app/models/role.rb db/migrate/056_create_roles.rb test/fixtures/roles.yml @@ -110,6 +110,13 @@ Finally, you'll need an S3 account for S3 photo uploading. CommunityEngine includes the s3.rake tasks for backing up your site to S3. If you plan on using these, you'll need to add a file in RAILS_ROOT/config/s3.yml. (Sample in sample_files/s3.yml) +## ROLES ## +CommunityEngine Users have a Role (by default, it's admin, moderator, or member) +To set a user as an admin, you must manually change his role_id through the database. +Once logged in as an admin, you'll be able to toggle other users between moderator and member (just go to their profile page and look on the sidebar.) +Admins and moderators can edit and delete other users posts. + + ## THEMES ## To create a theme: 1. Add a 'themes' directory in RAILS_ROOT with the following structure: README @@ -4,4 +4,4 @@ homepage: http://www.missingmethod.com summary: A social networking engine description: Adds basic social networking capabilities to your existing application, including users, blogs, photos, clippings, favorites, and more. license: MIT -version: 0.10.2 \ No newline at end of file +version: 0.10.3 \ No newline at end of file about.yml @@ -11,7 +11,7 @@ class PostsController < BaseController before_filter :login_required, :only => [:new, :edit, :update, :destroy, :create, :manage] before_filter :find_user, :only => [:new, :edit, :index, :show, :update_view, :manage] - before_filter :require_current_user, :only => [:create, :edit, :update, :destroy, :manage] + before_filter :require_ownership_or_moderator, :only => [:create, :edit, :update, :destroy, :manage] def manage @posts = @user.posts.find_without_published_as(:all, :page => {:current => params[:page], :size => 10}, :order => 'published_at DESC') @@ -230,6 +230,12 @@ class PostsController < BaseController render :partial => "/categories/tips", :locals => {:category => nil} end - + def require_ownership_or_moderator + @user ||= User.find(params[:user_id] || params[:id] ) + unless admin? || moderator? || (@user && (@user.eql?(current_user))) + redirect_to :controller => 'sessions', :action => 'new' and return false + end + return @user + end end \ No newline at end of file app/controllers/posts_controller.rb @@ -22,7 +22,7 @@ class UsersController < BaseController before_filter :require_current_user, :only => [:edit, :update, :update_account, :edit_pro_details, :update_pro_details, :welcome_photo, :welcome_about, :welcome_invite] - before_filter :admin_required, :only => [:assume, :destroy, :featured, :toggle_featured] + before_filter :admin_required, :only => [:assume, :destroy, :featured, :toggle_featured, :toggle_moderator] before_filter :admin_or_current_user_required, :only => [:statistics] def activate @@ -78,6 +78,7 @@ class UsersController < BaseController def create @user = User.new(params[:user]) + @user.role = Role[:member] @user.save! create_friendship_with_inviter(@user, params) flash[:notice] = "Thanks for signing up! You should receive an e-mail confirmation shortly at #{@user.email}" @@ -307,6 +308,14 @@ class UsersController < BaseController @user.toggle!