0
@@ -7,7 +7,7 @@ class ApplicationController < ActionController::Base
0
   
0
   include AuthenticationSystem, ExceptionHandler, ExceptionLoggable
0
   
0
-  before_filter :get_settings, :auth_token_login, :check_bans, :check_privacy, :set_timezone, :update_online_at, :get_layout_vars
0
+  before_filter :get_settings, :auth_token_login, :check_bans, :check_privacy, :check_admin_only_create, :set_timezone, :update_online_at, :get_layout_vars
0
   helper_method :current_action, :current_controller, :current_user, :logged_in?, :is_online?, :admin?, :can_edit?, :locked_out?
0
   
0
   rescue_from ActiveRecord::RecordNotFound, :with => :not_found
0
@@ -25,7 +25,7 @@ class ApplicationController < ActionController::Base
0
     raise ActiveRecord::SettingsNotFound if @settings.nil?
0
   end
0
   
0
-  def set_timezone    
0
+  def set_timezone
0
     Time.zone = logged_in? ? current_user.time_zone : @settings.time_zone
0
   end
0
   
0
@@ -48,7 +48,7 @@ class ApplicationController < ActionController::Base
0
   def current_controller
0
     request.path_parameters['controller']
0
   end
0
-    
0
+  
0
   def find_parent_user_or_class
0
     @parent_user = User.find(params[:user_id]) if params[:user_id]
0
     @parent = @parent_user ? @parent_user.send(current_controller) : current_controller.singularize.classify.constantize

0
@@ -15,6 +15,11 @@
0
       <p><%= f.text_area :footer, :rows => '3', :style => "width:66%;" %></p>
0
       <p class="label"><label for="setting_favicon">Favicon</label></p>
0
       <p><%= f.text_field :favicon, :style => "width:66%;" %></p>
0
+      <p class="label">
0
+        <label for="setting_admin_only_create">Admin-Only Create Actions</label>&nbsp;
0
+        <span class="detail">For example, "articles" would restrict creating new blog articles to admins only.</span>
0
+      </p>
0
+      <p><%= f.text_field :admin_only_create, :style => "width:66%;" %></p>
0
       <p><%= f.check_box :private %> <label for="setting_private">Private</label>&nbsp; 
0
         <span class="detail">Require login for all actions, including creating new users. (Uploaded files will still be publicly accessible.)</span>
0
       </p>

0
@@ -1,3 +1,11 @@
0
+<% if current_controller == 'articles' and current_action == 'show' %>
0
+  <% if can_edit?(@article) %>
0
+    <div class="info-left">
0
+      <%= link_to 'Edit Article', edit_article_path(@article) %>
0
+    </div>
0
+  <% end %>
0
+<% end %>
0
+
0
 <% if current_controller == 'avatars' and current_action == 'index' %>
0
   <div class="info-left">
0
     <%= link_to 'Home', root_path %> &raquo; 

0
@@ -9,7 +9,7 @@
0
 #
0
 # It's strongly recommended to check this file into your version control system.
0
 
0
-ActiveRecord::Schema.define(:version => 20080725023050) do
0
+ActiveRecord::Schema.define(:version => 20080727205027) do
0
 
0
   create_table "articles", :force => true do |t|
0
     t.integer  "user_id"
0
@@ -128,8 +128,9 @@ ActiveRecord::Schema.define(:version => 20080725023050) do
0
     t.string  "theme"
0
     t.string  "favicon"
0
     t.string  "time_zone"
0
-    t.boolean "private",       :default => false
0
+    t.boolean "private",           :default => false
0
     t.string  "login_message"
0
+    t.string  "admin_only_create", :default => "",    :null => false
0
   end
0
 
0
   create_table "subscriptions", :force => true do |t|

0
@@ -42,7 +42,7 @@ module AuthenticationSystem
0
   
0
   def check_bans
0
     return unless logged_in?
0
-    return if request.path_parameters['action'] == 'logout'
0
+    return if current_action == 'logout'
0
     return if current_user.banned_until.blank?
0
     if current_user.banned_until > Time.now.utc
0
       flash[:notice] = 'This account is banned' 
0
@@ -51,12 +51,18 @@ module AuthenticationSystem
0
       redirect_to logout_path and return false
0
     end
0
   end
0
-   
0
+  
0
+  def check_admin_only_create
0
+    if @settings.admin_only_create.include?(current_controller) && %w(new create).include?(current_action)
0
+      redirect_to root_path unless admin?
0
+    end
0
+  end
0
+  
0
   def can_edit
0
     redirect_to root_path and return false unless logged_in?
0
-    klass = request.path_parameters['controller'].singularize.classify.constantize
0
+    klass = current_controller.singularize.classify.constantize
0
     @item = klass.find(params[:id])
0
-    if request.path_parameters['controller'] == "users"
0
+    if current_controller == "users"
0
       redirect_to root_path and return false unless admin? || (current_user == @item)
0
     else
0
       redirect_to root_path and return false unless admin? || (current_user == @item.user)
0
@@ -65,7 +71,7 @@ module AuthenticationSystem
0
       
0
   def can_edit?(current_item)
0
     return false unless logged_in?
0
-    if request.path_parameters['controller'] == "users"
0
+    if current_controller == "users"
0
       return current_user.admin? || (current_user == current_item) 
0
     else
0
       return current_user.admin? || (current_user.id == current_item.user_id) 

0
@@ -1,4 +1,4 @@
0
-require "#{File.dirname(__FILE__)}/../test_helper"
0
+require "test_helper"
0
 
0
 class HomePageChatTest < ActionController::IntegrationTest
0
   fixtures :all
0
@@ -13,4 +13,4 @@ class HomePageChatTest < ActionController::IntegrationTest
0
     get "/"
0
     assert_response :success    
0
   end
0
-end
0
\ No newline at end of file
0
+end