Merging in Brian's changes; also made some CSS tweaks'

concerto · Jul 7, 2012 · ab2388d · ab2388d
2 parents ec8305b + db076e4
commit ab2388d
Show file tree

Hide file tree

Showing 17 changed files with 121 additions and 41 deletions.
diff --git a/app/assets/stylesheets/application/controls/buttons.scss.erb b/app/assets/stylesheets/application/controls/buttons.scss.erb
@@ -32,7 +32,7 @@
   &.success:hover,
   &.info,
   &.info:hover {
-    color: $white
+    color: $white;
   }
   &.primary.active,
   &.danger.active,
@@ -67,6 +67,7 @@
   &.info {
     @include vertical-gradient(#5bc0de, #2f96b4);
     border-color: #2f96b4;
+    text-shadow: 0 -1px 0px #2f96b4;
   }
 
   &.clear {
@@ -102,7 +103,7 @@
 
   &:hover {
     @include vertical-gradient(#c8eff9, #3ea5de);
-    color: #000033 !important;
+    color: #003366 !important;
     text-shadow: 0 -1px 0px #eee;
     border: solid 1px #2f84da;
     text-decoration: none;
@@ -119,7 +120,7 @@
   &:active {
     @include box-shadow(inset 0 0 6px $black);
     @include vertical-gradient(#dedede, #767676);
-    color: #333;
+    color: #333 !important;
     text-shadow: 0 -1px 0px #eee;
     outline: none;
     border: solid 1px $black;

diff --git a/app/assets/stylesheets/application/layout/topmenu.scss.erb b/app/assets/stylesheets/application/layout/topmenu.scss.erb
@@ -16,7 +16,6 @@ nav#TM {
   position: relative;
 
  	.btn {
-		@extend .btn;  // uses a.button as a template, which in turn uses button-base mixin
 
 		// custom attributes:
 		@include border-radius(6px);
@@ -40,8 +39,6 @@ nav#TM {
       background: transparent image-url('layout/TM/button_TM_states.png') top left repeat-x;
    		background-position: 100% -62px;
    		border: solid 1px #333;
-      padding-top: 5px;
-      padding-bottom: 3px;
 		}
 
 		&:visited {
@@ -57,7 +54,7 @@ nav#TM {
     	border: solid 1px #333;
 
 			&:active {
-				color:#FFF;
+				color: $white !important;
       }
 
       &:hover {

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -31,5 +31,39 @@ def check_for_initial_install
   rescue_from CanCan::AccessDenied do |exception|
     redirect_to root_url, :flash => { :notice => exception.message }
   end
+
+  def auth!(options = {})
+    # action
+    # object
+    # allow_empty
+    action_map = {
+      'index' => :read,
+      'show' => :read,
+      'new' => :create,
+      'edit' => :update,
+      'create' => :create,
+      'update' => :update,
+      'destroy' => :destroy,
+    }
+
+    test_action = (options[:action] || action_map[action_name])
+    allow_empty = (options[:allow_empty] || true)
+
+    var_name = controller_name
+    if action_name != 'index'
+      var_name = controller_name.singularize
+    end
+    object = (options[:object] || instance_variable_get("@#{var_name}"))
+
+    if allow_empty && ((object.is_a? Enumerable) || (object.is_a? ActiveRecord::Relation))
+      object.delete_if {|o| cannot?(test_action, o)}
+    else
+      if cannot?(test_action, object)
+        fake_cancan = Class.new.extend(CanCan::Ability)
+        message ||= fake_cancan.unauthorized_message(test_action, object.class)
+        raise CanCan::AccessDenied.new(message, test_action, object.class)
+      end
+    end
+  end
 
 end
diff --git a/app/controllers/contents_controller.rb b/app/controllers/contents_controller.rb
@@ -1,6 +1,5 @@
 class ContentsController < ApplicationController
   before_filter :get_content_const, :only => [:new, :create]
-  load_and_authorize_resource :except => [:show]
 
   # Grab the constent object for the type of
   # content we're working with.  Probably needs
@@ -17,6 +16,7 @@ def get_content_const
   # GET /contents/1.xml
   def show
     @content = Content.find(params[:id])
+    auth!
 
     respond_to do |format|
       format.html # show.html.erb
@@ -45,8 +45,8 @@ def new
     if @content_const.nil? || @content_const.superclass != Content
       render :text => "Unrecognized content type.", :status => 400
     else
-
       @content = @content_const.new()
+      auth!
 
       respond_to do |format|
         format.html { } # new.html.erb
@@ -58,14 +58,15 @@ def new
   # GET /contents/1/edit
   def edit
     @content = Content.find(params[:id])
-    authorize! :update, @content
+    auth!
   end
 
   # POST /contents
   # POST /contents.xml
   def create
     @content =  @content_const.new(params[@content_const.model_name.singular])
     @content.user = current_user
+    auth!
 
     @feed_ids = []
     if params.has_key?("feed_id")
@@ -94,7 +95,7 @@ def create
   # PUT /contents/1.xml
   def update
     @content = Content.find(params[:id])
-    authorize! :update, @content
+    auth!
 
     respond_to do |format|
       if @content.update_attributes(params[:content])
@@ -115,7 +116,7 @@ def update
   # DELETE /contents/1.xml
   def destroy
     @content = Content.find(params[:id])
-    authorize! :delete, @content
+    auth!
 
