
+  </tr>
+  <tr>
+    <td></td>
+    <td><%= submit_tag 'Login', :class => 'form_button' %></td>
+  </tr>
+</table>
+<% end %>
+
+<%= javascript_tag "try { document.forms['login_form'].elements['login_username'].focus(); } catch (e) {}" %>

data/app/views/management/users/create.html.erb

@@ -0,0 +1,37 @@
+<h2>Create New User</h2><br/>
+
+<%= flash_message %>
+
+<%= form_tag do %>
+<table>
+  <tr>
+    <td>First name:</td>
+    <td><%= text_field :user, :first_name %></td>
+  </tr>
+  <tr>
+    <td>Last name:</td>
+    <td><%= text_field :user, :last_name %></td>
+  </tr>
+  <tr>
+    <td>Email address:</td>
+    <td><%= text_field :user, :email_address %></td>
+  </tr>
+  
+  <tr>
+    <td>Username:</td>
+    <td><%= text_field :user, :username %></td>
+  </tr>
+  <tr>
+    <td>Password:</td>
+    <td><%= password_field :user, :password %></td>
+  </tr>
+  <tr>
+    <td>Confirm:</td>
+    <td><%= password_field :user, :password_confirmation %></td>
+  </tr>
+  <tr>
+    <td></td>
+    <td><%= submit_tag 'Create', :class => 'form_button' %></td>
+  </tr>
+</table>
+<% end -%>

data/app/views/management/users/edit.html.erb

@@ -0,0 +1,70 @@
+<%= flash_message %>
+
+<%= form_tag do %>
+<table>
+  <tr>
+    <td>First name:</td>
+    <td><%= text_field :user, :first_name %></td>
+  </tr>
+  <tr>
+    <td>Last name:</td>
+    <td><%= text_field :user, :last_name %></td>
+  </tr>
+  <tr>
+    <td>Email address:</td>
+    <td><%= text_field :user, :email_address %></td>
+  </tr>
+  
+  <tr>
+    <td>Username:</td>
+    <td><%= text_field :user, :username %></td>
+  </tr>
+  <tr>
+    <td>New Password:</td>
+    <td><%= password_field :user, :password %></td>
+  </tr>
+  <tr>
+    <td>Confirm:</td>
+    <td><%= password_field :user, :password_confirmation %></td>
+  </tr>
+  
+  <tr>
+    <td>Administrator:</td>
+    <td><%= check_box :user, :is_superuser %></td>
+  </tr>
+  
+  <tr>
+    <td colspan="2">-- OR -- </td>
+  </tr>
+  
+  <tr>
+    <td>Manage Restaurants:</td>
+    <td><%= check_box :user, :can_manage_restaurants %></td>
+  </tr>
+  <tr>
+    <td>Manage Recipes:</td>
+    <td><%= check_box :user, :can_manage_recipes %></td>
+  </tr>
+  <tr>
+    <td>Manage Blog Posts:</td>
+    <td><%= check_box :user, :can_manage_blog %></td>
+  </tr>
+  <tr>
+    <td>Manage Requests:</td>
+    <td><%= check_box :user, :can_manage_reqs %></td>
+  </tr>
+  <tr>
+    <td>Manage Members:</td>
+    <td><%= check_box :user, :can_manage_members %></td>
+  </tr>
+  <tr>
+    <td>Manage Users:</td>
+    <td><%= check_box :user, :can_manage_users %></td>
+  </tr>
+  
+  <tr>
+    <td></td>
+    <td><%= submit_tag 'Update' %> or <%= link_to 'Cancel', :action => 'index' %></td>
+  </tr>
+</table>
+<% end %>

data/app/views/management/users/index.html.erb

@@ -0,0 +1,26 @@
+<h2>Manage Users</h2><br/>
+
+<%= link_to raw('Create a new user &raquo;'), :action => 'create' %>
+
+<%= flash_message %>
+
+<table cellspacing="3" cellpadding="1" border="0" width="95%">
+  <tr>
+    <td bgcolor="#dedede" width="26%"><b>USERNAME</b></td>
+    <td bgcolor="#dedede" width="22%"><b>FIRST NAME</b></td>
+    <td bgcolor="#dedede" width="22%"><b>LAST NAME</b></td>
+    <td bgcolor="#dedede" width="10%"><b>Active?</b></td>
+    <td bgcolor="#dedede" width="10%">&nbsp;</td>
+    <td bgcolor="#dedede" width="10%">&nbsp;</td>
+  </tr>
+  <% for u in @users %>
+  <tr>
+    <td><%= link_to u.username, :action => 'edit', :id => u %></td>
+    <td><%= u.first_name %></td>
+    <td><%= u.last_name %></td>
+    <td><%= u.active ? 'Y' : 'N' %>
+    <td><%= button_to((u.active ? 'Disable' : 'Enable'), { :action => (u.active ? 'disable' : 'enable'), :id => u}, { :class => 'form_button' }) if u.username != session[:user_username] %></td>
+    <td><%= button_to('Delete', { :action => 'destroy', :id => u }, { :confirm => 'Are you sure you want to delete ' + u.username + '?', :class => 'form_button' }) if u.username != session[:user_username] %></td>
+  </tr>
+  <% end %>
+</table><br/>

