imagine_cms 3.0.0.beta4 → 3.0.0.beta5
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +1 -0
- data/app/assets/manage/btn_delete.gif +0 -0
- data/app/assets/manage/bullet.gif +0 -0
- data/app/assets/manage/start.gif +0 -0
- data/app/controllers/management/application_controller.rb +4 -0
- data/app/controllers/management/default_controller.rb +6 -0
- data/app/controllers/management/user_controller.rb +116 -0
- data/app/controllers/management/users_controller.rb +77 -0
- data/app/helpers/cms_application_helper.rb +42 -11
- data/app/models/user.rb +49 -0
- data/app/views/layouts/management.html.erb +60 -0
- data/app/views/management/default/index.html.erb +15 -0
- data/app/views/management/user/create_first.html.erb +36 -0
- data/app/views/management/user/login.html.erb +20 -0
- data/app/views/management/users/create.html.erb +37 -0
- data/app/views/management/users/edit.html.erb +70 -0
- data/app/views/management/users/index.html.erb +26 -0
- data/app/views/management/users/permission_denied.html.erb +1 -0
- data/imagine_cms.gemspec +1 -1
- data/lib/extensions/action_controller.rb +114 -1
- data/lib/imagine_cms/engine.rb +8 -0
- data/lib/imagine_cms/version.rb +1 -1
- metadata +23 -7
Binary file
|
Binary file
|
Binary file
|
@@ -0,0 +1,116 @@
|
|
1
|
+
class Management::UserController < Management::ApplicationController
|
2
|
+
skip_before_filter :authenticate_user, :only => [ :login, :logout, :create_first ]
|
3
|
+
|
4
|
+
###
|
5
|
+
### login
|
6
|
+
###
|
7
|
+
|
8
|
+
# login page
|
9
|
+
def login
|
10
|
+
if request.post?
|
11
|
+
test = ::User.find_by_username(params[:login][:username]) rescue nil
|
12
|
+
if (test && test.password_hash == User.hash_password(params[:login][:password], test.password_hash[0,16]))
|
13
|
+
if (test.active != 1)
|
14
|
+
flash[:error] = 'Your account has been disabled by an administrator.'
|
15
|
+
redirect_to :action => 'login' and return false
|
16
|
+
end
|
17
|
+
session[:user_authenticated] = true
|
18
|
+
|
19
|
+
session[:user_id] = test.id
|
20
|
+
session[:user_username] = test.username
|
21
|
+
session[:user_first_name] = test.first_name
|
22
|
+
session[:user_last_name] = test.last_name
|
23
|
+
|
24
|
+
complete_login(test)
|
25
|
+
|
26
|
+
if params[:redirect_on_success]
|
27
|
+
redirect_to params[:redirect_on_success] and return
|
28
|
+
else
|
29
|
+
restore_request(test)
|
30
|
+
end
|
31
|
+
else
|
32
|
+
flash[:error] = 'Invalid username or password, please try again.'
|
33
|
+
redirect_to params[:redirect_on_failure] || { :action => 'login' }
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def complete_login(user)
|
39
|
+
end
|
40
|
+
|
41
|
+
def restore_request(user)
|
42
|
+
# restore saved request uri & params if they exist
|
43
|
+
if session[:saved_user_uri]
|
44
|
+
uri = session[:saved_user_uri]
|
45
|
+
session[:saved_user_uri] = nil
|
46
|
+
redirect_to uri
|
47
|
+
else
|
48
|
+
return redirect_to_default(user)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def redirect_to_default(user)
|
53
|
+
redirect_to UserRedirectAfterLogin and return if defined?(UserRedirectAfterLogin)
|
54
|
+
redirect_to :controller => '/manage/default', :action => 'index'
|
55
|
+
end
|
56
|
+
|
57
|
+
|
58
|
+
###
|
59
|
+
### logout
|
60
|
+
###
|
61
|
+
|
62
|
+
def logout
|
63
|
+
complete_logout(User.find_by_id(session[:user_id])) if session[:authenticated]
|
64
|
+
reset_session
|
65
|
+
cookies.delete(:user_auth_status)
|
66
|
+
flash[:notice] = 'You have been logged out of the system.'
|
67
|
+
redirect_to UserRedirectAfterLogout and return if defined?(UserRedirectAfterLogout)
|
68
|
+
redirect_to params[:redirect] and return unless params[:redirect].blank?
|
69
|
+
redirect_to :action => 'login'
|
70
|
+
end
|
71
|
+
|
72
|
+
def complete_logout(user)
|
73
|
+
end
|
74
|
+
|
75
|
+
|
76
|
+
###
|
77
|
+
### update profile
|
78
|
+
###
|
79
|
+
|
80
|
+
def profile
|
81
|
+
@user = User.find(session[:user_id])
|
82
|
+
|
83
|
+
if request.post?
|
84
|
+
@user.attributes = @user.attributes.update(params[:user])
|
85
|
+
|
86
|
+
if @user.save
|
87
|
+
flash[:notice] = 'Your profile has been updated.'