(:featured_writer) redirect_to user_path(@user) end + + def toggle_moderator + @user = User.find(params[:id]) + @user.role = @user.moderator? ? Role[:member] : Role[:moderator] + @user.save! + redirect_to user_path(@user) + end + def statistics if params[:date] app/controllers/users_controller.rb @@ -6,7 +6,8 @@ class User < ActiveRecord::Base MALE = 'M' FEMALE = 'F' - attr_protected :admin, :featured + attr_protected :admin, :featured, :role_id + before_save :encrypt_password, :whitelist_attributes before_create :make_activation_code after_create :update_last_login @@ -39,6 +40,8 @@ class User < ActiveRecord::Base has_many :invitations, :dependent => :destroy has_many :offerings, :dependent => :destroy + has_enumerated :role + #friends has_many :friendships, :class_name => "Friendship", :foreign_key => "user_id", :dependent => :destroy has_many :accepted_friendships, :class_name => "Friendship", :conditions => ['friendship_status_id = ?', 2] @@ -377,6 +380,17 @@ class User < ActiveRecord::Base def display_name login end + + def admin? + role && role.eql?(Role[:admin]) + end + def moderator? + role && role.eql?(Role[:moderator]) + end + def member? + role && role.eql?(Role[:member]) + end + #from savage beast app/models/user.rb @@ -24,7 +24,7 @@ %a{:href=>"#", :onclick=>"showSendTo_friend(); return false;", :title=>"E-mail this story to friends"} E-mail to friends %li.share %script{:type=>"text/javascript", :src=>"http://w.sharethis.com/widget/?tabs=web&amp;charset=utf-8&amp;style=default&amp;publisher=4488bdef-d776-4c80-93e1-ac1fb8359971&amp;linkfg=%23131358"} - -if @is_current_user || admin? + -if @is_current_user || admin? || moderator? %li.edit= link_to "Edit", edit_user_post_path(@post.user, @post) %li.delete= link_to "Delete", user_post_path(@post.user, @post), {:method => :delete, :confirm => 'Permanently delete this post?'} app/views/posts/show.html.haml @@ -17,8 +17,8 @@ #monitor_topic %input#monitor_checkbox{:type=>"checkbox", :checked=> @monitoring, :onclick=>"monitor_click()"} %label#monitor_label{"for"=>"monitor_checkbox"} - Watch - = "ing" if @monitoring + + = "Watch#{@monitoring ? 'ing' : ''}" = _('topic') = hidden_field_tag '_method', 'delete' if @monitoring = submit_tag :Set, :id => 'monitor_submit' app/views/topics/show.html.haml @@ -7,6 +7,8 @@ = link_to( "&raquo; Delete this user", user_path(@user), {:method => :delete, :confirm => 'Are you sure you want to permanently delete this user?'} ) %br/ = link_to( "&raquo; Toggle #{AppConfig.featured_writer_label}", toggle_featured_user_path(@user), {:method => :put} ) + %br/ + = link_to( "&raquo; Assign role: #{@user.moderator? ? 'member' : 'moderator'}", toggle_moderator_user_path(@user), {:method => :put} ) #profile_details.box.hentry %h3 app/views/users/_profile_user_info_sidebar.html.haml @@ -62,6 +62,10 @@ module AuthenticatedSystem logged_in? && current_user.admin? end + def moderator? + logged_in? && current_user.moderator? + end + # Filter method to enforce a login requirement. # @@ -128,7 +132,7 @@ module AuthenticatedSystem # Inclusion hook to make #current_user and #logged_in? # available as ActionView helper methods. def self.included(base) - base.send :helper_method, :current_user, :logged_in?, :admin? + base.send :helper_method, :current_user, :logged_in?, :admin?, :moderator? end # When called with before_filter :login_from_cookie will check for an :auth_token lib/authenticated_system.rb @@ -85,6 +85,7 @@ resources :contests, :member => { :latest => :get } resources :users, :member_path => '/:id', :nested_member_path => '/:user_id', :member => { :dashboard => :get, :assume => :get, + :toggle_moderator => :put, :toggle_featured => :put, :change_profile_photo => :put, :return_admin => :get, routes.rb @@ -8,13 +8,13 @@ quentin: created_at: <%= 5.days.ago.to_s :db %> activated_at: <%= 5.days.ago.to_s :db %> activation_code: - admin: 0 state_id: 1 metro_area_id: 1 profile_public: true login_slug: quentin birthday: <%= 15.years.ago.to_s :db %> activities_count: 0 + role_id: 3 aaron: id: 2 login: aaron @@ -27,9 +27,9 @@ aaron: activation_code: sb_posts_count: 2 sb_last_seen_at: <%= 5.minutes.ago.to_s :db %> - admin: 0 