RubyGems - knitkit - Versions diffs - 2.0.0 → 2.0.1 - Mend

knitkit 2.0.0 → 2.0.1

Files changed (185) hide show

data/README.md +22 -0
data/app/controllers/knitkit/base_controller.rb +15 -2
data/app/controllers/knitkit/blogs_controller.rb +4 -4
data/app/controllers/knitkit/erp_app/desktop/app_controller.rb +16 -2
data/app/controllers/knitkit/erp_app/desktop/articles_controller.rb +198 -57
data/app/controllers/knitkit/erp_app/desktop/content_controller.rb +25 -11
data/app/controllers/knitkit/erp_app/desktop/file_assets_controller.rb +123 -44
data/app/controllers/knitkit/erp_app/desktop/image_assets_controller.rb +83 -9
data/app/controllers/knitkit/erp_app/desktop/online_document_sections_controller.rb +38 -0
data/app/controllers/knitkit/erp_app/desktop/position_controller.rb +15 -6
data/app/controllers/knitkit/erp_app/desktop/theme_controller.rb +185 -98
data/app/controllers/knitkit/erp_app/desktop/versions_controller.rb +38 -16
data/app/controllers/knitkit/erp_app/desktop/website_controller.rb +126 -68
data/app/controllers/knitkit/erp_app/desktop/website_nav_controller.rb +154 -107
data/app/controllers/knitkit/erp_app/desktop/website_section_controller.rb +113 -54
data/app/controllers/knitkit/online_document_sections_controller.rb +45 -0
data/app/controllers/knitkit/unauthorized_controller.rb +5 -0
data/app/controllers/knitkit/website_sections_controller.rb +8 -9
data/app/mailers/document_mailer.rb +10 -0
data/app/models/article.rb +1 -1
data/app/models/content.rb +35 -3
data/app/models/document.rb +8 -0
data/app/models/document_type.rb +3 -0
data/app/models/documented_content.rb +29 -0
data/app/models/documented_item.rb +31 -0
data/app/models/extensions/configuration.rb +5 -0
data/app/models/extensions/party.rb +13 -0
data/app/models/online_document_section.rb +40 -0
data/app/models/theme.rb +22 -26
data/app/models/valid_document.rb +4 -0
data/app/models/website.rb +158 -119
data/app/models/website_inquiry.rb +7 -2
data/app/models/website_inquiry_mailer.rb +4 -3
data/app/models/website_party_role.rb +5 -0
data/app/models/website_section.rb +76 -38
data/app/views/document_mailer/email_document.html.erb +12 -0
data/app/views/knitkit/blogs/_add_comment.html.erb +2 -2
data/app/views/knitkit/online_document_sections/index.html.erb +149 -0
data/app/views/knitkit/website_sections/index.html.erb +0 -1
data/app/views/layouts/knitkit/base.html.erb +4 -2
data/app/views/layouts/knitkit/online_document_sections.html.erb +59 -0
data/app/views/menus/knitkit/_default_menu.html.erb +1 -1
data/app/views/menus/knitkit/_default_section_menu.html.erb +1 -1
data/app/views/menus/knitkit/_default_sub_menu.html.erb +2 -2
data/app/views/menus/knitkit/_default_sub_section_menu.html.erb +1 -1
data/app/widgets/contact_us/base.rb +5 -5
data/app/widgets/contact_us/javascript/contact_us.js +2 -1
data/app/widgets/google_map/base.rb +0 -4
data/app/widgets/google_map/javascript/google_map.js +4 -3
data/app/widgets/login/base.rb +0 -5
data/app/widgets/login/javascript/login.js +155 -153
data/app/widgets/login/views/index.html.erb +3 -3
data/app/widgets/login/views/reset_password.html.erb +2 -2
data/app/widgets/manage_profile/base.rb +46 -67
data/app/widgets/manage_profile/javascript/manage_profile.js +2 -1
data/app/widgets/manage_profile/views/_user_information_form.html.erb +5 -1
data/app/widgets/reset_password/base.rb +4 -6
data/app/widgets/reset_password/javascript/reset_password.js +2 -1
data/app/widgets/reset_password/views/index.html.erb +4 -3
data/app/widgets/search/base.rb +1 -5
data/app/widgets/search/javascript/search.js +2 -1
data/app/widgets/search/views/show.html.erb +2 -2
data/app/widgets/signup/base.rb +7 -6
data/app/widgets/signup/javascript/signup.js +2 -1
data/app/widgets/signup/views/error.html.erb +1 -1
data/config/routes.rb +6 -2
data/db/data_migrations/20110509223702_add_publisher_role.rb +10 -0
data/db/data_migrations/20111118182910_setup_knitkit_capabilities.rb +84 -0
data/db/data_migrations/20120127144444_create_website_role_types.rb +13 -0
data/db/data_migrations/20120127150505_create_website_default_configuration.rb +72 -0
data/db/data_migrations/20120127150506_add_primary_host_to_website_configuration.rb +33 -0
data/db/data_migrations/20120316150424_add_is_template_to_default_website_config.rb +16 -0
data/db/data_migrations/upgrade/20120210195616_add_website_configs.rb +19 -0