|
88
|
+
redirect_to :action => 'profile' and return true
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
|
94
|
+
###
|
95
|
+
### first time setup
|
96
|
+
###
|
97
|
+
|
98
|
+
def create_first
|
99
|
+
redirect_to :action => 'login' and return unless User.list.empty?
|
100
|
+
@user = User.new(params[:user])
|
101
|
+
|
102
|
+
if request.post?
|
103
|
+
@user.active = true
|
104
|
+
@user.is_superuser = true
|
105
|
+
|
106
|
+
if @user.save
|
107
|
+
flash[:notice] = 'User created successfully. Please log in now.'
|
108
|
+
redirect_to :controller => 'user', :action => 'login'
|
109
|
+
else
|
110
|
+
@errors = 'The following errors occurred:'
|
111
|
+
@errors = @user.errors.full_messages
|
112
|
+
flash.now[:error] = @errors
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
class Management::UsersController < Management::ApplicationController
|
2
|
+
before_filter :check_permissions, :except => [ :edit ]
|
3
|
+
|
4
|
+
def check_permissions
|
5
|
+
render :action => 'permission_denied' if !user_has_permission?(:manage_users)
|
6
|
+
end
|
7
|
+
|
8
|
+
###
|
9
|
+
### user list
|
10
|
+
###
|
11
|
+
|
12
|
+
def index
|
13
|
+
@users = User.all
|
14
|
+
end
|
15
|
+
|
16
|
+
def create
|
17
|
+
@user = User.new(params[:user])
|
18
|
+
@user.active = true
|
19
|
+
|
20
|
+
if request.post?
|
21
|
+
if @user.save
|
22
|
+
flash[:notice] = "User created successfully. Please check the boxes below to set this user's permissions, then click Save when you are done."
|
23
|
+
redirect_to :action => 'edit', :id => @user.id
|
24
|
+
else
|
25
|
+
flash.now[:error] = @user.errors.full_messages
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def edit
|
31
|
+
@user = authenticate_user
|
32
|
+
unless @user.is_superuser || @user.can_manage_users || @user.id.to_s == params[:id]
|
33
|
+
render :layout => true, :text => "Sorry, you don't have permission to access this section." and return false
|
34
|
+
end
|
35
|
+
|
36
|
+
@user = User.find(params[:id])
|
37
|
+
|
38
|
+
if request.post?
|
39
|
+
@user.update_attributes(params[:user])
|
40
|
+
|
41
|
+
if @user.save
|
42
|
+
flash[:notice] = 'User updated successfully. Please note that the user must log out and log back in for permission changes to take effect.'
|
43
|
+
user = authenticate_user
|
44
|
+
if user.is_superuser || user.can_manage_users
|
45
|
+
redirect_to :action => 'index'
|
46
|
+
else
|
47
|
+
redirect_to :controller => '/manage/default', :action => 'index'
|
48
|
+
end
|
49
|
+
else
|
50
|
+
flash.now[:error] = @user.errors.full_messages
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def disable
|
56
|
+
@user = User.find(params[:id])
|
57
|
+
@user.active = false
|
58
|
+
@user.save
|
59
|
+
flash[:notice] = 'Login privileges have been suspended for ' + @user.username + '.'
|
60
|
+
redirect_to :action => 'index'
|
61
|
+
end
|
62
|
+
|
63
|
+
def enable
|
64
|
+
@user = User.find(params[:id])
|
65
|
+
@user.active = true
|
66
|
+
@user.save
|
67
|
+
flash[:notice] = 'Login privileges for ' + @user.username + ' have been restored.'
|
68
|
+
redirect_to :action => 'index'
|
69
|
+
end
|
70
|
+
|
71
|
+
def destroy
|
72
|
+
@user = User.find(params[:id])
|
73
|
+
flash[:notice] = @user.username + ' has been removed from the system.'
|
74
|
+
@user.destroy
|
75
|
+
redirect_to :action => 'index'
|
76
|
+
end
|
77
|
+
end
|
@@ -88,21 +88,52 @@ module CmsApplicationHelper
|
|
88
88
|
|
89
89
|
# Similar to button_to, but takes a url for a button image as its first argument.
|
90
90
|
def image_button_to(source, options = {}, html_options = {})
|
91
|
-
html_options.stringify_keys!
|
92
|
-
html_options[:type] = 'image'
|
93
|
-
html_options[:src] = image_path(source)
