mongoid-forums 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 02a605b3ee6ac29ee45990812fc1b43c9534522f
-  data.tar.gz: 895aa0e48f850db04db25763990848529a4260ca
+  metadata.gz: 9a4337469d2a29dedec4dbc0a39450cca125016e
+  data.tar.gz: c363a39163571c395122ce2cc9d58687907a182f
 SHA512:
-  metadata.gz: 14c0732c836c33b5aae17eb2c465cd59ae5c44970215b743be1e1aafaeaf0633a159db16620142c794e34b87dd402eb32a59c75495751fd19c0bc437d518ed26
-  data.tar.gz: 43a0ee2aeccf84a236f427c5accf20fdcf3d192970fee302570c647a089e701bfae9307ad3a262b4698aef00c5e1254a1145ba74048c05069cea0b64b35a3ba8
+  metadata.gz: 53b729da9a4e57e9c5e7fd5ede064670055da5f661cdc60536edc1175642e1b9a15b8dcbae1a5a69367e7b94dcbc7f15220f4b5e4f1e8fd50ed4375e0604aa8d
+  data.tar.gz: 357b1cd80ee8136c9354f724a4c9c4b20f85a9881d0403f0ce1018612cbc605555307adf1e1d65e776daacefa0e6a647ac0fb9e40c889b2a9ded3a5f47ed97b0

data/app/assets/javascripts/mongoid_forums/admin/groups.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/javascripts/mongoid_forums/application.js

@@ -10,4 +10,6 @@
 // Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
 // about supported directives.
 //
+//= require jquery
+//= require jquery_ujs
 //= require_tree .

data/app/assets/stylesheets/mongoid_forums/admin/groups.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/controllers/mongoid_forums/admin/base_controller.rb

@@ -2,10 +2,17 @@ require_dependency "mongoid_forums/application_controller"
 
 module MongoidForums
   class Admin::BaseController < ApplicationController
-
+    before_filter :authenticate_mongoid_forums_admin
 
     def index
     end
 
+    def authenticate_mongoid_forums_admin
+      if !mongoid_forums_user || !mongoid_forums_user.mongoid_forums_admin?
+        flash.alert = t("mongoid_forums.errors.access_denied")
+        redirect_to forums_path #TODO: Redirect to last URL
+      end
+    end
+
   end
 end

data/app/controllers/mongoid_forums/admin/categories_controller.rb

@@ -3,6 +3,18 @@ require_dependency "mongoid_forums/application_controller"
 module MongoidForums
   module Admin
     class CategoriesController < BaseController
+      before_action :set_category, only: [:add_group, :remove_group]
+
+      def index
+        @forums = Forum.all
+        @categories = Category.all
+      end
+
+      def show
+        @category = Category.find(params[:id])
+        @groups = Group.all.where(moderator: true).select{ |group| !@category.moderator_groups.include?(group) }
+      end
+
       def new
         @category = Category.new
       end
@@ -10,7 +22,7 @@ module MongoidForums
       def create
         if @category = Category.create(name: params[:category][:name])
           flash[:notice] = "Category created successfully"
-          redirect_to root_path
+          redirect_to admin_categories_path
         else
           flash.now.alert = "Category could not be created"
           render :action => "new"
@@ -18,19 +30,58 @@ module MongoidForums
       end
 
       def edit
+        @category = Category.find(params[:id])
       end
 
       def update
+        @category = Category.find(params[:id])
+        if @category.update(category_params)
+          flash[:notice] = "Category updated successfully"
+          redirect_to admin_categories_path
+        else
+          flash.now.alert = "Category could not be updated"
+          render :action => "edit"
+        end
       end
 
       def destroy
+        @category = Category.find(params[:id])
+        if @category.destroy
+          flash[:notice] = "Category destroyed successfully"
+          redirect_to admin_categories_path
+        else
+          flash.now.alert = "Category could not be destroyed"
+          render :action => "index"
+        end
       end
 
+      ### Temporary Methods - Try Not To Cringe Too Much <3 ###
+      def add_group
+        group = Group.find(params[:group][:id])
+        @category.moderator_groups << group
+        @category.save
+
+        redirect_to admin_category_path(@category)
+      end
+
+      def remove_group
+        group = Group.find(params[:group][:id])
+        @category.moderator_groups.delete(group)
+        @category.save
+
+        redirect_to admin_category_path(@category)
+      end
+      #########################################################
+
       private
 
       def category_params
         params.require(:category).permit(:name)
       end
+
+      def set_category
+        @category = Category.find(params[:category_id])
+      end
     end
   end
 end

data/app/controllers/mongoid_forums/admin/forums_controller.rb

@@ -3,34 +3,84 @@ require_dependency "mongoid_forums/application_controller"
 module MongoidForums
   module Admin
     class Admin::ForumsController < BaseController
+      before_action :set_forum, only: [:add_group, :remove_group]
+
+      def index
+        @forums = Forum.all
+      end
+
       def new
         @forum = Forum.new
       end
 
       def create
         if @forum = Forum.create(name: params[:forum][:name], category: params[:forum][:category])
-          flash[:notice] = "Category created successfully"
-          redirect_to @forum
+          flash[:notice] = "Forum created successfully"
+          redirect_to [:admin, @forum]
         else
-          flash.now.alert = "Category could not be created"
+          flash.now.alert = "Forum could not be created"
           render :action => "new"
         end
       end
 
