User can access to some dashboard part, or not

Don't break demeter's law.
liweinan0423 · Sep 12, 2013 · 99c81c9 · 99c81c9
1 parent 52c4b33
commit 99c81c9
Show file tree

Hide file tree

Showing 8 changed files with 60 additions and 26 deletions.
diff --git a/app/helpers/admin/dashboard_helper.rb b/app/helpers/admin/dashboard_helper.rb
@@ -1,24 +1,24 @@
 module Admin::DashboardHelper
   def dashboard_theme_link
-    return unless current_user.profile.modules.include? :themes
+    return unless current_user.can_access_to_themes?
     _("You can also do a bit of design, %s or %s." ,
       link_to(_("change your blog presentation"), :controller => 'themes') ,
       link_to(_("enable plugins"), :controller => 'sidebar'))
   end
-  
+
   def dashboard_sidebar_link
-    return unless current_user.profile.modules.include? :sidebar
-    _("You can also %s to customize your Publify blog.", 
+    return unless current_user.can_access_to_customizesidebar?
+    _("You can also %s to customize your Publify blog.",
       link_to(_('download some plugins'), 'http://plugins.publify.co'))
-  end 
+  end
 
   def dashboard_action_links
     links = []
-    
-    links << link_to(_('write a post'), :controller => 'content', :action => 'new') if current_user.profile.modules.include? :articles
-    links << link_to(_('write a page'), :controller => 'pages', :action => 'new') if current_user.profile.modules.include? :pages
-    links << link_to(_("update your profile or change your password"), :controller => 'profiles', :action => 'index') if current_user.profile.modules.include? :profile
-    
+
+    links << link_to(_('write a post'), :controller => 'content', :action => 'new') if current_user.can_access_to_articles?
+    links << link_to(_('write a page'), :controller => 'pages', :action => 'new') if current_user.can_access_to_pages?
+    links << link_to(_("update your profile or change your password"), :controller => 'profiles', :action => 'index') if current_user.can_access_to_profile?
+
     links.join(', ')
-  end  
-end
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -127,6 +127,14 @@ def project_modules
     profile.project_modules
   end
 
+  AccessControl.available_modules.each do |m|
+    define_method("can_access_to_#{m}?") { can_access_to?(m) }
+  end
+
+  def can_access_to?(m)
+    profile.modules.include?(m)
+  end
+
   # Generate Methods takes from AccessControl rules
   # Example:
   #

diff --git a/app/views/admin/dashboard/_welcome.html.erb b/app/views/admin/dashboard/_welcome.html.erb
@@ -6,24 +6,24 @@
 
     <div>
       <div class='span6'>
-      <% if current_user.profile.modules.include? :articles%>
+      <% if current_user.can_access_to_articles? %>
         <h4 class='page-header'><%= _("Content") %></h4>
         <p><%= link_to(sprintf("<strong>%d</strong> %s", @statposts, pluralize(@statposts, _("articles"), _("article"), _("articles"))).html_safe, :controller => 'admin/content').html_safe %></p>
         <p><%= link_to(sprintf("<strong>%d</strong> %s", @statuserposts, _("articles writen by you")).html_safe, :controller => 'admin/content', "search[user_id]" => current_user.id).html_safe %></p>
         <p><%= link_to(sprintf("<strong>%d</strong> %s", @statsdrafts, pluralize(@statsdrafts, _("drafts"), _("draft"), _("drafts"))).html_safe, :controller => 'admin/content', "search[state]" => "drafts").html_safe %></p>
         <p><%= link_to(sprintf("<strong>%d</strong> %s", @statspages, pluralize(@statspages, _("pages"), _("page"), _("pages"))).html_safe, :controller => 'admin/pages').html_safe %></p>
         <p><%= link_to(sprintf("<strong>%d</strong> %s", @statuses, pluralize(@statspages, _("notes"), _("note"), _("notes"))).html_safe, :controller => 'admin/notes').html_safe %></p>
-      <% end %>    
-      </div>      
+      <% end %>
+      </div>
       <div class='span6'>
-        <%  if current_user.profile.modules.include? :feedback %>
+        <%  if current_user.can_access_to_feedback? %>
         <h4 class='page-header'><%= _("Feedback") %></h4>
         <p><%= link_to(sprintf("<strong>%d</strong> %s", @statcomments, _("comments")).html_safe, :controller => 'admin/feedback').html_safe %></p>
         <p><%= link_to(sprintf("<strong>%d</strong> %s", @confirmed, _("approved")).html_safe, :controller => 'admin/feedback', "ham" => "f").html_safe %></p>
         <p><%= link_to(sprintf("<strong>%d</strong> %s", @unconfirmed, _("unconfirmed")).html_safe, :controller => 'admin/feedback', "presumed_ham" => "f").html_safe %></p>
         <p><%= link_to(sprintf("<strong>%d</strong> %s", @statspam, _("spam")).html_safe, :controller => 'admin/feedback', "spam" => "f").html_safe %></p>
-        <% end %>    
+        <% end %>
       </div>
     </div>
-  </div>  
+  </div>
 </div>
diff --git a/app/views/admin/dashboard/index.html.erb b/app/views/admin/dashboard/index.html.erb
@@ -12,7 +12,6 @@
   <div class='span6'>
     <%= render "drafts" %>
     <%= render "inbound" %>
-    <%= render "publify_dev" %>  
   </div>
 