login_slug: aaron birthday: <%= 15.years.ago.to_s :db %> + role_id: 3 kevin: id: 3 login: kevin @@ -40,9 +40,9 @@ kevin: created_at: <%= 5.days.ago.to_s :db %> activated_at: <%= 5.days.ago.to_s :db %> activation_code: - admin: 0 login_slug: kevin birthday: <%= 15.years.ago.to_s :db %> + role_id: 3 admin: id: 4 login: admin @@ -53,9 +53,9 @@ admin: created_at: <%= 1.days.ago.to_s :db %> activated_at: <%= 30.minutes.ago.to_s :db %> activation_code: - admin: 1 login_slug: admin birthday: <%= 15.years.ago.to_s :db %> + role_id: 1 dwr: id: 5 login: dwreach @@ -66,10 +66,10 @@ dwr: created_at: <%= 1.days.ago.to_s :db %> activated_at: <%= 30.minutes.ago.to_s :db %> activation_code: - admin: 0 vendor: 1 login_slug: dwreach birthday: <%= 15.years.ago.to_s :db %> + role_id: 3 leopoldo: id: 6 login: leopoldo @@ -81,9 +81,9 @@ leopoldo: activated_at: <%= 5.days.ago.to_s :db %> metro_area_id: 4 activation_code: - admin: 0 login_slug: leopoldo birthday: <%= 15.years.ago.to_s :db %> + role_id: 3 florian: id: 7 login: florian @@ -95,9 +95,9 @@ florian: activated_at: <%= 10.minutes.ago.to_s :db %> metro_area_id: 5 activation_code: - admin: 0 login_slug: florian birthday: <%= 15.years.ago.to_s :db %> + role_id: 3 super_writer: id: 8 login: superwriter @@ -109,10 +109,10 @@ super_writer: activated_at: <%= 10.minutes.ago.to_s :db %> metro_area_id: 5 activation_code: - admin: 0 featured_writer: 1 login_slug: superwriter birthday: <%= 15.years.ago.to_s :db %> + role_id: 3 plumberbob: id: 9 login: plumberbob @@ -123,10 +123,10 @@ plumberbob: created_at: <%= 1.days.ago.to_s :db %> activated_at: <%= 30.minutes.ago.to_s :db %> activation_code: - admin: 0 vendor: 1 login_slug: plumberbob birthday: <%= 15.years.ago.to_s :db %> + role_id: 3 privateuser: id: 10 login: privateuser @@ -137,11 +137,11 @@ privateuser: created_at: <%= 1.days.ago.to_s :db %> activated_at: <%= 30.minutes.ago.to_s :db %> activation_code: - admin: 0 vendor: 0 login_slug: privateuser profile_public: 0 birthday: <%= 15.years.ago.to_s :db %> + role_id: 3 sam: id: 11 login: sam @@ -152,6 +152,7 @@ sam: sb_last_seen_at: <%= 4.minutes.ago.to_s :db %> activated_at: <%= 5.days.ago.to_s :db %> activation_code: + role_id: 3 joe: id: 12 login: joe @@ -162,6 +163,7 @@ joe: sb_last_seen_at: <%= 4.minutes.ago.to_s :db %> activated_at: <%= 5.days.ago.to_s :db %> activation_code: + role_id: 3 kyle: id: 13 login: kyle @@ -171,4 +173,5 @@ kyle: sb_posts_count: 0 activated_at: <%= 5.days.ago.to_s :db %> activation_code: + role_id: 3 \ No newline at end of file test/fixtures/users.yml @@ -5,7 +5,7 @@ require 'activities_controller' class ActivitiesController; def rescue_action(e) raise e end; end class ActivitiesControllerTest < Test::Unit::TestCase - fixtures :users, :categories, :posts, :comments + fixtures :users, :categories, :posts, :comments, :roles def setup @controller = ActivitiesController.new test/functional/activities_controller_test.rb @@ -5,7 +5,7 @@ require 'admin_controller' class AdminController; def rescue_action(e) raise e end; end class AdminControllerTest < Test::Unit::TestCase - fixtures :users, :categories + fixtures :users, :categories, :roles def setup @controller = AdminController.new test/functional/admin_controller_test.rb @@ -5,7 +5,7 @@ require 'ads_controller' class AdsController; def rescue_action(e) raise e end; end class AdsControllerTest < Test::Unit::TestCase - fixtures :ads, :users, :categories + fixtures :ads, :users, :categories, :roles def setup @controller = AdsController.new test/functional/ads_controller_test.rb @@ -7,7 +7,7 @@ require File.dirname(__FILE__) + '/../test_helper' # class BaseController < ApplicationController; def