Permalink
Browse files

Much more permissions-associated work done. Added three new fields fo…

…r managing ips, posts and topics. Lots of specs were written too, almost there!
  • Loading branch information...
1 parent 0bde6d2 commit b68c04a6f395feb1fa2c86c279001eb306a44d8e @radar committed Apr 6, 2009
@@ -15,7 +15,7 @@ def can_access
end
def can_not_manage
- unless controller_name == "index"
+ unless controller_name == "index" || controller_name == "chronic"
if !current_user.can?("manage_#{controller_name}")
flash[:notice] = t(:not_allowed_to_manage, :area => controller_name)
redirect_to admin_root_path
@@ -14,9 +14,9 @@ def show
private
def find_user
- @user = User.find_by_permalink(params[:user_id])
- rescue ActiveRecord::RecordNotFound
- flash[:notice] = t(:user_not_found)
- redirect_to admin_users_path
+ @user = User.find_by_permalink!(params[:user_id])
+ rescue ActiveRecord::RecordNotFound
+ flash[:notice] = t(:user_not_found)
+ redirect_to admin_users_path
end
end
@@ -17,13 +17,13 @@ def new
def create
@topic = Topic.find(params[:topic_id], :include => :posts)
- posts = @topic.posts
- @posts = posts.find(:all, :order => "id DESC", :limit => 10)
+
+ # The last 10 posts for this topic
+ @posts = @topic.posts.find(:all, :order => "id DESC", :limit => 10)
@post = @topic.posts.build(params[:post].merge!(:user => current_user, :ip => @ip))
if @post.save
- @topic.set_last_post
flash[:notice] = t(:post_created)
go_directly_to_post
else
@@ -70,16 +70,22 @@ def destroy
# Not using the find_post method here because we're storing it as quoting_post.
def reply
- quoting_post = Post.find(params[:id])
- @post = @topic.posts.build(:user => current_user)
- @post.text = "[quote=\"#{quoting_post.user}\"]#{quoting_post.text}[/quote]"
- render :action => "new"
+ if current_user.can?(:reply)
+ quoting_post = Post.find(params[:id])
+ @post = @topic.posts.build(:user => current_user)
+ @post.text = "[quote=\"#{quoting_post.user}\"]#{quoting_post.text}[/quote]"
+ render :action => "new"
+ else
+ flash[:notice] = t(:can_not_reply)
+ redirect_to forum_topic_path(@topic.forum, @topic)
+ end
+
end
private
def not_found
- flash[:notice] = t(:post_does_not_exist)
+ flash[:notice] = t(:post_not_found)
redirect_back_or_default(forums_path)
end
@@ -104,7 +110,8 @@ def create_ip
end
def check_ownership
- unless current_user.can?(:edit_own_posts, @post.forum) || current_user.can?(:edit_posts, @post.forum)
+ if (@post.belongs_to?(current_user) && !current_user.can?(:edit_own_posts, @post.forum)) ||
+ (!@post.belongs_to?(current_user) && !current_user.can?(:edit_posts, @post.forum))
flash[:notice] = t(:Cannot_edit_post)
redirect_back_or_default(forums_path)
end
@@ -8,17 +8,15 @@ def index
end
def show
- @user = User.find_by_permalink(params[:id])
- if !@user.nil?
- @posts_percentage = Post.count > 0 ? @user.posts.size.to_f / Post.count.to_f * 100 : 0
- else
+ @user = User.find_by_permalink!(params[:id])
+ @posts_percentage = Post.count > 0 ? @user.posts.size.to_f / Post.count.to_f * 100 : 0
+ rescue ActiveRecord::RecordNotFound
flash[:notice] = t(:user_not_found)
- redirect_back_or_default(forums_path)
- end
+ redirect_back_or_default(users_path)
end
def edit
- @themes = Theme.find(:all, :order => "name ASC")
+ @themes = Theme.all
end
def update
@@ -36,7 +34,7 @@ def update
def ip_is_banned
unless ip_banned?
flash[:notice] = t(:ip_is_banned)
- redirect_to forums_path
end
+ redirect_to forums_path
end
end
View
@@ -1,4 +1,5 @@
class Group < ActiveRecord::Base
+ default_scope :order => "name ASC"
belongs_to :owner, :class_name => "User"
has_many :group_users
View
@@ -26,6 +26,7 @@ class Post < ActiveRecord::Base
after_create :log_ip
after_create :update_forum
before_create :stop_spam
+ after_create :find_latest_post
after_destroy :find_latest_post
before_create :increment_counter
View
@@ -1,4 +1,5 @@
class Theme < ActiveRecord::Base
+ default_scope :order => "name asc"
has_many :users
validates_presence_of :name
@@ -2,7 +2,7 @@
# Uncomment this to force production mode.
ENV['RAILS_ENV'] = 'development'
-RAILS_GEM_VERSION = '2.2.2' unless defined? RAILS_GEM_VERSION
+RAILS_GEM_VERSION = '2.3.2' unless defined? RAILS_GEM_VERSION
require File.join(File.dirname(__FILE__), 'boot')
if File.readlines("config/database.yml").empty?
@@ -354,7 +354,6 @@
:Post => "Post",
:post_created => "Post has been created.",
:Post_excerpt => "Post excerpt",