|
91
|
+
# html_options.stringify_keys!
|
92
|
+
# html_options[:type] = 'image'
|
93
|
+
# html_options[:src] = image_path(source)
|
94
|
+
#
|
95
|
+
# convert_boolean_attributes!(html_options, %w( disabled ))
|
96
|
+
#
|
97
|
+
# if confirm = html_options.delete("confirm")
|
98
|
+
# html_options["onclick"] = "return #{confirm_javascript_function(confirm)};"
|
99
|
+
# end
|
100
|
+
#
|
101
|
+
# url = options.is_a?(String) ? options : url_for(options)
|
102
|
+
# name ||= url
|
103
|
+
#
|
104
|
+
# "<form method=\"post\" action=\"#{h url}\" class=\"image-button-to\"><div>" +
|
105
|
+
# tag("input", html_options) + "</div></form>"
|
106
|
+
html_options = html_options.stringify_keys
|
94
107
|
|
95
108
|
convert_boolean_attributes!(html_options, %w( disabled ))
|
96
|
-
|
97
|
-
|
98
|
-
|
109
|
+
|
110
|
+
method_tag = ''
|
111
|
+
if (method = html_options.delete('method')) && %w{put delete}.include?(method.to_s)
|
112
|
+
method_tag = tag('input', :type => 'hidden', :name => '_method', :value => method.to_s)
|
99
113
|
end
|
100
|
-
|
101
|
-
|
114
|
+
|
115
|
+
form_method = method.to_s == 'get' ? 'get' : 'post'
|
116
|
+
form_options = html_options.delete('form') || {}
|
117
|
+
form_options[:class] ||= html_options.delete('form_class') || 'button_to'
|
118
|
+
|
119
|
+
remote = html_options.delete('remote')
|
120
|
+
|
121
|
+
request_token_tag = ''
|
122
|
+
if form_method == 'post' && protect_against_forgery?
|
123
|
+
request_token_tag = tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token)
|
124
|
+
end
|
125
|
+
|
126
|
+
url = options.is_a?(String) ? options : self.url_for(options)
|
102
127
|
name ||= url
|
103
|
-
|
104
|
-
|
105
|
-
|
128
|
+
|
129
|
+
html_options = convert_options_to_data_attributes(options, html_options)
|
130
|
+
|
131
|
+
html_options.merge!("type" => "image", "value" => name, "src" => image_path(source))
|
132
|
+
|
133
|
+
form_options.merge!(:method => form_method, :action => url, :class => "image-button-to")
|
134
|
+
form_options.merge!("data-remote" => "true") if remote
|
135
|
+
|
136
|
+
"#{tag(:form, form_options, true)}<div>#{method_tag}#{tag("input", html_options)}#{request_token_tag}</div></form>".html_safe
|
106
137
|
end
|
107
138
|
|
108
139
|
# Similar to submit_to_remote, but takes a url for a button image as its
|
data/app/models/user.rb
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
class User < ActiveRecord::Base # :nodoc:
|
2
|
+
require 'dynamic_methods'
|
3
|
+
include DynamicMethods
|
4
|
+
|
5
|
+
attr_reader :password # :nodoc:
|
6
|
+
|
7
|
+
has_and_belongs_to_many :groups, :class_name => 'UserGroup', :join_table => 'user_group_memberships'
|
8
|
+
|
9
|
+
validates_presence_of [ :username, :password, :first_name, :last_name ], :message => 'is required'
|
10
|
+
validates_length_of :password, :minimum => 4
|
11
|
+
validates_uniqueness_of :username, :message => 'already in use'
|
12
|
+
validates_confirmation_of :password
|
13
|
+
|
14
|
+
def name ; [self.first_name, self.last_name].compact.join(" ") ; end
|
15
|
+
|
16
|
+
SaltLength = 16 # :nodoc:
|
17
|
+
|
18
|
+
def password=(val) # :nodoc:
|
19
|
+
@password = val
|
20
|
+
self.password_hash = User.hash_password(val) if (val ||= "") != ""
|
21
|
+
end
|
22
|
+
|
23
|
+
def self.hash_password(val, salt = '') # :nodoc:
|
24
|
+
require 'digest/sha1'
|
25
|
+
|
26
|
+
# create the salt if we need to
|
27
|
+
if salt.length != SaltLength
|
28
|
+
salt = ''
|
29
|
+
allowed_chars = (('a'..'f').to_a).concat(('0'..'9').to_a)
|
30
|
+
SaltLength.times do
|
31
|
+
salt << allowed_chars[rand(allowed_chars.length)]
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
# now, let the hashing begin
|
36
|
+
digest = Digest::SHA1.new
|
37
|
+
digest << salt << val
|
38
|
+
salt << digest.hexdigest
|
39
|
+
end
|
40
|
+
|
41
|
+
def before_validation_on_update # :nodoc:
|
42
|
+
# if password is blank, user is not trying to change it.
|
43
|
+
# just appease the validator by setting something valid
|
44
|
+
if ((@password ||= "") == "")
|
45
|
+
@password = "imapassword"
|
46
|
+
@password_confirmation = "imapassword"
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
<%-
|
2
|
+
@nav_sections = []
|
3
|
+
@subnav_sections = []
|
4
|
+
|
5
|
+
if is_logged_in_user?
