noodall-ui 0.1.14 → 0.1.15
Sign up to get free protection for your applications and to get access to all the features.
- data/app/controllers/noodall/admin/base_controller.rb +9 -1
- data/app/controllers/noodall/admin/nodes_controller.rb +3 -3
- data/demo/models/user.rb +8 -0
- data/features/group_access_control.feature +4 -0
- data/features/step_definitions/groups_access_steps.rb +10 -0
- data/features/support/user_reset.rb +4 -0
- data/lib/noodall/ui/version.rb +1 -1
- metadata +5 -4
@@ -9,7 +9,15 @@ module Noodall
|
|
9
9
|
private
|
10
10
|
def permission_denied
|
11
11
|
flash[:error] = "You do not have permission to do that"
|
12
|
-
|
12
|
+
if request.headers["Referer"]
|
13
|
+
redirect_to :back
|
14
|
+
else
|
15
|
+
redirect_to root_path
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
def enforce_editor_permission
|
20
|
+
raise Canable::Transgression unless current_user.admin? or !current_user.respond_to?('editor?') or current_user.editor?
|
13
21
|
end
|
14
22
|
end
|
15
23
|
end
|
@@ -3,7 +3,7 @@ module Noodall
|
|
3
3
|
class NodesController < BaseController
|
4
4
|
include Canable::Enforcers
|
5
5
|
layout 'noodall_admin'
|
6
|
-
before_filter :set_title
|
6
|
+
before_filter :set_title, :enforce_editor_permission
|
7
7
|
|
8
8
|
def index
|
9
9
|
if params[:node_id].nil?
|
@@ -138,10 +138,10 @@ module Noodall
|
|
138
138
|
def preview
|
139
139
|
@node = Node.find(params[:id])
|
140
140
|
@node.attributes = params[:node]
|
141
|
-
|
141
|
+
|
142
142
|
@node.permalink ||= 'preview'
|
143
143
|
@node.published_at = Time.zone.now
|
144
|
-
|
144
|
+
|
145
145
|
render :template => "/nodes/#{@node.class.name.underscore}", :layout => 'application'
|
146
146
|
end
|
147
147
|
|
data/demo/models/user.rb
CHANGED
@@ -6,7 +6,15 @@ class User
|
|
6
6
|
key :full_name, String
|
7
7
|
key :groups, Array
|
8
8
|
|
9
|
+
cattr_accessor :editor_groups
|
10
|
+
|
9
11
|
def admin?
|
10
12
|
groups.include?('website administrator')
|
11
13
|
end
|
14
|
+
|
15
|
+
def editor?
|
16
|
+
return true if self.class.editor_groups.blank?
|
17
|
+
admin? or (self.class.editor_groups & groups).size > 0
|
18
|
+
end
|
19
|
+
|
12
20
|
end
|
@@ -26,3 +26,7 @@ Feature: Groups access control
|
|
26
26
|
Scenario: Administrators
|
27
27
|
Given I am signed in as a website administrator
|
28
28
|
Then I should be able to carry out all actions regardless of group permissions
|
29
|
+
|
30
|
+
Scenario: Set Editor groups
|
31
|
+
Given the system has editor groups set to 'editor'
|
32
|
+
Then a user not in the group editor will no be able to edit any content
|
@@ -120,3 +120,13 @@ Then /^I sign out$/ do
|
|
120
120
|
# express the regexp above with the code you wish you had
|
121
121
|
end
|
122
122
|
|
123
|
+
Given /^the system has editor groups set to 'editor'$/ do
|
124
|
+
User.editor_groups = ['editor']
|
125
|
+
end
|
126
|
+
|
127
|
+
Then /^a user not in the group editor will no be able to edit any content$/ do
|
128
|
+
Factory(:home, :title => 'Home', :publish => true)
|
129
|
+
Given %{I am signed in as a nogood}
|
130
|
+
visit noodall_admin_nodes_path
|
131
|
+
page.should have_content("You do not have permission to do that")
|
132
|
+
end
|
data/lib/noodall/ui/version.rb
CHANGED
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: noodall-ui
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 5
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 1
|
9
|
-
-
|
10
|
-
version: 0.1.
|
9
|
+
- 15
|
10
|
+
version: 0.1.15
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Steve England
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2011-02-
|
18
|
+
date: 2011-02-04 00:00:00 +00:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -224,6 +224,7 @@ files:
|
|
224
224
|
- features/support/mm_factory_steps.rb
|
225
225
|
- features/support/paths.rb
|
226
226
|
- features/support/sevenfeatures.rb
|
227
|
+
- features/support/user_reset.rb
|
227
228
|
- lib/generators/noodall/component/USAGE
|
228
229
|
- lib/generators/noodall/component/component_generator.rb
|
229
230
|
- lib/generators/noodall/component/templates/admin_template.html.erb
|