-</div>
+</div>
diff --git a/lib/publify_login_system/access_control.rb b/lib/publify_login_system/access_control.rb
@@ -52,6 +52,18 @@ def self.get_plugin_controller_name(plugin)
     plugin.split("#{plugin_root}/publify_plugin_").second
   end
 
+  def self.available_modules
+    modules = []
+    roles.each do |role|
+      pms = project_modules(role)
+      modules.concat(pms.map(&:uid).map(&:to_s))
+      pms.each do |project_module|
+        modules.concat(project_module.submenus.map(&:uid))
+      end
+    end
+    modules.uniq.sort.map(&:to_sym)
+  end
+
   private
 
   def self.mappers(role)

diff --git a/spec/controllers/admin/dashboard_controller_spec.rb b/spec/controllers/admin/dashboard_controller_spec.rb
@@ -6,8 +6,6 @@
   describe 'test admin profile' do
     before do
       @blog ||= FactoryGirl.create(:blog)
-      #TODO Delete after removing fixtures
-      Profile.delete_all
       @henri = FactoryGirl.create(:user, :login => 'henri', :profile => FactoryGirl.create(:profile_admin, :label => Profile::ADMIN))
       request.session = { :user => @henri.id }
       get :index

diff --git a/spec/factories.rb b/spec/factories.rb
@@ -28,14 +28,14 @@
     profile
     association :text_filter, factory: :textile
   end
-  
+
   factory :user_with_an_empty_profile, parent: :user do |u|
     u.name "Doe"
     u.nickname "John Doe"
     u.twitter nil
     u.association :resource, nil
   end
-  
+
   factory :user_with_a_full_profile, parent: :user do |u|
     u.description "I am a poor lonesone factory generated user"
     u.url "http://myblog.net"
@@ -177,7 +177,7 @@
     label Profile::ADMIN
     nicename 'Publify administrator'
     modules [ :dashboard, :write, :articles, :pages, :feedback, :themes,
-              :sidebar, :users, :seo, :media, :settings, :profile, :notes ]
+              :customizesidebar, :users, :seo, :media, :settings, :profile, :notes ]
   end
 
   factory :profile_publisher, :parent => :profile do |l|
@@ -205,7 +205,7 @@
     r.mime 'image/jpeg'
     r.size 110
   end
-  
+
   factory :avatar, parent: :resource do |a|
     a.upload "avatar.jpg"
     a.mime 'image.jpeg'

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
@@ -339,4 +339,21 @@ def set_password(newpass)
       user.has_twitter_configured?.should == true
     end
   end
+
+  describe :can_access_to do
+    let(:profile) { create(:profile, modules: modules) }
+    let(:user) { create(:user, profile: profile) }
+
+    AccessControl.available_modules.each do |m|
+      context "without module #{m}" do
+        let(:modules) { [] }
+        it { expect(user.send("can_access_to_#{m}?")).to be_false }
+      end
+
+      context "with module #{m}" do
+        let(:modules) { [m] }
+        it { expect(user.send("can_access_to_#{m}?")).to be_true }
+      end
+    end
+  end
 end