|
6
|
+
@nav_sections << [ 'Users', { :controller => '/manage/users' } ] if user_has_permission?(:manage_users)
|
7
|
+
end
|
8
|
+
-%>
|
9
|
+
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
10
|
+
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
11
|
+
|
12
|
+
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
13
|
+
<head>
|
14
|
+
<title><%= controller.controller_path.split('/').concat([ params[:action] ]).map { |s| s.titlecase }.join(' > ') %></title>
|
15
|
+
<%= stylesheet_link_tag "application", :media => "all" %>
|
16
|
+
<%= stylesheet_link_tag "manage", :media => "all" %>
|
17
|
+
<%#= stylesheet_link_tag 'print', :media => 'print' %>
|
18
|
+
<%= javascript_include_tag "application" %>
|
19
|
+
<%= csrf_meta_tag %>
|
20
|
+
</head>
|
21
|
+
|
22
|
+
<body<%= @onload.blank? ? '' : " onload=\"#{@onload}\"" %>>
|
23
|
+
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="noprint">
|
24
|
+
<tr height="35" bgcolor="#4D4D4D">
|
25
|
+
<td style="padding: 7px 15px 0 15px; border-bottom: solid #ffffff 1px; color: white">
|
26
|
+
<%- if is_logged_in_user? -%>
|
27
|
+
<!-- Header Navigation -->
|
28
|
+
<div style="float: left; padding-top: 2px;">
|
29
|
+
<a href="/manage"><img src="/assets/manage/start.gif" width="44" height="14" alt="Start" /></a>
|
30
|
+
</div>
|
31
|
+
<div style="float: left; padding-left: 20px;">
|
32
|
+
<%= raw @nav_sections.map { |nav| link_to(nav[0], nav[1], :style => 'color: white') }.join(' | ') %>
|
33
|
+
</div>
|
34
|
+
<div style="float: right">
|
35
|
+
<%= link_to 'Change password', { :controller => '/manage/users', :action => 'edit', :id => session[:user_id] }, :style => 'color: white'%> |
|
36
|
+
<%= link_to 'Log out', { :controller => '/manage/user', :action => 'logout' }, :style => 'color: white' %>
|
37
|
+
</div>
|
38
|
+
<%- end -%>
|
39
|
+
</td>
|
40
|
+
</tr>
|
41
|
+
<%- unless @subnav_sections.blank? -%>
|
42
|
+
<tr height="30" bgcolor="#777777">
|
43
|
+
<td style="padding: 7px 15px 0 15px; border-bottom: solid #ffffff 1px; color: white">
|
44
|
+
<!-- Header Navigation -->
|
45
|
+
<div style="float: left; padding-left: 20px;">
|
46
|
+
<%= @subnav_sections.map { |nav| link_to(nav[0], nav[1], :style => 'color: white') }.join(' | ') %>
|
47
|
+
</div>
|
48
|
+
<div style="float: right">
|
49
|
+
</div>
|
50
|
+
</td>
|
51
|
+
</tr>
|
52
|
+
<%- end -%>
|
53
|
+
</table>
|
54
|
+
|
55
|
+
<div id="management-content" style="padding: 15px 10px 1px 15px">
|
56
|
+
<!-- Main Content -->
|
57
|
+
<%= yield %>
|
58
|
+
</div>
|
59
|
+
</body>
|
60
|
+
</html>
|
@@ -0,0 +1,15 @@
|
|
1
|
+
<%-
|
2
|
+
@nav_sections = []
|
3
|
+
|
4
|
+
if is_logged_in_user?
|
5
|
+
@nav_sections << [ 'Users', { :controller => '/manage/users' } ] if user_has_permission?(:manage_users)
|
6
|
+
end
|
7
|
+
-%>
|
8
|
+
|
9
|
+
<ul>
|
10
|
+
<li>
|
11
|
+
<%= (@nav_sections.map { |nav| link_to(nav[0], nav[1]) }.safe_join('</li><li>')) %>
|
12
|
+
</li>
|
13
|
+
</ul>
|
14
|
+
|
15
|
+
<p>You should override this page in your own application.</p>
|
@@ -0,0 +1,36 @@
|
|
1
|
+
<%= flash_message %>
|
2
|
+
|
3
|
+
<%= form_tag do %>
|
4
|
+
<table>
|
5
|
+
<tr>
|
6
|
+
<td>First name:</td>
|
7
|
+
<td><%= text_field :user, :first_name %></td>
|
8
|
+
</tr>
|
9
|
+
|
10
|
+
<tr>
|
11
|
+
<td>Last name:</td>
|
12
|
+
<td><%= text_field :user, :last_name %></td>
|
13
|
+
</tr>
|
14
|
+
|
15
|
+
<tr>
|
16
|
+
<td>Username:</td>
|
17
|
+
<td><%= text_field :user, :username %></td>
|
18
|
+
</tr>
|
19
|
+
<tr>
|
20
|
+
<td>Email Address:</td>
|
21
|
+
<td><%= text_field :user, :email_address %></td>
|
22
|
+
</tr>
|
23
|
+
<tr>
|
24
|
+
<td>Password:</td>
|
25
|
+
<td><%= password_field :user, :password %></td>
|