data/db/data_migrations/upgrade/20120213205519_populate_website_iids.rb +17 -0
data/db/migrate/20110211002317_setup_knitkit.rb +22 -5
data/db/migrate/20111207161928_create_documented_items_table.rb +13 -0
data/db/migrate/20111208180539_add_document_id_to_documented_item.rb +9 -0
data/db/migrate/20120315163736_add_document.rb +32 -0
data/db/migrate/20120503183431_create_valid_documents.rb +16 -0
data/db/migrate/upgrade/20120116201510_add_render_base_layout_flag.rb +13 -0
data/db/migrate/upgrade/20120127143745_create_website_party_roles.rb +24 -0
data/db/migrate/upgrade/20120213184509_add_iid_to_websites.rb +14 -0
data/lib/knitkit.rb +2 -0
data/lib/knitkit/config.rb +31 -0
data/lib/knitkit/engine.rb +12 -3
data/lib/knitkit/extensions.rb +1 -3
data/lib/knitkit/extensions/action_controller/theme_support/acts_as_themed_controller.rb +2 -3
data/lib/knitkit/extensions/active_record/acts_as_document.rb +63 -0
data/lib/knitkit/extensions/active_record/acts_as_publishable.rb +5 -4
data/lib/knitkit/extensions/compass_ae/widgets/base.rb +70 -0
data/lib/knitkit/extensions/railties/action_view.rb +22 -10
data/lib/knitkit/extensions/railties/theme_support/asset_tag_helper.rb +3 -3
data/lib/knitkit/extensions/railties/theme_support/theme_file_resolver.rb +8 -3
data/lib/knitkit/routing_filter/section_router.rb +16 -6
data/lib/knitkit/version.rb +7 -1
data/public/images/check.png +0 -0
data/public/images/credit_card.png +0 -0
data/public/images/knitkit/tooltip.gif +0 -0
data/public/javascripts/ajax_pagination.js +33 -0
data/public/javascripts/datepicker.js +6 -1
data/public/javascripts/erp_app/desktop/applications/knitkit/articles_grid_panel.js +731 -258
data/public/javascripts/erp_app/desktop/applications/knitkit/center_region.js +289 -238
data/public/javascripts/erp_app/desktop/applications/knitkit/comments_grid_panel.js +2 -4
data/public/javascripts/erp_app/desktop/applications/knitkit/east_region.js +29 -3
data/public/javascripts/erp_app/desktop/applications/knitkit/file_assets_panel.js +193 -21
data/public/javascripts/erp_app/desktop/applications/knitkit/image_assets_data_view.js +27 -26
data/public/javascripts/erp_app/desktop/applications/knitkit/image_assets_panel.js +167 -20
data/public/javascripts/erp_app/desktop/applications/knitkit/inquiries_grid_panel.js +1 -2
data/public/javascripts/erp_app/desktop/applications/knitkit/module.js +5 -1
data/public/javascripts/erp_app/desktop/applications/knitkit/publish_window.js +2 -2
data/public/javascripts/erp_app/desktop/applications/knitkit/published_grid_panel.js +20 -11
data/public/javascripts/erp_app/desktop/applications/knitkit/section_articles_grid_panel.js +279 -228
data/public/javascripts/erp_app/desktop/applications/knitkit/themes_tree_panel.js +40 -40
data/public/javascripts/erp_app/desktop/applications/knitkit/versions_grid_panel.js +83 -76
data/public/javascripts/erp_app/desktop/applications/knitkit/west_region.js +1961 -1397
data/public/javascripts/erp_app/desktop/applications/knitkit/widgets_panel.js +47 -43
data/public/javascripts/knitkit/helpers.js +26 -0
data/public/stylesheets/erp_app/desktop/applications/knitkit/knitkit.css +1 -2
data/public/stylesheets/knitkit/documentation.css +50 -0
data/public/stylesheets/knitkit/style.css +23 -1
data/spec/controllers/knitkit/erp_app/desktop/articles_controller_spec.rb +8 -0
data/spec/controllers/knitkit/erp_app/desktop/website_controller_spec.rb +396 -0
data/spec/controllers/knitkit/erp_app/desktop/website_nav_controller_spec.rb +260 -0
data/spec/controllers/knitkit/erp_app/desktop/website_section_controller_spec.rb +222 -0
data/spec/dummy/Rakefile +7 -0
data/spec/dummy/app/assets/javascripts/application.js +9 -0
data/spec/dummy/app/assets/stylesheets/application.css +7 -0
data/spec/dummy/app/controllers/application_controller.rb +3 -0
data/spec/dummy/app/helpers/application_helper.rb +2 -0
data/spec/dummy/app/views/layouts/application.html.erb +14 -0
data/spec/dummy/config.ru +4 -0
data/spec/dummy/config/application.rb +43 -0
data/spec/dummy/config/boot.rb +10 -0
data/spec/dummy/config/database.yml +8 -0
data/spec/dummy/config/environment.rb +5 -0
data/spec/dummy/config/environments/spec.rb +27 -0
data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/spec/dummy/config/initializers/inflections.rb +10 -0
data/spec/dummy/config/initializers/mime_types.rb +5 -0
data/spec/dummy/config/initializers/secret_token.rb +7 -0