data/app/views/management/users/permission_denied.html.erb

@@ -0,0 +1 @@
+Sorry, you don't have permission to manage users.

data/imagine_cms.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
   
-  s.add_dependency "rails",               "~> 3.2.3"
+  s.add_dependency "rails",               "~> 3.2.5"
   s.add_dependency "mini_magick",         "~> 3.4"
   s.add_dependency "net-dns",             "~> 0.6.1"
 end

data/lib/extensions/action_controller.rb

@@ -4,6 +4,76 @@ module ActionControllerExtensions
   
   module InstanceMethods
     
+    # Saves the current request to the session so that it can be replayed later
+    # (for example, after authentication). Only params of type String, Hash and
+    # Array will be saved. save_request is called in a before_filter in
+    # application.rb.
+    #
+    # Two levels of saved params are required so that params can be unsaved in
+    # the event of a 404 or other event that would make the current param set an
+    # unlikely or undesirable candidate for replaying.
+    def save_user_request
+      return if params[:action] == 'login'
+      
+      session[:old_saved_user_uri] = session[:saved_user_uri];
+      session[:old_saved_user_params] = session[:saved_user_params] || {};
+      saved_params = params.reject { |k, v| !(v.kind_of?(String) || v.kind_of?(Hash) || v.kind_of?(Array)) }
+      saved_params.each { |key, val| saved_params[key] = val.reject { |k, v| !(v.kind_of?(String) || v.kind_of?(Hash) || v.kind_of?(Array)) } if val.kind_of?(Hash) }
+      session[:saved_user_uri] = request.url
+      session[:saved_user_params] = saved_params
+    end
+    
+    # Returns a User object corresponding to the currently logged in user, or returns false
+    # and redirects to the login page if not logged in.
+    def authenticate_user
+      # if user is not logged in, record the current request and redirect
+      if !session[:user_authenticated]
+        if User.find(:all).size == 0
+          flash[:notice] = 'No users exist in the system. Please create one now.'
+          redirect_to :controller => '/management/user', :action => 'create_first'
+        else
+          flash[:notice] = 'This is an admin-only function. To continue, please log in.'
+          save_user_request
+          redirect_to :controller => '/management/user', :action => 'login'
+        end
+        
+        return false
+      end
+      
+      @user = User.find(session[:user_id]) rescue nil
+      session[:user_is_superuser] = @user.is_superuser rescue nil
+      
+      @user
+    end
+    
+    # Takes a symbol/string or array of symbols/strings and returns true if user has all
+    # of the named permissions.
+    #
+    # Result is stored in the session to speed up future checks.
+    def user_has_permissions?(*permission_set)
+      return false if !(@user ||= authenticate_user)
+      
+      if !permission_set.is_a? Array
+        permission_set = [ permission_set ]
+      end
+      
+      if session[:user_is_superuser]
+        for perm in permission_set
+          perm = perm.to_s
+          session[('user_can_' + perm).to_sym] ||= true
+        end
+        return true
+      end
+      
+      for perm in permission_set
+        perm = perm.to_s
+        session[('user_can_' + perm).to_sym] = @user.send('can_' + perm)
+        # logger.debug "user_can_#{perm} = #{@user.send('can_' + perm)}"
+        return session[('user_can_' + perm).to_sym]
+      end
+    end
+    alias :user_has_permission? :user_has_permissions?
+    
     # Determines whether the input string is a valid email address per RFC specification
     def valid_email_address?(addr, perform_mx_lookup = false)
       valid = true
@@ -29,7 +99,7 @@ module ActionControllerExtensions
     ### COMPAT: convert_content_path
     def convert_content_path
       logger.debug "DEPRECATION WARNING: convert_content_path called"
-      params[:content_path] = params[:content_path].to_s.split('/')
+      params[:content_path] = params[:content_path].to_s.split('/') rescue []
     end
     