26
|
+
</tr>
|
27
|
+
<tr>
|
28
|
+
<td>Confirm:</td>
|
29
|
+
<td><%= password_field :user, :password_confirmation %></td>
|
30
|
+
</tr>
|
31
|
+
<tr>
|
32
|
+
<td></td>
|
33
|
+
<td><%= submit_tag 'Create' %></td>
|
34
|
+
</tr>
|
35
|
+
</table>
|
36
|
+
<% end %>
|
@@ -0,0 +1,20 @@
|
|
1
|
+
<%= flash_message %>
|
2
|
+
|
3
|
+
<%= form_tag({}, { :name => 'login_form' }) do %>
|
4
|
+
<table>
|
5
|
+
<tr>
|
6
|
+
<td align="right">Username:</td>
|
7
|
+
<td><%= text_field :login, :username, { :class => 'form' } %></td>
|
8
|
+
</tr>
|
9
|
+
<tr>
|
10
|
+
<td align="right">Password:</td>
|
11
|
+
<td><%= password_field :login, :password, { :class => 'form' } %></td>
|
12
|
+
</tr>
|
13
|
+
<tr>
|
14
|
+
<td></td>
|
15
|
+
<td><%= submit_tag 'Login', :class => 'form_button' %></td>
|
16
|
+
</tr>
|
17
|
+
</table>
|
18
|
+
<% end %>
|
19
|
+
|
20
|
+
<%= javascript_tag "try { document.forms['login_form'].elements['login_username'].focus(); } catch (e) {}" %>
|
@@ -0,0 +1,37 @@
|
|
1
|
+
<h2>Create New User</h2><br/>
|
2
|
+
|
3
|
+
<%= flash_message %>
|
4
|
+
|
5
|
+
<%= form_tag do %>
|
6
|
+
<table>
|
7
|
+
<tr>
|
8
|
+
<td>First name:</td>
|
9
|
+
<td><%= text_field :user, :first_name %></td>
|
10
|
+
</tr>
|
11
|
+
<tr>
|
12
|
+
<td>Last name:</td>
|
13
|
+
<td><%= text_field :user, :last_name %></td>
|
14
|
+
</tr>
|
15
|
+
<tr>
|
16
|
+
<td>Email address:</td>
|
17
|
+
<td><%= text_field :user, :email_address %></td>
|
18
|
+
</tr>
|
19
|
+
|
20
|
+
<tr>
|
21
|
+
<td>Username:</td>
|
22
|
+
<td><%= text_field :user, :username %></td>
|
23
|
+
</tr>
|
24
|
+
<tr>
|
25
|
+
<td>Password:</td>
|
26
|
+
<td><%= password_field :user, :password %></td>
|
27
|
+
</tr>
|
28
|
+
<tr>
|
29
|
+
<td>Confirm:</td>
|
30
|
+
<td><%= password_field :user, :password_confirmation %></td>
|
31
|
+
</tr>
|
32
|
+
<tr>
|
33
|
+
<td></td>
|
34
|
+
<td><%= submit_tag 'Create', :class => 'form_button' %></td>
|
35
|
+
</tr>
|
36
|
+
</table>
|
37
|
+
<% end -%>
|
@@ -0,0 +1,70 @@
|
|
1
|
+
<%= flash_message %>
|
2
|
+
|
3
|
+
<%= form_tag do %>
|
4
|
+
<table>
|
5
|
+
<tr>
|
6
|
+
<td>First name:</td>
|
7
|
+
<td><%= text_field :user, :first_name %></td>
|
8
|
+
</tr>
|
9
|
+
<tr>
|
10
|
+
<td>Last name:</td>
|
11
|
+
<td><%= text_field :user, :last_name %></td>
|
12
|
+
</tr>
|
13
|
+
<tr>
|
14
|
+
<td>Email address:</td>
|
15
|
+
<td><%= text_field :user, :email_address %></td>
|
16
|
+
</tr>
|
17
|
+
|
18
|
+
<tr>
|
19
|
+
<td>Username:</td>
|
20
|
+
<td><%= text_field :user, :username %></td>
|
21
|
+
</tr>
|
22
|
+
<tr>
|
23
|
+
<td>New Password:</td>
|
24
|
+
<td><%= password_field :user, :password %></td>
|
25
|
+
</tr>
|
26
|
+
<tr>
|
27
|
+
<td>Confirm:</td>
|
28
|
+
<td><%= password_field :user, :password_confirmation %></td>
|
29
|
+
</tr>
|
30
|
+
|
31
|
+
<tr>
|
32
|
+
<td>Administrator:</td>
|
33
|
+
<td><%= check_box :user, :is_superuser %></td>
|
34
|
+
</tr>
|
35
|
+
|
36
|
+
<tr>
|
37
|
+
<td colspan="2">-- OR -- </td>
|
38
|
+
</tr>
|
39
|
+
|
40
|
+
<tr>
|
41
|
+
<td>Manage Restaurants:</td>
|
42
|
+
<td><%= check_box :user, :can_manage_restaurants %></td>
|
43
|
+
</tr>
|
44
|
+
<tr>
|
45
|
+
<td>Manage Recipes:</td>
|
46
|
+
<td><%= check_box :user, :can_manage_recipes %></td>
|
47
|
+
</tr>
|
48
|
+
<tr>
|
49
|
+
<td>Manage Blog Posts:</td>
|
50
|
+
<td><%= check_box :user, :can_manage_blog %></td>
|
51
|
+
</tr>
|
52
|
+
<tr>
|
53
|
+
<td>Manage Requests:</td>
|
54
|
+
<td><%= check_box :user, :can_manage_reqs %></td>
|
55
|
+
</tr>
|
56
|
+
<tr>
|
57
|
+
<td>Manage Members:</td>
|
58
|
+
<td><%= check_box :user, :can_manage_members %></td>
|
59
|
+
</tr>
|
60
|
+
<tr>
|
61
|
+
<td>Manage Users:</td>
|
62
|
+
<td><%= check_box :user, :can_manage_users %></td>