data/spec/dummy/config/initializers/session_store.rb +8 -0
data/spec/dummy/config/initializers/wrap_parameters.rb +12 -0
data/spec/dummy/config/locales/en.yml +5 -0
data/spec/dummy/config/routes.rb +4 -0
data/spec/dummy/config/workflow.yml +1 -0
data/spec/dummy/public/404.html +26 -0
data/spec/dummy/public/422.html +26 -0
data/spec/dummy/public/500.html +26 -0
data/spec/dummy/public/favicon.ico +0 -0
data/spec/dummy/script/rails +6 -0
data/spec/factories/article.rb +4 -0
data/spec/factories/basic.rb +3 -0
data/spec/factories/blog.rb +5 -0
data/spec/factories/documented_content.rb +4 -0
data/spec/factories/documented_item.rb +4 -0
data/spec/factories/online_document_section.rb +6 -0
data/spec/factories/published_website.rb +4 -0
data/spec/factories/theme.rb +6 -0
data/spec/factories/website.rb +5 -0
data/spec/factories/website_host.rb +4 -0
data/spec/factories/website_nav.rb +5 -0
data/spec/factories/website_nav_item.rb +4 -0
data/spec/factories/website_section.rb +5 -0
data/spec/models/article_spec.rb +35 -0
data/spec/models/attribute_type_spec.rb +55 -0
data/spec/models/attribute_value_spec.rb +114 -0
data/spec/models/blog_spec.rb +16 -0
data/spec/models/comment_spec.rb +11 -0
data/spec/models/content_spec.rb +187 -0
data/spec/models/documented_item_spec.rb +29 -0
data/spec/models/online_document_section_spec.rb +34 -0
data/spec/models/published_element_spec.rb +11 -0
data/spec/models/published_website_spec.rb +11 -0
data/spec/models/theme_spec.rb +12 -0
data/spec/models/website_host_spec.rb +11 -0
data/spec/models/website_inquiry_spec.rb +24 -0
data/spec/models/website_nav_item_spec.rb +11 -0
data/spec/models/website_nav_spec.rb +11 -0
data/spec/models/website_section_content_spec.rb +11 -0
data/spec/models/website_section_spec.rb +49 -0
data/spec/models/website_spec.rb +146 -0
data/spec/spec_helper.rb +61 -0
metadata +391 -154
data/app/controllers/knitkit/articles_controller.rb +0 -7
data/lib/knitkit/extensions/compass/widgets/base.rb +0 -53

data/app/controllers/knitkit/erp_app/desktop/website_controller.rb CHANGED Viewed

@@ -42,9 +42,16 @@ module Knitkit
         end
         def activate_publication
-          @website.set_publication_version(params[:version].to_f, current_user)
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'activate', 'Website') do
+              @website.set_publication_version(params[:version].to_f, current_user)
-          render :json => {:success => true}
+              render :json => {:success => true}
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
         def set_viewing_version
@@ -60,62 +67,91 @@ module Knitkit
         end
         def publish
-          @website.publish(params[:comment], current_user)
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'publish', 'Website') do
+              @website.publish(params[:comment], current_user)
-          render :json => {:success => true}
+              render :json => {:success => true}
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
         def new
-          result = {}
-          website = Website.new
-          website.subtitle                  = params[:subtitle]
-          website.title                     = params[:title]
-          website.name                      = params[:name]
-          website.email                     = params[:email]
-          website.auto_activate_publication = params[:auto_activate_publication] == 'yes'
-          website.email_inquiries           = params[:email_inquiries] == 'yes'
-          # create homepage
-          website_section = WebsiteSection.new
-          website_section.title = "Home"
-          website_section.in_menu = true
-          website.website_sections << website_section
-          if website.save
-            website.setup_default_pages
-            #set default publication published by user
-            first_publication = website.published_websites.first
-            first_publication.published_by = current_user
-            first_publication.save
-            website.hosts << WebsiteHost.create(:host => params[:host])
-            website.save
-            website.publish("Publish Default Sections", current_user)
-            PublishedWebsite.activate(website, 1, current_user)
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'create', 'Website') do
+              result = {}
+              website = Website.new