+      def show
+        @forum = Forum.find(params[:id])
+        @groups = Group.all.where(moderator: true).select{ |group| !@forum.moderator_groups.include?(group) }
+      end
+
       def edit
+        @forum = Forum.find(params[:id])
       end
 
       def update
+        @forum = Forum.find(params[:id])
+        if @forum.update(forum_params)
+          flash[:notice] = "Forum updated successfully"
+          redirect_to @forum
+        else
+          flash.now.alert = "Forum could not be updated"
+          render :action => "edit"
+        end
       end
 
       def destroy
+        @forum = Forum.find(params[:id])
+        if @forum.destroy
+          flash[:notice] = "Forum destroyed successfully"
+          redirect_to admin_forums_path
+        else
+          flash.now.alert = "Forum could not be destroyed"
+          render :action => "index"
+        end
       end
 
+      ### Temporary Methods - Try Not To Cringe Too Much <3 ###
+      def add_group
+        group = Group.find(params[:group][:id])
+        @forum.moderator_groups << group
+        @forum.save
+
+        redirect_to admin_forum_path(@forum)
+      end
+
+      def remove_group
+        group = Group.find(params[:group][:id])
+        @forum.moderator_groups.delete(group)
+        @forum.save
+
+        redirect_to admin_forum_path(@forum)
+      end
+      #########################################################
+
       private
 
-      def category_params
+      def forum_params
         params.require(:forum).permit(:name, :category)
       end
+
+      def set_forum
+        @forum = Forum.find(params[:forum_id])
+      end
     end
   end
 end

data/app/controllers/mongoid_forums/admin/groups_controller.rb

@@ -0,0 +1,87 @@
+require_dependency "mongoid_forums/application_controller"
+
+module MongoidForums
+  module Admin
+    class GroupsController < BaseController
+
+      def index
+        @groups = Group.all
+      end
+
+      def new
+        @group = Group.new
+      end
+
+      def create
+        if @group = Group.create(params.require(:group).permit(:name, :moderator, :members))
+          flash[:notice] = "Group created successfully"
+          redirect_to [:admin, @group]
+        else
+          flash.now.alert = "Group could not be created"
+          render :action => "new"
+        end
+      end
+
+      def edit
+        @group = Group.find(params[:id])
+      end
+
+      def update
+        @group = Group.find(params[:id])
+        if @group.update_attributes(params.require(:group).permit(:name, :members))
+          flash[:notice] = "Group updated successfully"
+          redirect_to [:admin, @group]
+        else
+          flash[:notice] = "Group could not be updated"
+          render :action => "edit"
+        end
+      end
+
+      def show
+        @group = Group.find(params[:id])
+        @group_members = @group.members.map {|member_id| User.find(member_id) }
+        @users = User.all
+      end
+
+      def destroy
+        @group = Group.find(params[:id])
+
+        if @group.destroy
+          flash[:notice] = "Group destroyed successfully"
+          redirect_to admin_groups_path
+        else
+          flash.now.alert = "Group could not be destroyed"
+          redirect_to admin_groups_path
+        end
+      end
+
+      ### Temporary Methods - Try Not To Cringe Too Much <3 ###
+      def add_member
+        group = Group.find(params.require(:group_id))
+        user = User.find(params[:user][:id])
+
+        group.members << user.id unless group.members.include?(user.id)
+        group.save
+
+        redirect_to admin_group_path(group)
+      end
+
+      def remove_member
+        group = Group.find(params.require(:group_id))
+        user = User.find(params[:user][:id])
+
+        group.members.delete(user.id)
+        group.save
+
+        redirect_to admin_group_path(group)
+      end
+      #########################################################
+    end
+
+    private
+
+    def group_params
+      params.require(:group).permit(:name, :members)
+    end
+  end
+end

data/app/controllers/mongoid_forums/application_controller.rb

@@ -1,16 +1,18 @@
+require 'cancan'
+
 class MongoidForums::ApplicationController < ApplicationController
   helper MongoidForums::Engine.helpers
 
-  before_action :set_categories
-  before_action :set_alerts
-
-  before_filter :authorize
+  rescue_from CanCan::AccessDenied do
+    redirect_to root_path, :alert => t("mongoid.access_denied")
+  end
 
-  delegate :allow?, to: :current_permission
-  helper_method :allow?
+  def current_ability
+    MongoidForums::Ability.new(mongoid_forums_user)
+  end
 