|
63
|
+
</tr>
|
64
|
+
|
65
|
+
<tr>
|
66
|
+
<td></td>
|
67
|
+
<td><%= submit_tag 'Update' %> or <%= link_to 'Cancel', :action => 'index' %></td>
|
68
|
+
</tr>
|
69
|
+
</table>
|
70
|
+
<% end %>
|
@@ -0,0 +1,26 @@
|
|
1
|
+
<h2>Manage Users</h2><br/>
|
2
|
+
|
3
|
+
<%= link_to raw('Create a new user »'), :action => 'create' %>
|
4
|
+
|
5
|
+
<%= flash_message %>
|
6
|
+
|
7
|
+
<table cellspacing="3" cellpadding="1" border="0" width="95%">
|
8
|
+
<tr>
|
9
|
+
<td bgcolor="#dedede" width="26%"><b>USERNAME</b></td>
|
10
|
+
<td bgcolor="#dedede" width="22%"><b>FIRST NAME</b></td>
|
11
|
+
<td bgcolor="#dedede" width="22%"><b>LAST NAME</b></td>
|
12
|
+
<td bgcolor="#dedede" width="10%"><b>Active?</b></td>
|
13
|
+
<td bgcolor="#dedede" width="10%"> </td>
|
14
|
+
<td bgcolor="#dedede" width="10%"> </td>
|
15
|
+
</tr>
|
16
|
+
<% for u in @users %>
|
17
|
+
<tr>
|
18
|
+
<td><%= link_to u.username, :action => 'edit', :id => u %></td>
|
19
|
+
<td><%= u.first_name %></td>
|
20
|
+
<td><%= u.last_name %></td>
|
21
|
+
<td><%= u.active ? 'Y' : 'N' %>
|
22
|
+
<td><%= button_to((u.active ? 'Disable' : 'Enable'), { :action => (u.active ? 'disable' : 'enable'), :id => u}, { :class => 'form_button' }) if u.username != session[:user_username] %></td>
|
23
|
+
<td><%= button_to('Delete', { :action => 'destroy', :id => u }, { :confirm => 'Are you sure you want to delete ' + u.username + '?', :class => 'form_button' }) if u.username != session[:user_username] %></td>
|
24
|
+
</tr>
|
25
|
+
<% end %>
|
26
|
+
</table><br/>
|
@@ -0,0 +1 @@
|
|
1
|
+
Sorry, you don't have permission to manage users.
|
data/imagine_cms.gemspec
CHANGED
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
|
|
19
19
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
20
20
|
s.require_paths = ["lib"]
|
21
21
|
|
22
|
-
s.add_dependency "rails", "~> 3.2.
|
22
|
+
s.add_dependency "rails", "~> 3.2.5"
|
23
23
|
s.add_dependency "mini_magick", "~> 3.4"
|
24
24
|
s.add_dependency "net-dns", "~> 0.6.1"
|
25
25
|
end
|
@@ -4,6 +4,76 @@ module ActionControllerExtensions
|
|
4
4
|
|
5
5
|
module InstanceMethods
|
6
6
|
|
7
|
+
# Saves the current request to the session so that it can be replayed later
|
8
|
+
# (for example, after authentication). Only params of type String, Hash and
|
9
|
+
# Array will be saved. save_request is called in a before_filter in
|
10
|
+
# application.rb.
|
11
|
+
#
|
12
|
+
# Two levels of saved params are required so that params can be unsaved in
|
13
|
+
# the event of a 404 or other event that would make the current param set an
|
14
|
+
# unlikely or undesirable candidate for replaying.
|
15
|
+
def save_user_request
|
16
|
+
return if params[:action] == 'login'
|
17
|
+
|
18
|
+
session[:old_saved_user_uri] = session[:saved_user_uri];
|
19
|
+
session[:old_saved_user_params] = session[:saved_user_params] || {};
|
20
|
+
saved_params = params.reject { |k, v| !(v.kind_of?(String) || v.kind_of?(Hash) || v.kind_of?(Array)) }
|
21
|
+
saved_params.each { |key, val| saved_params[key] = val.reject { |k, v| !(v.kind_of?(String) || v.kind_of?(Hash) || v.kind_of?(Array)) } if val.kind_of?(Hash) }
|
22
|
+
session[:saved_user_uri] = request.url
|
23
|
+
session[:saved_user_params] = saved_params
|
24
|
+
end
|
25
|
+
|
26
|
+
# Returns a User object corresponding to the currently logged in user, or returns false
|
27
|
+
# and redirects to the login page if not logged in.
|
28
|
+
def authenticate_user
|
29
|
+
# if user is not logged in, record the current request and redirect
|
30
|
+
if !session[:user_authenticated]
|
31
|
+
if User.find(:all).size == 0
|
32
|
+
flash[:notice] = 'No users exist in the system. Please create one now.'