+              website.subtitle                  = params[:subtitle]
+              website.title                     = params[:title]
+              website.name                      = params[:name]
+              website.email                     = params[:email]
+              website.auto_activate_publication = params[:auto_activate_publication] == 'yes'
+              website.email_inquiries           = params[:email_inquiries] == 'yes'
+              # create homepage
+              website_section = WebsiteSection.new
+              website_section.title = "Home"
+              website_section.in_menu = true
+              website.website_sections << website_section
+              if website.save
+                website.setup_default_pages
+                #set default publication published by user
+                first_publication = website.published_websites.first
+                first_publication.published_by = current_user
+                first_publication.save
+                website.hosts << WebsiteHost.create(:host => params[:host])
+                website.configurations.first.update_configuration_item(ConfigurationItemType.find_by_internal_identifier('primary_host'), params[:host])
+                website.save
+                website.publish("Publish Default Sections", current_user)
+                PublishedWebsite.activate(website, 1, current_user)
-            result[:success] = true
-          else
-            result[:success] = false
-          end
+                result[:success] = true
+              else
+                result[:success] = false
+              end
-          render :json => result
+              render :json => result
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
         def update
-          @website.email                     = params[:email]
-          @website.name                      = params[:name]
-          @website.title                     = params[:title]
-          @website.subtitle                  = params[:subtitle]
-          @website.auto_activate_publication = params[:auto_activate_publication] == 'yes'
-          @website.email_inquiries           = params[:email_inquiries] == 'yes'
-          render :json => @website.save ? {:success => true} : {:success => false}
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'edit', 'Website') do
+              @website.email                     = params[:email]
+              @website.name                      = params[:name]
+              @website.title                     = params[:title]
+              @website.subtitle                  = params[:subtitle]
+              @website.auto_activate_publication = params[:auto_activate_publication] == 'yes'
+              @website.email_inquiries           = params[:email_inquiries] == 'yes'
+              render :json => @website.save ? {:success => true} : {:success => false}
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
         def delete
-          render :json => @website.destroy ? {:success => true} : {:success => false}
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'delete', 'Website') do
+              render :json => @website.destroy ? {:success => true} : {:success => false}
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
         def export
@@ -125,6 +161,7 @@ module Knitkit
           FileUtils.rm_r File.dirname(zip_path) rescue nil
         end
+        # TODO add role restriction to this
         def import
           result, message = Website.import(params[:website_data], current_user)
@@ -134,35 +171,56 @@ module Knitkit
         end
         def add_host
-          website = Website.find(params[:id])
-          website_host = WebsiteHost.create(:host => params[:host])
-          website.hosts << website_host
-          website.save
-          render :json => {
-            :success => true,
-            :node => {
-              :text => website_host.attributes['host'],
-              :websiteHostId => website_host.id,
-              :host => website_host.attributes['host'],
-              :iconCls => 'icon-globe',
-              :url => "http://#{website_host.attributes['host']}",
-              :isHost => true,
-              :leaf => true,
-              :children => []}
-          }
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'create', 'Host') do
