made first steps towards the ACL system, with can_publish? and can_po…

…st? methods on users
knewter · Nov 16, 2008 · d46412f · d46412f
1 parent b9bc59e
commit d46412f
Show file tree

Hide file tree

Showing 8 changed files with 43 additions and 6 deletions.
diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb
@@ -4,7 +4,7 @@ class Admin::BaseController < ApplicationController
   before_filter :login_required
   before_filter :load_admin_plugin_nav
 
-  permit 'admin'
+  permit 'admin or initial_reviewer or final_reviewer or author'
 
   protected
   def load_admin_plugin_nav

diff --git a/app/controllers/admin/pages_controller.rb b/app/controllers/admin/pages_controller.rb
@@ -36,13 +36,16 @@ def update
   end
 
   def new
-    @page.linked, @page.published = true, true
+    @page.linked, @page.published = true, false
     @page.parent_id = params[:parent_id] if params[:parent_id]
     @page.page_order = params[:page_order] if params[:page_order]
   end 
 
   def create
     @page.name = @page.name.gsub(' ', '_')
+    unless current_user.can_publish?
+      @page.published = false
+    end
     if @page.save
       attach_page_plugins
       message = 'Page Added Successfully'

diff --git a/app/helpers/page_admin_helper.rb b/app/helpers/page_admin_helper.rb
@@ -108,7 +108,12 @@ def tree_table(acts_as_tree_set, init=true, level=0, &block)
   def tree_row item, level=0, &block
     ret  = "<tr class='level-#{level} #{cycle("odd", "even")}'>"
     ret << '  <td class="item">' + yield(item) + '</td>'
-    ret << '  <td class="page-controls">' + render(:partial => 'page_controls', :locals => { :page => item }) + '</td>'
+    if current_user.can_post?
+      controls = render(:partial => 'page_controls', :locals => { :page => item })
+    else
+      controls = ""
+    end
+    ret << '  <td class="page-controls">' + controls + '</td>'
     ret << '</tr>'
     item.children.each do |child|
       ret << tree_row(child, level+1, &block)

diff --git a/app/models/role.rb b/app/models/role.rb
@@ -8,7 +8,7 @@ class Role < ActiveRecord::Base
 
   validates_uniqueness_of :name, :scope => [:authorizable_id, :authorizable_type]
 
-  STATIC_ROLES = ["admin", "content_owner", "initial_reviewer", "final_reviewer", "author"]
+  STATIC_ROLES = ["admin", "initial_reviewer", "final_reviewer", "author"]
 
   named_scope :root, :conditions => "authorizable_type IS NULL and authorizable_id IS NULL"
 

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -17,6 +17,7 @@
 require 'digest/sha1'
 class User < ActiveRecord::Base
   include SavageBeast::UserInit
+  include Ansuz::AclRoles
   # acts_as_taggable_redux support
   acts_as_tagger # FIXME: We should switch to http://www.intridea.com/2007/12/4/announcing-acts_as_taggable_on
 

diff --git a/app/views/admin/pages/_form.html.erb b/app/views/admin/pages/_form.html.erb
@@ -5,12 +5,14 @@
 	<span class='path'><b><%= @page.ancestor_path %><span id=name_preview><%= @page.name %></span></b></span><br/>
   <%= form_heading "Title", text_field('page', 'title') %>
   <%= form_heading "Full Title", text_field('page', 'full_title') %>
+  <% if current_user.can_publish? %>
+    <%= form_heading 'Published', '<select id="page_published" name="page[published]">' + options_for_select([true, false], @page.published) + '</select>' %>
+  <% end %>
 	<div class=advanced_options>
   <% toggle_content_box "Advanced Options" do %>
     <table class='form-table'>
       <%= form_row '<label for="page_display_title" class="advanced_options">Displayed on page</label>', '<select id="page_display_title" name="page[display_title]">' + options_for_select([true, false], @page.display_title) + '</select>' %>
       <%= form_row '<label for="page_show_sub_menu" class="advanced_options">Display Sub-menu</label> ', '<select id="page_show_sub_menu" name="page[show_sub_menu]">' + options_for_select([true, false], @page.show_sub_menu) + '</select>' %>
-      <%= form_row '<label for="page_published" class="advanced_options">Published</label>', '<select id="page_published" name="page[published]">' + options_for_select([true, false], @page.published) + '</select>' %>
       <%= form_row '<label for="page_linked" class="advanced_options">Linked</label>', '<select id="page_linked" name="page[linked]">' + options_for_select([true, false], @page.linked) + '</select>' %>
     </table>
     <br />

diff --git a/lib/ansuz/acl_roles.rb b/lib/ansuz/acl_roles.rb
@@ -0,0 +1,27 @@
+module Ansuz
+  module AclRoles
+    STATIC_CAN_POST_ROLES = %w(admin author)
+    STATIC_CAN_PUBLISH_ROLES = %w(admin final_reviewer)
+
+    def can_post?
+      can_do_thing? :post
+    end
+
+    def can_publish?
+      can_do_thing? :publish
+    end
+
+    def can_do_thing? thing
+      roles = case thing
+              when :publish
+                STATIC_CAN_PUBLISH_ROLES
+              when :post
+                STATIC_CAN_POST_ROLES
+              end
+      acceptable_roles = roles.select do |role|
+                           self.has_role?(role)
+                         end
+      acceptable_roles.any?
+    end
+  end
+end
diff --git a/vendor/plugins/ansuz_user_manager/app/views/admin/users/_form.html.erb b/vendor/plugins/ansuz_user_manager/app/views/admin/users/_form.html.erb
@@ -5,7 +5,6 @@
   <%= form_row "Password", f.password_field(:password) %>
   <%= form_row "Confirm Password", f.password_field(:password_confirmation) %>
   <%= form_row "Email",    f.text_field(:email) %>
-  <%= form_row "Admin?",   f.check_box(:admin) %>
   <%= form_row "Roles",    select_tag("roles[]", options_for_select(Role.base_roles, @user.roles.map(&:name)), { :multiple => true, :size => 6 }), :note => "ctrl+click to select multiple." %>
 </table>
 <br />