RubyGems - noodall-ui - Versions diffs - 0.1.14 → 0.1.15 - Mend

noodall-ui 0.1.14 → 0.1.15

Files changed (8) hide show

@@ -9,7 +9,15 @@ module Noodall
       private
         def permission_denied
           flash[:error] = "You do not have permission to do that"
-          redirect_to :back
+          if request.headers["Referer"]
+            redirect_to :back
+          else
+            redirect_to root_path
+          end
+        end
+        def enforce_editor_permission
+          raise Canable::Transgression unless current_user.admin? or !current_user.respond_to?('editor?') or current_user.editor?
         end
     end
   end

@@ -3,7 +3,7 @@ module Noodall
     class NodesController < BaseController
       include Canable::Enforcers
       layout 'noodall_admin'
-      before_filter :set_title
+      before_filter :set_title, :enforce_editor_permission
       def index
         if params[:node_id].nil?
@@ -138,10 +138,10 @@ module Noodall
       def preview
         @node = Node.find(params[:id])
         @node.attributes = params[:node]
         @node.permalink ||= 'preview'
         @node.published_at = Time.zone.now
         render :template => "/nodes/#{@node.class.name.underscore}", :layout => 'application'
       end

data/demo/models/user.rb CHANGED Viewed

@@ -6,7 +6,15 @@ class User
   key :full_name, String
   key :groups, Array
+  cattr_accessor :editor_groups
   def admin?
     groups.include?('website administrator')
   end
+  def editor?
+    return true if self.class.editor_groups.blank?
+    admin? or (self.class.editor_groups & groups).size > 0
+  end
 end

data/features/group_access_control.feature CHANGED Viewed

@@ -26,3 +26,7 @@ Feature: Groups access control
   Scenario: Administrators
     Given I am signed in as a website administrator
     Then I should be able to carry out all actions regardless of group permissions
+  Scenario: Set Editor groups
+    Given the system has editor groups set to 'editor'
+    Then a user not in the group editor will no be able to edit any content

@@ -120,3 +120,13 @@ Then /^I sign out$/ do
   # express the regexp above with the code you wish you had
 end
+Given /^the system has editor groups set to 'editor'$/ do
+  User.editor_groups = ['editor']
+end
+Then /^a user not in the group editor will no be able to edit any content$/ do
+  Factory(:home, :title => 'Home', :publish => true)
+  Given %{I am signed in as a nogood}
+  visit noodall_admin_nodes_path
+  page.should have_content("You do not have permission to do that")
+end

data/features/support/user_reset.rb ADDED Viewed

@@ -0,0 +1,4 @@
+Before do
+  # Make sure editor groups are reset
+  User.editor_groups = []
+end

data/lib/noodall/ui/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Noodall
   module UI
-    VERSION = "0.1.14"
+    VERSION = "0.1.15"
   end
 end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: noodall-ui
 version: !ruby/object:Gem::Version
-  hash: 7
+  hash: 5
   prerelease:
   segments:
   - 0
   - 1
-  - 14
-  version: 0.1.14
+  - 15
+  version: 0.1.15
 platform: ruby
 authors:
 - Steve England
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-02-03 00:00:00 +00:00
+date: 2011-02-04 00:00:00 +00:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -224,6 +224,7 @@ files:
 - features/support/mm_factory_steps.rb
 - features/support/paths.rb
 - features/support/sevenfeatures.rb
+- features/support/user_reset.rb
 - lib/generators/noodall/component/USAGE
 - lib/generators/noodall/component/component_generator.rb
 - lib/generators/noodall/component/templates/admin_template.html.erb