+              website = Website.find(params[:id])
+              website_host = WebsiteHost.create(:host => params[:host])
+              website.hosts << website_host
+              website.save
+              render :json => {
+                :success => true,
+                :node => {
+                  :text => website_host.attributes['host'],
+                  :websiteHostId => website_host.id,
+                  :host => website_host.attributes['host'],
+                  :iconCls => 'icon-globe',
+                  :url => "http://#{website_host.attributes['host']}",
+                  :isHost => true,
+                  :leaf => true,
+                  :children => []}
+              }
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
         def update_host
-          website_host = WebsiteHost.find(params[:id])
-          website_host.host = params[:host]
-          website_host.save
-          render :json => {:success => true}
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'edit', 'Host') do
+              website_host = WebsiteHost.find(params[:id])
+              website_host.host = params[:host]
+              website_host.save
+              render :json => {:success => true}
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
         def delete_host
-          render :json => WebsiteHost.destroy(params[:id]) ? {:success => true} : {:success => false}
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'delete', 'Host') do
+              render :json => WebsiteHost.destroy(params[:id]) ? {:success => true} : {:success => false}
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
         protected

data/app/controllers/knitkit/erp_app/desktop/website_nav_controller.rb CHANGED Viewed

@@ -3,138 +3,185 @@ module Knitkit
     module Desktop
       class WebsiteNavController < Knitkit::ErpApp::Desktop::AppController
         def new
-          result = {}
-          website = Website.find(params[:website_id])
-          website_nav = WebsiteNav.new(:name => params[:name])
-          website.website_navs << website_nav
-          if website_nav.save
-            result[:success] = true
-            result[:node] = {:text => params[:name],
-              :websiteNavId => website_nav.id,
-              :websiteId => website.id,
-              :iconCls => 'icon-index',
-              :canAddMenuItems => true,
-              :isWebsiteNav => true,
-              :leaf => false,
-              :children => []}
-          else
-            result[:success] = false
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'create', 'Menu') do
+              result = {}
+              website = Website.find(params[:website_id])
+              website_nav = WebsiteNav.new(:name => params[:name])
+              website.website_navs << website_nav
+              if website_nav.save
+                result[:success] = true
+                result[:node] = {:text => params[:name],
+                  :websiteNavId => website_nav.id,
+                  :websiteId => website.id,
+                  :iconCls => 'icon-index',
+                  :canAddMenuItems => true,
+                  :isWebsiteNav => true,
+                  :leaf => false,
+                  :children => []}
+              else
+                result[:success] = false
+              end
+              render :json => result
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
           end
-          render :json => result
         end
         def update
-          website_nav = WebsiteNav.find(params[:website_nav_id])
-          website_nav.name = params[:name]
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'edit', 'Menu') do
+              website_nav = WebsiteNav.find(params[:website_nav_id])
+              website_nav.name = params[:name]
-          render :json => (website_nav.save ? {:success => true} : {:success => false})
+              render :json => (website_nav.save ? {:success => true} : {:success => false})
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
         def delete
-          render :json => (WebsiteNav.destroy(params[:id]) ? {:success => true} : {:success => false})
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'delete', 'Menu') do
+              render :json => (WebsiteNav.destroy(params[:id]) ? {:success => true} : {:success => false})
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
