Section article preview fixed

TODO

@@ -1,38 +1,5 @@
-[fix] preview of section articles is not displaying article
-[fix] section on front end goes to home and not to the correct section
-[fix] tags inside double quotes does not show correctly on article edit view
-
-[fix] comments_controller does not guard permissions
-[fix] users_controller does not guard permissions
-[fix] admin/wikipages_controller does not guard permissions
-[fix] topics_controller does not guard permissions
-
-[fix] routes for pagination are missing
-[fix] separate login and admin/login pages (same thing, different layout)
-[fix] currently broken: belongs_to_author: with_deleted => true
-[fix] js'ify all dates and use js date format
-[fix] adapt has_counter for approved_comments      
-
-[feature] [content] pipe all filtered column results (*_html) through whitelist sanitizer
-[feature] [wiki] implement wikipage admin area (analog to articles area)
-[feature] [wiki] add various filters to admin wikipage list (like on admin articles list)
-[feature] [wiki] make the 'home' wikipage permalink configurable per wiki?
-[feature] [comments] add various filters to admin comments list (like on admin articles list)
-[feature] [blog] miss tricky says that xml_rpc is a must
-
-[plugin] pingback plugin
-[plugin] comment email notification
-[plugin] reverse captcha plugin
-
-[major] add spam protection for comments and wikipages (look at viking + multiengine branch)
-[major] implement search
-
-
-[feature] add before_move and after_move hooks to better_nested_set
-[feature] make cacheable_flash behave transparent (do not clear flash after writing it to the cookie)
-          rational: controller specs should work and controllers behave correctly
-          not matter if the plugin is installed or not
 
+[fix] separate login and admin/login pages (same thing, different layout) ?
 [feature] admin section: have an activity center/dashboard where engines can register their
           widgets (partials) to. e.g.: "x comments are awaiting your approval",
           "Please change your administrator password!" etc.
@@ -41,23 +8,16 @@
       possible solution: have a section setting "manage categories for this section"? that would 
       even allow to manage categories per Section, but requires to explicitely turn it on.
 
-
 [theme] microformat everything: hcard, hatom
 
 
-# broken + missing specs
+# missing specs
 
-[specs] spec widgets
-[specs] spec and implement admin/wikipage section
-[specs] implement themes + theme_file specs
-[specs] implement assets specs
-[specs] spec registration, login, authentication
+[specs] controllers: spec various error conditions like record not found
 [specs] spec usage of xss_terminate in one place (so that one can easily 
         see which attributes get filtered and which don't)
-[specs] controllers: spec various error conditions like record not found
-[specs] controllers: simplify specs by circumventing the routing filters
-        (i.e. use paths like they would be recognized when no filters are
-        being used)
+[specs] spec assets
+[specs] spec widgets
 
 # resources
 viking http://github.com/technoweenie/viking/tree/master
@@ -69,7 +29,6 @@ apache multisite config http://www.appelsiini.net/2007/6/mephisto-multiple-site-
 ------------------------------------------------------------------------------
 
 
-
 # users
 
 [feature] ajax users online feature?
@@ -126,66 +85,65 @@ apache multisite config http://www.appelsiini.net/2007/6/mephisto-multiple-site-
 
 # themes
 
-[feature] make ActionMailer themeable
 [enhance] decouple admin interface through using a themeable instead of site
-[feature] add drop-in erb- and haml-safemode support, make public controllers use safemode
-[feature] use caches_page_with_references or just expire the whole cache dir
-[feature] clone pre-installed themes
-[enhance] make theme.files.find work without globbing all files
 [major] add liquid layer (drops + helpers) (?) » add an ActionView Liquid template handler?
 [major] port a simple liquid theme and test it with drops (?)
 
 # content
 
 [major] add attachments for wikipages (are they also in beast?)
 
-# CacheableFlash
+# Rails 
 
-  after_filter won't be called when the filter chain is halted. maybe an 
-  around_filter is a better choice?
-
-  after_filter :write_flash_to_cookie
+    got bitten by this for the second time now:
 
-# Rails 
+        def caches_page(*actions)
+        # return unless perform_caching
 
-got bitten by this for the second time now:
+        page caching is turned off globally
+        test_1 requires class MyModel caches_page :foo end
+        no after_filter is added
+        test_2 turns page caching on and requires class MyModel (which was already loaded, so requiring is skipped)
+        still no after_filter added so page caching does not kick in
 
-def caches_page(*actions)
-# return unless perform_caching
+    Asset Helpers: apparently they need a server restart to rebuild a cached file when it got deleted
 
-page caching is turned off globally
-test_1 requires class MyModel caches_page :foo end
-no after_filter is added
-test_2 turns page caching on and requires class MyModel (which was already loaded, so requiring is skipped)
-still no after_filter added so page caching does not kick in
+    Currently there's no method to expire compiled templates. 
+        http://pastie.org/private/2vqi8gnfwfepjtb3mz6aa
+        Lifo says Rails edge makes it easier
 
+    Role::Admin.new :object => nil seems to run into SystemStackError with:
+        class Role belongs_to :object, :polymorphic => true
+        class Role::Admin < Role
 
+    force certain after_filters to be run even if the filter chain has been halted:
+        :after_filter => :bla, :force => true
 
+    section.articles.maximum(:position) returns nil when table is empty. shouldn't that be 0?
 