-  #delegate :allow_param?, to: :current_permission
-  #helper_method :allow?
+  before_action :set_categories
+  before_action :set_alerts
 
   private
 
@@ -24,23 +26,32 @@ class MongoidForums::ApplicationController < ApplicationController
     @categories = MongoidForums::Category.all
   end
 
-
-  def current_permission
-    @current_permission ||= MongoidForums::Permission.new(mongoid_forums_user)
+    def authenticate_mongoid_forums_user
+    if !mongoid_forums_user
+      session["user_return_to"] = request.fullpath
+      flash.alert = "You must be signed in"
+      devise_route = "new_#{MongoidForums.user_class.to_s.underscore}_session_path"
+      sign_in_path = MongoidForums.sign_in_path ||
+        (main_app.respond_to?(devise_route) && main_app.send(devise_route)) ||
+        (main_app.respond_to?(:sign_in_path) && main_app.send(:sign_in_path))
+      if sign_in_path
+        redirect_to sign_in_path
+      else
+        raise "MongoidForums could not determine the sign in path for your application. Please do one of these things:
+1) Define sign_in_path in the config/routes.rb of your application like this:
+or; 2) Set MongoidForums.sign_in_path to a String value that represents the location of your sign in form, such as '/users/sign_in'."
+      end
+    end
   end
 
-  # gets overrided by controllers, and is used in the Rank system
-  def current_resource
-    nil
+  def mongoid_forums_admin?
+    mongoid_forums_user && mongoid_forums_user.mongoid_forums_admin?
   end
+  helper_method :mongoid_forums_admin?
 
-
-  def authorize
-    if current_permission.allow? params[:controller], params[:action], current_resource
-      #current_permission.permit_params! params
-    else
-      redirect_to root_path, alert: "Not authorized"
-    end
+  def mongoid_forums_admin_or_moderator?(forum)
+    mongoid_forums_user && (mongoid_forums_user.mongoid_forums_admin? || forum.moderator?(mongoid_forums_user))
   end
+  helper_method :mongoid_forums_admin_or_moderator?
 
 end

data/app/controllers/mongoid_forums/forums_controller.rb

@@ -2,6 +2,9 @@ require_dependency "mongoid_forums/application_controller"
 
 module MongoidForums
   class ForumsController < ApplicationController
+    load_and_authorize_resource :class => 'MongoidForums::Forum', :only => :show
+    before_filter :authenticate_mongoid_forums_user, :only => [:create, :new]
+
     def index
       @categories = Category.all.order_by([:order, :asc])
     end
@@ -18,14 +21,18 @@ module MongoidForums
     # it is to create a new TOPIC within a forum
     def new
       @forum = Forum.find(params[:forum_id])
+      authorize! :create_topic, @forum
+
       @topic = Topic.new
       @topic.forum = @forum.id
     end
-    
+
     # Note: This is not an action to make a new Forum!
     # it is to create a new TOPIC within a forum
     def create
       @forum = Forum.find(params[:forum_id])
+      authorize! :create_topic, @forum
+
       @topic = Topic.new
       @topic.name = topic_params[:name]
       @topic.user = mongoid_forums_user.id

data/app/controllers/mongoid_forums/posts_controller.rb

@@ -3,8 +3,10 @@ require_dependency "mongoid_forums/application_controller"
 module MongoidForums
   class PostsController < ApplicationController
     before_filter :find_topic
+    before_filter :authenticate_mongoid_forums_user, except: :show
 
     def new
+      authorize! :reply, @topic
       @post = @topic.posts.build
       @post.topic = @topic.id
       if params[:reply_to_id]
@@ -13,6 +15,7 @@ module MongoidForums
     end
 
     def create
+      authorize! :reply, @topic
       @post = @topic.posts.build(post_params)
       @post.user = mongoid_forums_user
 
@@ -44,6 +47,7 @@ module MongoidForums
 
     def edit
       find_post
+      authorize! :edit_post, @topic.forum
     end
 
     def update
@@ -52,9 +56,10 @@ module MongoidForums
         redirect_to [@topic] and return
       end
 
+      authorize! :edit_post, @topic.forum
       find_post
 
-      if @post.update_attributes(post_params)
+      if @post.owner_or_admin?(mongoid_forums_user) && @post.update_attributes(post_params)
         flash[:notice] = "Reply updated successfully"
         redirect_to @topic
       else
@@ -71,6 +76,13 @@ module MongoidForums
         return
       end
 
+      authorize! :destroy_post, @topic.forum
+
+      unless @post.owner_or_admin? mongoid_forums_user
+        flash[:alert] = t("mongoid_forums.post.cannot_delete")
+        redirect_to @topic and return
+      end
+
       if @post.destroy
         flash[:notice] = "Post deleted successfully"
         redirect_to @topic