         def add_menu_item
-          result = {}
-          klass = params[:klass].constantize
-          parent = klass.find(params[:id])
-          website_nav = parent.is_a?(WebsiteNav) ? parent : parent.website_nav
-          website_nav_item = WebsiteNavItem.new(:title => params[:title])
-          url = params[:url]
-          if(params[:link_to] != 'url')
-            #user wants to see Section so this is needed
-            params[:link_to] = 'WebsiteSection' if params[:link_to] == 'website_section'
-            #get link to item can be Article or Section
-            linked_to_id = params["#{params[:link_to].underscore}_id".to_sym]
-            link_to_item = params[:link_to].constantize.find(linked_to_id)
-            #setup link
-            website_nav_item.url = '/' + link_to_item.permalink
-            website_nav_item.linked_to_item = link_to_item
-            url = "http://#{website_nav.website.hosts.first.host}/" + link_to_item.permalink
-          else
-            website_nav_item.url = url
-          end
-          if website_nav_item.save
-            if parent.is_a?(WebsiteNav)
-              parent.website_nav_items << website_nav_item
-            else
-              website_nav_item.move_to_child_of(parent)
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'create', 'MenuItem') do
+              result = {}
+              klass = params[:klass].constantize
+              parent = klass.find(params[:id])
+              website_nav = parent.is_a?(WebsiteNav) ? parent : parent.website_nav
+              website_nav_item = WebsiteNavItem.new(:title => params[:title])
+              url = params[:url]
+              if(params[:link_to] != 'url')
+                #user wants to see Section so this is needed
+                params[:link_to] = 'WebsiteSection' if params[:link_to] == 'website_section'
+                #get link to item can be Article or Section
+                linked_to_id = params["#{params[:link_to].underscore}_id".to_sym]
+                link_to_item = params[:link_to].constantize.find(linked_to_id)
+                #setup link
+                website_nav_item.url = '/' + link_to_item.permalink
+                website_nav_item.linked_to_item = link_to_item
+                url = "http://#{website_nav.website.hosts.first.host}/" + link_to_item.permalink
+              else
+                website_nav_item.url = url
+              end
+              if website_nav_item.save
+                if parent.is_a?(WebsiteNav)
+                  parent.website_nav_items << website_nav_item
+                else
+                  website_nav_item.move_to_child_of(parent)
+                end
+                result[:success] = true
+                result[:node] = {:text => params[:title],
+                  :linkToType => params[:link_to].underscore,
+                  :linkedToId => linked_to_id,
+                  :websiteId => website_nav.website.id,
+                  :url => url,
+                  :isSecure => false,
+                  :canAddMenuItems => true,
+                  :websiteNavItemId => website_nav_item.id,
+                  :iconCls => 'icon-document',
+                  :isWebsiteNavItem => true,
+                  :leaf => false,
+                  :children => []}
+              else
+                result[:success] = false
+              end
+              render :json => result
             end
-            result[:success] = true
-            result[:node] = {:text => params[:title],
-              :linkToType => params[:link_to].underscore,
-              :linkedToId => linked_to_id,
-              :websiteId => website_nav.website.id,
-              :url => url,
-              :isSecure => false,
-              :canAddMenuItems => true,
-              :websiteNavItemId => website_nav_item.id,
-              :iconCls => 'icon-document',
-              :isWebsiteNavItem => true,
-              :leaf => false,
-              :children => []}
-          else
-            result[:success] = false
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
           end
-          render :json => result
         end
         def update_menu_item
-          result = {}
-          website_nav_item = WebsiteNavItem.find(params[:website_nav_item_id])
-          website_nav_item.title = params[:title]