     ### COMPAT - template_exists?
@@ -52,5 +122,48 @@ module ActionControllerExtensions
       logger.error(e)
     end
     
+    # Convert from GMT/UTC to local time (based on time zone setting in session[:time_zone])
+    def gm_to_local(time)
+      ActiveSupport::TimeZone.new(session[:time_zone] || 'UTC').utc_to_local(time)
+    end
+    
+    # Convert from local time to GMT/UTC (based on time zone setting in session[:time_zone])
+    def local_to_gm(time)
+      ActiveSupport::TimeZone.new(session[:time_zone] || 'UTC').local_to_utc(time)
+    end
+    
+    # Convert a time object into a formatted date/time string
+    def ts_to_str(ts)
+      return '' if ts == nil
+      gm_to_local(ts).strftime('%a %b %d, %Y') + ' at ' +
+        gm_to_local(ts).strftime('%I:%M%p').downcase + ' ' + (session[:time_zone_abbr] || '')
+    end
+    
+    # Convert a time object into a formatted time string (no date)
+    def ts_to_time_str(ts)
+      return '' if ts == nil
+      gm_to_local(ts).strftime('%I:%M:%S%p').downcase
+    end
+    
+    # Convert times to a standard format (e.g. 1:35pm)
+    def time_to_str(t, convert = true)
+      return '' if t == nil
+      if convert
+        gm_to_local(t).strftime("%I").to_i.to_s + gm_to_local(t).strftime(":%M%p").downcase
+      else
+        t.strftime("%I").to_i.to_s + t.strftime(":%M%p").downcase
+      end
+    end
+    
+    # Convert times to a standard format (e.g. 1:35pm)
+    def date_to_str(t, convert = true)
+      return '' if t == nil
+      if convert
+        gm_to_local(t).strftime("%m").to_i.to_s + '/' + gm_to_local(t).strftime("%d").to_i.to_s + gm_to_local(t).strftime("/%Y")
+      else
+        t.strftime("%m").to_i.to_s + '/' + t.strftime("%d").to_i.to_s + t.strftime("/%Y")
+      end
+    end
+    
   end
 end

data/lib/imagine_cms/engine.rb

@@ -28,8 +28,16 @@ module ImagineCms
       include ActionControllerExtensions::InstanceMethods
       
       helper CmsApplicationHelper
+      helper_method :user_has_permission?
+      helper_method :user_has_permissions?
       helper_method :template_exists?
       helper_method :url_for_current
+      helper_method :gm_to_local
+      helper_method :local_to_gm
+      helper_method :ts_to_str
+      helper_method :ts_to_time_str
+      helper_method :time_to_str
+      helper_method :date_to_str
       
       # before_filter :create_settings_object, :set_default_session_values, :check_ssl_requirement, :expire_session_data
       # after_filter :compress_output    

data/lib/imagine_cms/version.rb

@@ -1,3 +1,3 @@
 module ImagineCms
-  VERSION = "3.0.0.beta4"
+  VERSION = "3.0.0.beta5"
 end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification 
 name: imagine_cms
 version: !ruby/object:Gem::Version 
-  hash: 62196427
+  hash: 2653956547
   prerelease: 6
   segments: 
   - 3
   - 0
   - 0
   - beta
-  - 4
-  version: 3.0.0.beta4
+  - 5
+  version: 3.0.0.beta5
 platform: ruby
 authors: 
 - Aaron Namba
@@ -17,7 +17,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-04-29 00:00:00 Z
+date: 2012-06-05 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rails
@@ -27,12 +27,12 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 9
+        hash: 5
         segments: 
         - 3
         - 2
-        - 3
-        version: 3.2.3
+        - 5
+        version: 3.2.5
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
@@ -80,10 +80,26 @@ files:
 - Gemfile
 - README.rdoc
 - Rakefile
+- app/assets/manage/btn_delete.gif
+- app/assets/manage/bullet.gif
+- app/assets/manage/start.gif
 - app/controllers/cms/content_controller.rb
+- app/controllers/management/application_controller.rb
+- app/controllers/management/default_controller.rb
+- app/controllers/management/user_controller.rb
+- app/controllers/management/users_controller.rb
 - app/helpers/cms_application_helper.rb
+- app/models/user.rb
 - app/views/errors/404.html.erb
 - app/views/errors/permission_denied.html.erb
+- app/views/layouts/management.html.erb
+- app/views/management/default/index.html.erb
+- app/views/management/user/create_first.html.erb
+- app/views/management/user/login.html.erb
+- app/views/management/users/create.html.erb
+- app/views/management/users/edit.html.erb
+- app/views/management/users/index.html.erb
+- app/views/management/users/permission_denied.html.erb
 - config/routes.rb
 - doc/Gemfile.html
 - doc/ImagineCms.html