noodall-ui 0.1.14 → 0.1.15

data/app/controllers/noodall/admin/base_controller.rb

@@ -9,7 +9,15 @@ module Noodall
       private
         def permission_denied
           flash[:error] = "You do not have permission to do that"
-          redirect_to :back
+          if request.headers["Referer"]
+            redirect_to :back
+          else
+            redirect_to root_path
+          end
+        end
+
+        def enforce_editor_permission
+          raise Canable::Transgression unless current_user.admin? or !current_user.respond_to?('editor?') or current_user.editor?
         end
     end
   end

data/app/controllers/noodall/admin/nodes_controller.rb

@@ -3,7 +3,7 @@ module Noodall
     class NodesController < BaseController
       include Canable::Enforcers
       layout 'noodall_admin'
-      before_filter :set_title
+      before_filter :set_title, :enforce_editor_permission
 
       def index
         if params[:node_id].nil?
@@ -138,10 +138,10 @@ module Noodall
       def preview
         @node = Node.find(params[:id])
         @node.attributes = params[:node]
-        
+
         @node.permalink ||= 'preview'
         @node.published_at = Time.zone.now
-        
+
         render :template => "/nodes/#{@node.class.name.underscore}", :layout => 'application'
       end
 

data/demo/models/user.rb

@@ -6,7 +6,15 @@ class User
   key :full_name, String
   key :groups, Array
 
+  cattr_accessor :editor_groups
+
   def admin?
     groups.include?('website administrator')
   end
+
+  def editor?
+    return true if self.class.editor_groups.blank?
+    admin? or (self.class.editor_groups & groups).size > 0
+  end
+
 end

data/features/group_access_control.feature

@@ -26,3 +26,7 @@ Feature: Groups access control
   Scenario: Administrators
     Given I am signed in as a website administrator
     Then I should be able to carry out all actions regardless of group permissions
+
+  Scenario: Set Editor groups
+    Given the system has editor groups set to 'editor'
+    Then a user not in the group editor will no be able to edit any content

data/features/step_definitions/groups_access_steps.rb

@@ -120,3 +120,13 @@ Then /^I sign out$/ do
   # express the regexp above with the code you wish you had
 end
 
+Given /^the system has editor groups set to 'editor'$/ do
+  User.editor_groups = ['editor']
+end
+
+Then /^a user not in the group editor will no be able to edit any content$/ do
+  Factory(:home, :title => 'Home', :publish => true)
+  Given %{I am signed in as a nogood}
+  visit noodall_admin_nodes_path
+  page.should have_content("You do not have permission to do that")
+end

data/features/support/user_reset.rb

@@ -0,0 +1,4 @@
+Before do
+  # Make sure editor groups are reset
+  User.editor_groups = []
+end

data/lib/noodall/ui/version.rb

@@ -1,5 +1,5 @@
 module Noodall
   module UI
-    VERSION = "0.1.14"
+    VERSION = "0.1.15"
   end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: noodall-ui
 version: !ruby/object:Gem::Version 
-  hash: 7
+  hash: 5
   prerelease: 
   segments: 
   - 0
   - 1
-  - 14
-  version: 0.1.14
+  - 15
+  version: 0.1.15
 platform: ruby
 authors: 
 - Steve England
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-03 00:00:00 +00:00
+date: 2011-02-04 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -224,6 +224,7 @@ files:
 - features/support/mm_factory_steps.rb
 - features/support/paths.rb
 - features/support/sevenfeatures.rb
+- features/support/user_reset.rb
 - lib/generators/noodall/component/USAGE
 - lib/generators/noodall/component/component_generator.rb
 - lib/generators/noodall/component/templates/admin_template.html.erb