-          url = params[:url]
-          linked_to_id = nil
-          if(params[:link_to] != 'url')
-            #user wants to see Section so this is needed
-            params[:link_to] = 'WebsiteSection' if params[:link_to] == 'website_section'
-            #get link to item can be Article or Section
-            linked_to_id = params["#{params[:link_to].underscore}_id".to_sym]
-            link_to_item = params[:link_to].constantize.find(linked_to_id)
-            #setup link
-            website_nav_item.url = '/' + link_to_item.permalink
-            website_nav_item.linked_to_item = link_to_item
-            url = "http://#{website_nav_item.website_nav.website.hosts.first.host}/" + link_to_item.permalink
-          else
-            website_nav_item.url = url
-          end
-          if website_nav_item.save
-            result[:success] = true
-            result[:title] = params[:title]
-            result[:linkedToId] = linked_to_id
-            result[:linkToType] = params[:link_to].underscore
-            result[:url] = url
-          else
-            result[:success] = false
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'edit', 'MenuItem') do
+              result = {}
+              website_nav_item = WebsiteNavItem.find(params[:website_nav_item_id])
+              website_nav_item.title = params[:title]
+              url = params[:url]
+              linked_to_id = nil
+              if(params[:link_to] != 'url')
+                #user wants to see Section so this is needed
+                params[:link_to] = 'WebsiteSection' if params[:link_to] == 'website_section'
+                #get link to item can be Article or Section
+                linked_to_id = params["#{params[:link_to].underscore}_id".to_sym]
+                link_to_item = params[:link_to].constantize.find(linked_to_id)
+                #setup link
+                website_nav_item.url = '/' + link_to_item.permalink
+                website_nav_item.linked_to_item = link_to_item
+                url = "http://#{website_nav_item.website_nav.website.hosts.first.host}/" + link_to_item.permalink
+              else
+                website_nav_item.url = url
+              end
+              if website_nav_item.save
+                result[:success] = true
+                result[:title] = params[:title]
+                result[:linkedToId] = linked_to_id
+                result[:linkToType] = params[:link_to].underscore
+                result[:url] = url
+              else
+                result[:success] = false
+              end
+              render :json => result
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
           end
-          render :json => result
         end
         def update_security
-          website_nav_item = WebsiteNavItem.find(params[:id])
-          website = Website.find(params[:site_id])
-          if(params[:secure] == "true")
-            website_nav_item.add_role(website.role)
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          if current_user.has_capability?(model, 'secure', 'MenuItem') or current_user.has_capability?(model, 'unsecure', 'MenuItem')
+            website_nav_item = WebsiteNavItem.find(params[:id])
+            website = Website.find(params[:site_id])
+            if(params[:secure] == "true")
+              website_nav_item.add_role(website.role)
+            else
+              website_nav_item.remove_role(website.role)
+            end
+            render :json => {:success => true}
           else
-            website_nav_item.remove_role(website.role)
+            render :json => {:success => false, :message => "User does not have capability."}
           end
-          render :json => {:success => true}
         end
         def delete_menu_item
-          render :json => (WebsiteNavItem.destroy(params[:id]) ? {:success => true} : {:success => false})
+          model = DesktopApplication.find_by_internal_identifier('knitkit')
+          begin
+            current_user.with_capability(model, 'delete', 'MenuItem') do
+              render :json => (WebsiteNavItem.destroy(params[:id]) ? {:success => true} : {:success => false})
+            end
+          rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+            render :json => {:success => false, :message => ex.message}
+          end
         end
       end#WebsiteNavController