0
@@ -1,5 +1,5 @@
0
 class Admin::ArticlesController < Admin::BaseController
0
-  member_actions.push(*%w(index show new create comments approve unapprove destroy_comment))
0
+  member_actions.push(*%w(index show new create comments approve unapprove destroy_comment edit update))
0
   skip_before_filter :login_required
0
   with_options :only => [:create, :update, :destroy, :upload] do |c|
0
     c.before_filter :set_default_section_ids

0
@@ -1,5 +1,5 @@
0
 class Admin::AssetsController < Admin::BaseController
0
-  member_actions.push(*%w(index new create latest search add_bucket clear_bucket))
0
+  member_actions.push(*%w(index new create latest search add_bucket clear_bucket edit update))
0
   skip_before_filter :login_required
0
   before_filter :find_asset, :except => [:index, :new, :create, :latest, :search, :upload, :clear_bucket]
0
   before_filter :login_required

0
@@ -2,7 +2,9 @@
0
 <% content_for :action_nav do %>
0
 <div id="page-nav">
0
   <ul id="act-nav" class="clear">
0
+  <% if admin? || @article.user_id == current_user.id -%>
0
     <li><%= link_to_remote 'Delete this article', :url => {:action => 'destroy', :id => @article}, :confirm => 'Are you sure you want to delete this article?' %></li>
0
+  <% end -%>
0
   <% if controller.action_name == 'edit' -%>
0
     <li><%= link_to('Preview', {:action => 'show', :id => @article}, {:target => '_blank'}) %></li>
0
   <% end -%>

0
@@ -1,7 +1,9 @@
0
          <ul class="file-tools clear">
0
            <li class="fedit"><%= link_to 'Edit', edit_asset_path(asset), :title => 'Edit this file' %></li>
0
+           <% if admin? || asset.user_id == current_user.id -%>
0
            <li class="fdelete"><%= link_to 'Delete', asset_path(asset), :title => 'Delete this asset', 
0
                                      :confirm => 'Are you sure you wish to delete this?', :method => :delete %></li>
0
+           <% end -%>
0
            <li class="fbucket"><%= link_to_remote('Add to bucket', {:url => add_bucket_asset_path(asset)}, { :title => 'Add to bucket' }) %></li>
0
          </ul>
0
          <%= link_to(asset_image_for(asset, size || :tiny), asset.public_filename, :target => '_blank') %>

0
@@ -13,8 +13,10 @@
0
     <!-- div.header -->
0
     <div id="header">
0
       <ul id="sec-nav">
0
-        <li><strong><%= link_to 'Blog', dispatch_path([]) %></strong></li>
0
+        <li><strong><%= link_to 'Website', dispatch_path([]) %></strong></li>
0
+      <% if admin? -%>
0
         <li><%= link_to 'Settings', :controller => 'settings' %></li>
0
+      <% end -%>
0
         <li><%= link_to 'Account', :controller => 'users', :action => 'show', :id => current_user %></li>
0
         <li><%= link_to 'Logout', :controller => '/account', :action => 'logout' %></li>
0
       </ul>
0
@@ -29,11 +31,13 @@
0
             <li><%= link_to 'Articles',  :controller => '/admin/articles' %></li>
0
             <li><%= link_to 'Assets',    :controller => '/admin/assets' %></li>
0
           </ul>
0
+          <% if admin? -%>
0
           <ul id="nav-r">
0
             <li><%= link_to 'Sections', :controller => '/admin/sections' %></li>
0
             <li><%= link_to 'Design',   :controller => '/admin/design' %></li>
0
             <li><%= link_to "Users",    :controller => "users" %></li>
0
           </ul>
0
+          <% end -%>
0
         <% end -%>
0
       </div> 
0
       <!-- /div.nav -->  

0
@@ -48,17 +48,6 @@ class Admin::ArticlesControllerAssetsTest < Test::Unit::TestCase
0
     end
0
   end
0
 
0
-  def test_should_not_upload_asset_to_other_users_article_as_member
0
-    asset_count = Object.const_defined?(:Magick) ? 3 : 1 # asset + 2 thumbnails
0
-    
0
-    login_as :ben
0
-    assert_difference Asset, :count, asset_count do
0
-      post :upload, :id => contents(:welcome).id, 
0
-                    :asset => { :uploaded_data => fixture_file_upload('assets/logo.png', 'image/png') }
0
-      assert_redirected_to :controller => 'account', :action => 'login'
0
-    end
0
-  end
0
-
0
   def test_should_upload_asset_and_redirect_to_article_as_member
0
     asset_count = Object.const_defined?(:Magick) ? 3 : 1 # asset + 2 thumbnails
0
     

0
@@ -38,18 +38,6 @@ class Admin::ArticlesControllerPermissionsTest < Test::Unit::TestCase
0
     end
0
   end
0
 
0
-  def test_should_not_edit_other_users_article
0
-    get :edit, :id => contents(:welcome).id
0
-    assert_redirected_to :controller => 'account', :action => 'login'
0
-  end
0
-  
0
-  def test_should_not_update_other_users_article
0
-    Time.mock! Time.local(2005, 1, 1, 12, 0, 0) do
0
-      post :update, :id => contents(:welcome).id, :article => { 'published_at(1i)' => '2005', 'published_at(2i)' => '1', 'published_at(3i)' => '1', 'published_at(4i)' => '10' }
0
-      assert_redirected_to :controller => 'account', :action => 'login'
0
-    end
0
-  end
0
-
0
   def test_should_edit_own_article
0
     get :edit, :id => contents(:site_map).id
0
     assert_response :success

0
@@ -53,11 +53,6 @@ class Admin::AssetsControllerPermissionsTest < Test::Unit::TestCase
0
     assert_equal 'updated gif', assets(:gif).reload.title
0
   end
0
 
0
-  def test_should_not_update_other_users_assets
0
-    put :update, :id => assets(:swf).id, :asset => { :title => 'updated swf' }
0
-      assert_redirected_to :controller => 'account', :action => 'login'
0
-  end
0
-
0
   def test_should_not_delete_other_users_assets
0
     assert_no_difference Asset, :count do
0
       delete :destroy, :id => assets(:swf).id