rescue_action(e) raise e end; end class BaseControllerTest < Test::Unit::TestCase - fixtures :clippings, :users, :photos, :homepage_features, :taggings, :tags, :posts, :categories + fixtures :clippings, :users, :photos, :homepage_features, :taggings, :tags, :posts, :categories, :roles def setup @controller = BaseController.new test/functional/base_controller_test.rb @@ -5,7 +5,7 @@ require 'categories_controller' class CategoriesController; def rescue_action(e) raise e end; end class CategoriesControllerTest < Test::Unit::TestCase - fixtures :categories, :users + fixtures :categories, :users, :roles def setup @controller = CategoriesController.new test/functional/categories_controller_test.rb @@ -5,7 +5,7 @@ require 'clippings_controller' class ClippingsController; def rescue_action(e) raise e end; end class ClippingsControllerTest < Test::Unit::TestCase - fixtures :clippings, :users + fixtures :clippings, :users, :roles def setup @controller = ClippingsController.new test/functional/clippings_controller_test.rb @@ -5,7 +5,7 @@ require 'comments_controller' class CommentsController; def rescue_action(e) raise e end; end class CommentsControllerTest < Test::Unit::TestCase - fixtures :users, :photos, :posts, :comments + fixtures :users, :photos, :posts, :comments, :roles def setup @controller = CommentsController.new test/functional/comments_controller_test.rb @@ -5,7 +5,7 @@ require 'contests_controller' class ContestsController; def rescue_action(e) raise e end; end class ContestsControllerTest < Test::Unit::TestCase - fixtures :contests, :users + fixtures :contests, :users, :roles def setup @controller = ContestsController.new test/functional/contests_controller_test.rb @@ -5,7 +5,7 @@ require 'events_controller' class EventsController; def rescue_action(e) raise e end; end class EventsControllerTest < Test::Unit::TestCase - fixtures :users, :events, :states + fixtures :users, :events, :states, :roles def setup @controller = EventsController.new test/functional/events_controller_test.rb @@ -5,7 +5,7 @@ require 'favorites_controller' class FavoritesController; def rescue_action(e) raise e end; end class FavoritesControllerTest < Test::Unit::TestCase - fixtures :clippings, :users + fixtures :clippings, :users, :roles def setup @controller = FavoritesController.new test/functional/favorites_controller_test.rb @@ -6,7 +6,7 @@ class FriendshipsController; def rescue_action(e) raise e end; end class FriendshipsControllerTest < Test::Unit::TestCase include UsersHelper - fixtures :friendships, :friendship_statuses, :users + fixtures :friendships, :friendship_statuses, :users, :roles def setup test/functional/friendships_controller_test.rb @@ -5,7 +5,7 @@ require 'homepage_features_controller' class HomepageFeaturesController; def rescue_action(e) raise e end; end class HomepageFeaturesControllerTest < Test::Unit::TestCase - fixtures :homepage_features, :users + fixtures :homepage_features, :users, :roles def setup @controller = HomepageFeaturesController.new test/functional/homepage_features_controller_test.rb @@ -5,7 +5,7 @@ require 'invitations_controller' class InvitationsController; def rescue_action(e) raise e end; end class InvitationsControllerTest < Test::Unit::TestCase - fixtures :invitations, :users + fixtures :invitations, :users, :roles def setup @controller = InvitationsController.new test/functional/invitations_controller_test.rb @@ -5,7 +5,7 @@ require 'metro_areas_controller' class MetroAreasController; def rescue_action(e) raise e end; end class MetroAreasControllerTest < Test::Unit::TestCase - fixtures :metro_areas, :users, :countries + fixtures :metro_areas, :users, :countries, :roles def setup @controller = MetroAreasController.new test/functional/metro_areas_controller_test.rb @@ -5,7 +5,7 @@ require 'offerings_controller' class OfferingsController; def rescue_action(e) raise e end; end class OfferingsControllerTest < Test::Unit::TestCase - fixtures :offerings, :skills, :users + fixtures :offerings, :skills, :users, :roles def setup @controller = OfferingsController.new test/functional/offerings_controller_test.rb @@ -5,7 +5,7 @@ require 'photos_controller' class PhotosController; def rescue_action(e) raise e end; end class PhotosControllerTest < Test::Unit::TestCase - fixtures :photos, :users + fixtures :photos, :users, :roles def setup @controller = PhotosController.new test/functional/photos_controller_test.rb @@ -5,7 +5,7 @@ require 'posts_controller' class PostsController; def rescue_action(e) raise e end; end class PostsControllerTest < Test::Unit::TestCase - fixtures :posts, :users, :categories, :contests + fixtures :posts, :users, :categories, :contests, :roles def setup @controller = PostsController.new test/functional/posts_controller_test.rb @@ -5,7 +5,7 @@ require 'sessions_controller' class SessionsController; def rescue_action(e) raise e end; end class SessionsControllerTest < Test::Unit::TestCase - fixtures :users + fixtures :users, :roles def setup @controller = SessionsController.new test/functional/sessions_controller_test.rb @@ -5,7 +5,7 @@ require 'skills_controller' class SkillsController; def rescue_action(e) raise e end; end class SkillsControllerTest < Test::Unit::TestCase - fixtures :skills, :users + fixtures :skills, :users, :roles def setup @controller = SkillsController.new test/functional/skills_controller_test.rb @@ -5,7 +5,7 @@ require 'statistics_controller' class StatisticsController; def rescue_action(e) raise e end; end class StatisticsControllerTest < Test::Unit::TestCase - fixtures :users + fixtures :users, :roles def setup @controller = StatisticsController.new test/functional/statistics_controller_test.rb @@ -5,7 +5,7 @@ require 'tags_controller' class TagsController; def rescue_action(e) raise e end; end class TagsControllerTest < Test::Unit::TestCase - fixtures :tags, :taggings, :photos + fixtures :tags, :taggings, :photos, :roles def setup @controller = TagsController.new test/functional/tags_controller_test.rb @@ -9,7 +9,7 @@ class UsersControllerTest < Test::Unit::TestCase # Then, you can remove it from this and the units test. include AuthenticatedTestHelper - fixtures :users, :tags, :states, :metro_areas, :countries, :skills, :friendship_statuses, :friendships, :categories + fixtures :users, :roles, :tags, :states, :metro_areas, :countries, :skills, :friendship_statuses, :friendships, :categories def setup @controller = UsersController.new @@ -38,6 +38,23 @@ class UsersControllerTest < Test::Unit::TestCase assert_response :success end + def test_should_toggle_moderator + login_as :admin + assert !users(:quentin).moderator? + put :toggle_moderator, :id => users(:quentin) + assert users(:quentin).reload.moderator? + put :toggle_moderator, :id => users(:quentin) + assert !users(:quentin).reload.moderator? + end + + def test_should_not_toggle_featured_writer_if_not_admin + login_as :quentin + put :toggle_moderator, :id => users(:quentin) + assert_redirected_to :login_url + assert !users(:quentin).reload.moderator? + end + + def test_should_toggle_featured_writer login_as :admin assert !users(:quentin).featured_writer? test/functional/users_controller_test.rb @@ -5,7 +5,7 @@ require 'votes_controller' class VotesController; def rescue_action(e) raise e end; end class VotesControllerTest < Test::Unit::TestCase - fixtures :users, :posts + fixtures :users, :posts, :roles def setup @controller = VotesController.new test/functional/votes_controller_test.rb @@ -1,7 +1,7 @@ require File.dirname(__FILE__) + '/../test_helper' class AssetTest < Test::Unit::TestCase - fixtures :clippings, :users + fixtures :clippings, :users, :roles def teardown Asset.destroy_all test/unit/asset_test.rb @@ -1,7 +1,7 @@ require File.dirname(__FILE__) + '/../test_helper' class ClippingImageTest < Test::Unit::TestCase - fixtures :clippings, :users + fixtures :clippings, :users, :roles def teardown Asset.destroy_all test/unit/clipping_image_test.rb @@ -1,7 +1,7 @@ require File.dirname(__FILE__) + '/../test_helper' class ClippingTest < Test::Unit::TestCase - fixtures :clippings, :tags, :taggings, :users + fixtures :clippings, :tags, :taggings, :users, :roles def teardown Asset.destroy_all test/unit/clipping_test.rb @@ -1,7 +1,7 @@ require File.dirname(__FILE__) + '/../test_helper' class CommentTest < Test::Unit::TestCase - fixtures :comments, :users, :posts + fixtures :comments, :users, :posts, :roles def test_should_find_comments_by_user comments = Comment.find_comments_by_user(users(:quentin)) test/unit/comment_test.rb @@ -1,7 +1,7 @@ require File.dirname(__FILE__) + '/../test_helper' class FavoriteTest < Test::Unit::TestCase - fixtures :clippings, :users + fixtures :clippings, :users, :roles def setup Favorite.destroy_all test/unit/favorite_test.rb @@ -1,7 +1,7 @@ require File.dirname(__FILE__) + '/../test_helper' class FriendshipTest < Test::Unit::TestCase - fixtures :friendships, :users + fixtures :friendships, :users, :roles def test_user_and_friend_can_not_be_same fr = Friendship.new(:user_id => 1, :friend_id => 1) test/unit/friendship_test.rb @@ -1,7 +1,7 @@ require File.dirname(__FILE__) + '/../test_helper' class InvitationTest < Test::Unit::TestCase - fixtures :invitations, :users + fixtures :invitations, :users, :roles def test_email_addresses_validation addresses = "valid@example.com, valid_2@example.com, invalid.invalid.com" test/unit/invitation_test.rb @@ -2,7 +2,7 @@ require File.dirname(__FILE__) + '/../test_helper' require 'hpricot' class PostTest < Test::Unit::TestCase - fixtures :posts, :users, :comments + fixtures :posts, :users, :comments, :roles def setup Favorite.destroy_all test/unit/post_test.rb @@ -7,7 +7,7 @@ class UserNotifierTest < Test::Unit::TestCase include ActionMailer::Quoting - fixtures :users, :friendships, :comments, :posts, :sb_posts, :topics, :forums + fixtures :users, :friendships, :comments, :posts, :sb_posts, :topics, :forums, :roles def setup ActionMailer::Base.delivery_method = :test test/unit/user_notifier_test.rb @@ -4,7 +4,7 @@ class UserTest < Test::Unit::TestCase # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead. # Then, you can remove it from this and the functional test. include AuthenticatedTestHelper - fixtures :users, :states, :metro_areas, :friendships + fixtures :users, :states, :metro_areas, :friendships, :roles, :friendship_statuses def test_should_create_user assert_difference User, :count do test/unit/user_test.rb 145b62e6ff6b63f0d7bcbdd677504daf3617bbde Bruno Bornsztein bruno@otis.local http://github.com/bborn/communityengine/commit/0f6d1e6a0cb5f85f512feadae7320d18d0d72675 0f6d1e6a0cb5f85f512feadae7320d18d0d72675 2008-06-10T12:22:18-07:00 2008-06-10T12:22:18-07:00 adding roles - NOTE: new migration! Added Role model and association on User, with default roles of admin, moderator, and member. Please make sure to run the new migration and tests, or your application will break. 6c11ac4c417c85251f649a9def914300bfdb1b3f Bruno Bornsztein bruno@otis.local