-Asset Helpers: apparently they need a server restart to rebuild a cached file when it got deleted
+    ActionController::Base#layout can't be restricted to certain formats, can it? (see BlogController + feeds)
 
-There's no method to expire compiled templates. http://pastie.org/private/2vqi8gnfwfepjtb3mz6aa
+    section.radio_button :type, type (and other helpers) should create an id="section_type_blog"
+    even when the section is a blog (i.e. that's an STI related bug)
 
-Role::Admin.new :object => nil seems to run into SystemStackError with:
-  class Role belongs_to :object, :polymorphic => true
-  class Role::Admin < Role
+    wikipage routing/controller: change :id to :permalink ... doesn't seem to work with resources
+        http://dev.rubyonrails.org/ticket/6814 => wontfix
+        http://archive.jvoorhis.com/articles/2006/08/01/announcing-resource_hacks => seems to break url_helpers
+        def to_param
+          "#{username.gsub(/[^a-z0-9]+/i, '-')}" if self.username
+        end
 
-force certain after_filters to be run even if the filter chain has been halted:
-    :after_filter => :bla, :force => true
+# better_nested_set
 
-section.articles.maximum(:position) returns nil when table is empty. shouldn't that be 0?
+    add before_move and after_move hooks to better_nested_set
 
-ActionController::Base#layout can't be restricted to certain formats, can it? (see BlogController + feeds)
+# cacheable_flash
 
-section.radio_button :type, type (and other helpers) should create an id="section_type_blog"
-even when the section is a blog (i.e. that's an STI related bug)
+    make cacheable_flash behave transparent (do not clear flash after writing it to the cookie)
+    rational: controller specs should work and controllers behave correctly
+    not matter if the plugin is installed or not
 
-wikipage routing/controller: change :id to :permalink ... doesn't seem to work with resources
-    http://dev.rubyonrails.org/ticket/6814 => wontfix
-    http://archive.jvoorhis.com/articles/2006/08/01/announcing-resource_hacks => seems to break url_helpers
-    def to_param
-      "#{username.gsub(/[^a-z0-9]+/i, '-')}" if self.username
-    end
+    after_filter won't be called when the filter chain is halted. maybe an around_filter is a better choice?
 
 # rspec
 

spec/controllers/sections_controller_spec.rb

@@ -12,24 +12,60 @@
   end
 
   describe "GET to :show" do
+    before :each do 
+      @article.stub!(:published?).and_return true
+    end
     act! { request_to :get, '/sections/1' }    
     it_assigns :section, :article
-    it_renders_template :show
-    it_gets_page_cached
-
-    describe "with no article permalink present" do
+
+    describe "with no article permalink given" do
+      it_renders_template :show
+      it_gets_page_cached
+
       it "should find the section's primary article" do
         @section.articles.should_receive(:primary).any_number_of_times.and_return @article
         act!
       end  
     end
 
-    describe "with an article permalink present" do
+    describe "with an article permalink given" do
       act! { request_to :get, '/sections/1/articles/an-article' }   
+
       it "should find the section's primary article" do
-        @section.articles.should_receive(:find_published_by_permalink).any_number_of_times.and_return @article
+        @section.articles.should_receive(:find_by_permalink).any_number_of_times.and_return @article
         act!
       end  
+
+      describe "when the article is published" do
+        it_renders_template :show
+        it_gets_page_cached
+      end
+
+      describe "when the article is not published" do
+        before :each do 
+          @article.stub!(:published?).and_return false
+          @article.stub!(:role_authorizing).and_return Role.build(:author)
+        end
+
+        describe "and the user has :update permissions" do
+          before :each do 
+            controller.stub!(:current_user).and_return stub_model(User, :has_role? => true)
+          end
+
+          it_renders_template :show
+          it "skips caching for the rendered page" do
+            act!
+            controller.instance_variable_get(:@skip_caching).should be_true
+          end
+        end
+
+        describe "and the user does not have :update permissions" do
+          before :each do 
+            controller.stub!(:current_user).and_return stub_model(User, :has_role? => false)
+          end          
+          it_redirects_to { 'http://test.host/login' }
+        end
+      end
     end
   end
 end

vendor/engines/adva_cms/app/controllers/sections_controller.rb

@@ -1,5 +1,8 @@
 class SectionsController < BaseController
+  include ActionController::GuardsPermissions::InstanceMethods
+
   before_filter :set_article
+  before_filter :guard_view_permissions, :only => :show
 
   caches_page_with_references :show, :track => ['@article']
 
@@ -13,18 +16,30 @@ def show
   protected
 
     def set_section
-      @section = params[:id].blank? ? @site.sections.root : @site.sections.find(params[:id])
+      @section = params[:section_id].blank? ? @site.sections.root : @site.sections.find(params[:section_id])
       raise SectionRoutingError.new("Section must be a Section: #{@section.inspect}") unless @section.is_a? Section
     end
 
     def set_article
-      @article = if params[:permalink].blank?
-        @section.articles.primary
+      if params[:permalink].blank?
+        @article = @section.articles.primary
       else
-        @section.articles.find_published_by_permalink params[:permalink]
+        @article = @section.articles.find_by_permalink params[:permalink], :include => :author
+        raise ActiveRecord::RecordNotFound unless @article
+      end
+    end
+
+    def guard_view_permissions
+      unless @article.published?
+        guard_permission(:update, :article)
+        @skip_caching = true
       end
     end
 
+    def current_role_context
+      @article || @section
+    end
+
     # experimental ... not sure if that's a good idea, but it would reduce quite 
     # some routes, i.e. even increase performance
     # def process(*args)