|
33
|
+
redirect_to :controller => '/management/user', :action => 'create_first'
|
34
|
+
else
|
35
|
+
flash[:notice] = 'This is an admin-only function. To continue, please log in.'
|
36
|
+
save_user_request
|
37
|
+
redirect_to :controller => '/management/user', :action => 'login'
|
38
|
+
end
|
39
|
+
|
40
|
+
return false
|
41
|
+
end
|
42
|
+
|
43
|
+
@user = User.find(session[:user_id]) rescue nil
|
44
|
+
session[:user_is_superuser] = @user.is_superuser rescue nil
|
45
|
+
|
46
|
+
@user
|
47
|
+
end
|
48
|
+
|
49
|
+
# Takes a symbol/string or array of symbols/strings and returns true if user has all
|
50
|
+
# of the named permissions.
|
51
|
+
#
|
52
|
+
# Result is stored in the session to speed up future checks.
|
53
|
+
def user_has_permissions?(*permission_set)
|
54
|
+
return false if !(@user ||= authenticate_user)
|
55
|
+
|
56
|
+
if !permission_set.is_a? Array
|
57
|
+
permission_set = [ permission_set ]
|
58
|
+
end
|
59
|
+
|
60
|
+
if session[:user_is_superuser]
|
61
|
+
for perm in permission_set
|
62
|
+
perm = perm.to_s
|
63
|
+
session[('user_can_' + perm).to_sym] ||= true
|
64
|
+
end
|
65
|
+
return true
|
66
|
+
end
|
67
|
+
|
68
|
+
for perm in permission_set
|
69
|
+
perm = perm.to_s
|
70
|
+
session[('user_can_' + perm).to_sym] = @user.send('can_' + perm)
|
71
|
+
# logger.debug "user_can_#{perm} = #{@user.send('can_' + perm)}"
|
72
|
+
return session[('user_can_' + perm).to_sym]
|
73
|
+
end
|
74
|
+
end
|
75
|
+
alias :user_has_permission? :user_has_permissions?
|
76
|
+
|
7
77
|
# Determines whether the input string is a valid email address per RFC specification
|
8
78
|
def valid_email_address?(addr, perform_mx_lookup = false)
|
9
79
|
valid = true
|
@@ -29,7 +99,7 @@ module ActionControllerExtensions
|
|
29
99
|
### COMPAT: convert_content_path
|
30
100
|
def convert_content_path
|
31
101
|
logger.debug "DEPRECATION WARNING: convert_content_path called"
|
32
|
-
params[:content_path] = params[:content_path].to_s.split('/')
|
102
|
+
params[:content_path] = params[:content_path].to_s.split('/') rescue []
|
33
103
|
end
|
34
104
|
|
35
105
|
### COMPAT - template_exists?
|
@@ -52,5 +122,48 @@ module ActionControllerExtensions
|
|
52
122
|
logger.error(e)
|
53
123
|
end
|
54
124
|
|
125
|
+
# Convert from GMT/UTC to local time (based on time zone setting in session[:time_zone])
|
126
|
+
def gm_to_local(time)
|
127
|
+
ActiveSupport::TimeZone.new(session[:time_zone] || 'UTC').utc_to_local(time)
|
128
|
+
end
|
129
|
+
|
130
|
+
# Convert from local time to GMT/UTC (based on time zone setting in session[:time_zone])
|
131
|
+
def local_to_gm(time)
|
132
|
+
ActiveSupport::TimeZone.new(session[:time_zone] || 'UTC').local_to_utc(time)
|
133
|
+
end
|
134
|
+
|
135
|
+
# Convert a time object into a formatted date/time string
|
136
|
+
def ts_to_str(ts)
|
137
|
+
return '' if ts == nil
|
138
|
+
gm_to_local(ts).strftime('%a %b %d, %Y') + ' at ' +
|
139
|
+
gm_to_local(ts).strftime('%I:%M%p').downcase + ' ' + (session[:time_zone_abbr] || '')
|
140
|
+
end
|
141
|
+
|
142
|
+
# Convert a time object into a formatted time string (no date)
|
143
|
+
def ts_to_time_str(ts)
|
144
|
+
return '' if ts == nil
|
145
|
+
gm_to_local(ts).strftime('%I:%M:%S%p').downcase
|
146
|
+
end
|
147
|
+
|
148
|
+
# Convert times to a standard format (e.g. 1:35pm)
|
149
|
+
def time_to_str(t, convert = true)
|
150
|
+
return '' if t == nil
|
151
|
+
if convert
|
152
|
+
gm_to_local(t).strftime("%I").to_i.to_s + gm_to_local(t).strftime(":%M%p").downcase
|
153
|
+
else
|
154
|
+
t.strftime("%I").to_i.to_s + t.strftime(":%M%p").downcase
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
# Convert times to a standard format (e.g. 1:35pm)
|
159
|
+
def date_to_str(t, convert = true)
|
160
|
+
return '' if t == nil
|
161
|
+
if convert
|
162
|
+
gm_to_local(t).strftime("%m").to_i.to_s + '/' + gm_to_local(t).strftime("%d").to_i.to_s + gm_to_local(t).strftime("/%Y")
|
163
|
+
else
|
164
|
+
t.strftime("%m").to_i.to_s + '/' + t.strftime("%d").to_i.to_s + t.strftime("/%Y")
|
165
|
+
end
|
166
|
+
end
|
167
|
+
|
55
168
|
end
|
56
169
|
end
|
data/lib/imagine_cms/engine.rb
CHANGED
@@ -28,8 +28,16 @@ module ImagineCms
|
|
28
28
|
include ActionControllerExtensions::InstanceMethods
|
29
29
|
|
30
30
|
helper CmsApplicationHelper
|
31
|
+
helper_method :user_has_permission?