     @content.destroy
 
@@ -130,6 +131,7 @@ def destroy
   # along for processing.  Should send an inline result of the processing.
   def display
     @content = Content.find(params[:id])
+    auth!(:action => :read)
     if stale?(:etag => params, :last_modified => @content.updated_at.utc, :public => true)
       @file = @content.render(params)
       send_data @file.file_contents, :filename => @file.file_name, :type => @file.file_type, :disposition => 'inline'

diff --git a/app/controllers/feeds_controller.rb b/app/controllers/feeds_controller.rb
@@ -1,10 +1,10 @@
 class FeedsController < ApplicationController
-  load_and_authorize_resource :except => [:index, :show]
   # GET /feeds
   # GET /feeds.xml
   def index
     @feeds = Feed.roots
     @screens = Screen.all
+    auth!
 
     respond_to do |format|
       format.html { } # index.html.erb
@@ -17,6 +17,7 @@ def index
   # GET /feeds/1.xml
   def show
     @feed = Feed.find(params[:id])
+    auth!
 
     respond_to do |format|
       format.html { } # show.html.erb
@@ -29,6 +30,7 @@ def show
   # GET /feeds/new.xml
   def new
     @feed = Feed.new
+    auth!
 
     respond_to do |format|
       format.html # new.html.erb
@@ -39,12 +41,14 @@ def new
   # GET /feeds/1/edit
   def edit
     @feed = Feed.find(params[:id])
+    auth!
   end
 
   # POST /feeds
   # POST /feeds.xml
   def create
     @feed = Feed.new(params[:feed])
+    auth!
 
     respond_to do |format|
       if @feed.save
@@ -61,6 +65,7 @@ def create
   # PUT /feeds/1.xml
   def update
     @feed = Feed.find(params[:id])
+    auth!
 
     respond_to do |format|
       if @feed.update_attributes(params[:feed])
@@ -77,6 +82,7 @@ def update
   # DELETE /feeds/1.xml
   def destroy
     @feed = Feed.find(params[:id])
+    auth!
     @feed.destroy
 
     respond_to do |format|

diff --git a/app/controllers/fields_controller.rb b/app/controllers/fields_controller.rb
@@ -1,5 +1,4 @@
 class FieldsController < ApplicationController
-  load_and_authorize_resource
   before_filter :get_kind
 
   def get_kind
@@ -10,6 +9,7 @@ def get_kind
   # GET /kind/:kind_id/fields.xml
   def index
     @fields = @kind.fields
+    auth!
 
     respond_to do |format|
       format.html # index.html.erb
@@ -21,6 +21,7 @@ def index
   # GET /kind/:kind_id/fields/1.xml
   def show
     @field = Field.find(params[:id])
+    auth!
 
     respond_to do |format|
       format.html # show.html.erb
@@ -33,6 +34,7 @@ def show
   def new
     @field = Field.new
     @field.kind = @kind
+    auth!
 
     respond_to do |format|
       format.html # new.html.erb
@@ -43,13 +45,15 @@ def new
   # GET /kind/:kind_id/fields/1/edit
   def edit
     @field = Field.find(params[:id])
+    auth!
   end
 
   # POST /kind/:kind_id/fields
   # POST /kind/:kind_id/fields.xml
   def create
     @field = Field.new(params[:field])
     @field.kind = @kind
+    auth!
 
     respond_to do |format|
       if @field.save
@@ -66,6 +70,7 @@ def create
   # PUT /kind/:kind_id/fields/1.xml
   def update
     @field = Field.find(params[:id])
+    auth!
 
     respond_to do |format|
       if @field.update_attributes(params[:field])
@@ -82,6 +87,7 @@ def update
   # DELETE /kind/:kind_id/fields/1.xml
   def destroy
     @field = Field.find(params[:id])
+    auth!
     @field.destroy
 
     respond_to do |format|

diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
@@ -1,9 +1,9 @@
 class GroupsController < ApplicationController
-  load_and_authorize_resource
   # GET /groups
   # GET /groups.xml
   def index
     @groups = Group.all
+    auth!
 
     respond_to do |format|
       format.html # index.html.erb
@@ -15,6 +15,7 @@ def index
   # GET /groups/1.xml
   def show
     @group = Group.find(params[:id])
+    auth!
 
     respond_to do |format|
       format.html # show.html.erb
@@ -26,6 +27,7 @@ def show
   # GET /groups/new.xml
   def new
     @group = Group.new
+    auth!
 
     respond_to do |format|
       format.html # new.html.erb
@@ -36,12 +38,14 @@ def new
   # GET /groups/1/edit
   def edit
     @group = Group.find(params[:id])
+    auth!
   end
 
   # POST /groups
   # POST /groups.xml
   def create
     @group = Group.new(params[:group])
+    auth!
 
     respond_to do |format|
       if @group.save
@@ -60,6 +64,7 @@ def create
   # PUT /groups/1.xml
   def update
     @group = Group.find(params[:id])
+    auth!
 
     respond_to do |format|
       if @group.update_attributes(params[:group])
@@ -76,6 +81,7 @@ def update
   # DELETE /groups/1.xml
   def destroy
     @group = Group.find(params[:id])
+    auth!
     @group.destroy
 
     respond_to do |format|