Permalink
Browse files

Admin role configurable

  • Loading branch information...
1 parent e2bd4c0 commit 1b8aace8af732b1c22a5a424d485c2ad7b504b3f @joergviola committed Nov 22, 2011
Showing with 39 additions and 9 deletions.
  1. +5 −4 README.textile
  2. +10 −2 app/controllers/cms/Admin.java
  3. +24 −3 app/controllers/cms/Profiler.java
View
@@ -19,7 +19,7 @@ Add routes:
<pre><code>
GET /page module:cms
</code></pre>
-Only connected users can edit pages, and (currently) they must have the @admin@ profile, so check against that profile in your @controllers.Security.java@, e.g.:
+Of course only connected users can edit pages, and (by default) they must have the @admin@ profile, so check against that profile in your @controllers.Security.java@, e.g.:
<pre><code>
static boolean check(String profile) {
String username = connected();
@@ -33,13 +33,14 @@ Only connected users can edit pages, and (currently) they must have the @admin@
return false;
}
</code></pre>
+You can change the required cms profile by adding a configuration property named @cms.profile@.
-Optionally create the templates
+Now navigate to @/page/admin@ and create and edit pages using the Tiny MCE HTML editor. After your have created a page of name, say, @page1@, eventually use the following URL to display it: @/page/page1@.
+
+Optionally create the following templates to make the pages look more like being part of your app:
* @cms/default.html@, which will be used to render your pages.
* @cms/cms.html@, which will be used to render the cms admin pages.
-Now navigate to @/page/admin@ and create and edit pages using the Tiny MCE HTML editor. After your have created a page of name, say, @page1@, eventually use the following URL to display it: @/page/page1@.
-
*Congratulations! You just added a CMS to your Play! App!*
You could also use this CMS to edit parts of your pages. Simply put parts, say the footer, of your template into a cms display tag:
@@ -21,8 +21,6 @@
import controllers.Check;
import controllers.Secure;
-@With(Secure.class)
-@Check("admin")
public class Admin extends Controller {
public static void index() {
@@ -31,6 +29,8 @@ public static void index() {
}
public static void editPage(String tmpl, String pageName) {
+ if (!Profiler.canEdit(pageName))
+ forbidden();
CMSPage page = CMSPage.findById(pageName);
if (page==null) {
page = new CMSPage();
@@ -41,12 +41,16 @@ public static void editPage(String tmpl, String pageName) {
}
public static void addPage() {
+ if (!Profiler.canEnter())
+ forbidden();
CMSPage page = new CMSPage();
page.active = true;
renderTemplate("@edit", page);
}
public static void savePage(@Valid CMSPage page, String tmpl, boolean active) throws Throwable {
+ if (!Profiler.canEdit(page.name))
+ forbidden();
page.active = active;
if (request.params.get("delete") != null) {
page.delete();
@@ -59,6 +63,8 @@ public static void savePage(@Valid CMSPage page, String tmpl, boolean active) th
}
public static void upload(File data, String title) {
+ if (!Profiler.canEnter())
+ forbidden();
CMSImage image = new CMSImage();
image.name = data.getName();
if (StringUtils.isEmpty(title))
@@ -77,6 +83,8 @@ public static void upload(File data, String title) {
}
public static void imagelist() {
+ if (!Profiler.canEnter())
+ forbidden();
List<CMSImage> images = CMSImage.findAll();
render(images);
}
@@ -5,16 +5,37 @@
import controllers.Secure.Security;
+import play.Logger;
import play.Play;
import play.mvc.Scope.Session;
import play.utils.Java;
public class Profiler {
- public static boolean canEdit(String pageName) throws Throwable {
+ public static boolean canEdit(String pageName) {
if (Session.current().get("username")==null)
return false;
- boolean result = (Boolean) invoke(Security.class, "check", "admin");
- return result;
+ String profile = Play.configuration.getProperty("cms.profile", "admin");
+ boolean result;
+ try {
+ result = (Boolean) invoke(Security.class, "check", profile);
+ return result;
+ } catch (Throwable e) {
+ Logger.error(e, "While checking cms profile");
+ return false;
+ }
+ }
+ public static boolean canEnter() {
+ if (Session.current().get("username")==null)
+ return false;
+ String profile = Play.configuration.getProperty("cms.profile", "admin");
+ boolean result;
+ try {
+ result = (Boolean) invoke(Security.class, "check", profile);
+ return result;
+ } catch (Throwable e) {
+ Logger.error(e, "While checking cms profile");
+ return false;
+ }
}
private static Object invoke(Class<?> original, String m, Object... args) throws Throwable {

0 comments on commit 1b8aace

Please sign in to comment.