|
32
|
+
helper_method :user_has_permissions?
|
31
33
|
helper_method :template_exists?
|
32
34
|
helper_method :url_for_current
|
35
|
+
helper_method :gm_to_local
|
36
|
+
helper_method :local_to_gm
|
37
|
+
helper_method :ts_to_str
|
38
|
+
helper_method :ts_to_time_str
|
39
|
+
helper_method :time_to_str
|
40
|
+
helper_method :date_to_str
|
33
41
|
|
34
42
|
# before_filter :create_settings_object, :set_default_session_values, :check_ssl_requirement, :expire_session_data
|
35
43
|
# after_filter :compress_output
|
data/lib/imagine_cms/version.rb
CHANGED
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: imagine_cms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 2653956547
|
5
5
|
prerelease: 6
|
6
6
|
segments:
|
7
7
|
- 3
|
8
8
|
- 0
|
9
9
|
- 0
|
10
10
|
- beta
|
11
|
-
-
|
12
|
-
version: 3.0.0.
|
11
|
+
- 5
|
12
|
+
version: 3.0.0.beta5
|
13
13
|
platform: ruby
|
14
14
|
authors:
|
15
15
|
- Aaron Namba
|
@@ -17,7 +17,7 @@ autorequire:
|
|
17
17
|
bindir: bin
|
18
18
|
cert_chain: []
|
19
19
|
|
20
|
-
date: 2012-
|
20
|
+
date: 2012-06-05 00:00:00 Z
|
21
21
|
dependencies:
|
22
22
|
- !ruby/object:Gem::Dependency
|
23
23
|
name: rails
|
@@ -27,12 +27,12 @@ dependencies:
|
|
27
27
|
requirements:
|
28
28
|
- - ~>
|
29
29
|
- !ruby/object:Gem::Version
|
30
|
-
hash:
|
30
|
+
hash: 5
|
31
31
|
segments:
|
32
32
|
- 3
|
33
33
|
- 2
|
34
|
-
-
|
35
|
-
version: 3.2.
|
34
|
+
- 5
|
35
|
+
version: 3.2.5
|
36
36
|
type: :runtime
|
37
37
|
version_requirements: *id001
|
38
38
|
- !ruby/object:Gem::Dependency
|
@@ -80,10 +80,26 @@ files:
|
|
80
80
|
- Gemfile
|
81
81
|
- README.rdoc
|
82
82
|
- Rakefile
|
83
|
+
- app/assets/manage/btn_delete.gif
|
84
|
+
- app/assets/manage/bullet.gif
|
85
|
+
- app/assets/manage/start.gif
|
83
86
|
- app/controllers/cms/content_controller.rb
|
87
|
+
- app/controllers/management/application_controller.rb
|
88
|
+
- app/controllers/management/default_controller.rb
|
89
|
+
- app/controllers/management/user_controller.rb
|
90
|
+
- app/controllers/management/users_controller.rb
|
84
91
|
- app/helpers/cms_application_helper.rb
|
92
|
+
- app/models/user.rb
|
85
93
|
- app/views/errors/404.html.erb
|
86
94
|
- app/views/errors/permission_denied.html.erb
|
95
|
+
- app/views/layouts/management.html.erb
|
96
|
+
- app/views/management/default/index.html.erb
|
97
|
+
- app/views/management/user/create_first.html.erb
|
98
|
+
- app/views/management/user/login.html.erb
|
99
|
+
- app/views/management/users/create.html.erb
|
100
|
+
- app/views/management/users/edit.html.erb
|
101
|
+
- app/views/management/users/index.html.erb
|
102
|
+
- app/views/management/users/permission_denied.html.erb
|
87
103
|
- config/routes.rb
|
88
104
|
- doc/Gemfile.html
|
89
105
|
- doc/ImagineCms.html
|