- :post_does_not_exist => "The post you were looking for could not be found.",
:post_or_edit_not_found => "The post or edit you were looking for cannot be found.",
:post_or_topic_not_found => "The post or topic you were looking for cannot be found.",
:post_was_deleted => "Post was deleted.",
@@ -0,0 +1,9 @@
+class CanManageIps < ActiveRecord::Migration
+ def self.up
+ add_column :permissions, :can_manage_ips, :boolean, :default => false
+ end
+
+ def self.down
+ remove_column :permissions, :can_manage_ips
+ end
+end
@@ -0,0 +1,9 @@
+class CanManagePosts < ActiveRecord::Migration
+ def self.up
+ add_column :permissions, :can_manage_posts, :boolean, :default => false
+ end
+
+ def self.down
+ remove_column :permissions, :can_manage_posts
+ end
+end
@@ -0,0 +1,9 @@
+class CanManageTopics < ActiveRecord::Migration
+ def self.up
+ add_column :permissions, :can_manage_topics, :boolean, :default => false
+ end
+
+ def self.down
+ remove_column :permissions, :can_manage_topics
+ end
+end
View
@@ -9,7 +9,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20090404081237) do
+ActiveRecord::Schema.define(:version => 20090404115832) do
create_table "banned_ips", :force => true do |t|
t.string "ip"
@@ -147,6 +147,9 @@
t.boolean "default", :default => false
t.boolean "can_manage_themes", :default => false
t.boolean "can_edit_own_topics", :default => false
+ t.boolean "can_manage_ips", :default => false
+ t.boolean "can_manage_posts", :default => false
+ t.boolean "can_manage_topics", :default => false
end
create_table "posts", :force => true do |t|
@@ -1,7 +1,7 @@
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
describe Admin::CategoriesController do
- fixtures :categories, :forums, :users
+ fixtures :categories, :forums, :users, :groups, :group_users, :permissions
before do
@category = mock_model(Category)
@@ -1,51 +1,26 @@
require File.dirname(__FILE__) + '/../spec_helper'
describe Admin::IpsController do
- fixtures :users, :ips
+ fixtures :users, :ips, :groups, :permissions, :group_users
before do
login_as(:administrator)
- @user = mock_model(User)
- @users = [@user]
- @ip = mock_model(Ip)
- @ips = [@ip]
- User.should_receive(:find).twice.and_return(@user)
- @user.stub!(:per_page).and_return(30)
- @user.stub!(:update_attribute)
- @user.stub!(:time_zone)
- @user.should_receive(:admin?).and_return(true)
end
it "should show the ips for a specific user" do
- @user.should_receive(:ips).and_return(@ips)
- @ips.should_receive(:find).with(:all, :include => [:topics, :posts]).and_return(@ips)
- get 'index', :user_id => 1
+ get 'index', :user_id => "plebian"
+ response.should render_template("index")
end
it "should show a specific ip" do
- Ip.should_receive(:find).with("1", :include => [:topics, :posts]).and_return(@ips)
- get 'show', :id => 1
+ get 'show', :id => ips(:localhost)
+ response.should render_template("show")
end
-end
-describe Admin::IpsController, "when asked about an imaginary user" do
- fixtures :users
- before do
- login_as(:administrator)
- @user = mock_model(User)
- User.should_receive(:find).with(:first, :conditions => { :id => users(:administrator).id }).and_return(@user)
- @user.stub!(:per_page).and_return(30)
- @user.stub!(:update_attribute)
- @user.stub!(:time_zone)
- @user.stub!(:admin?).and_return(true)
- end
-
-
it "should not be able to find ips for an imaginary user" do
- User.should_receive(:find_by_permalink).with(1234567890).and_raise(ActiveRecord::RecordNotFound)
get 'index', :user_id => 1234567890
flash[:notice].should eql(t(:user_not_found))
response.should redirect_to(admin_users_path)
- end
-
-end
+ end
+
+end
@@ -11,7 +11,7 @@
end
describe Admin::PostsController, "admins" do
- fixtures :users, :posts, :ips
+ fixtures :users, :posts, :ips, :permissions, :group_users, :groups
before do
login_as(:administrator)
@@ -21,15 +21,13 @@
end
it "should be able to find all posts created by a specific IP" do
- Ip.should_receive(:find).and_return(@ip)
- @ip.should_receive(:posts).and_return(@posts)
- get 'index', :ip_id => 1
+ get 'index', :ip_id => ips(:localhost).id
+ response.should render_template("index")
end
it "should not be able to find posts created by an imaginary IP" do
- Ip.should_receive(:find).and_raise(ActiveRecord::RecordNotFound)
get 'index', :ip_id => 1234567890
- flash[:notice].should_not be_nil
+ flash[:notice].should eql(t(:ip_not_found))
response.should redirect_to(admin_root_path)
end
Oops, something went wrong.

0 comments on commit b68c04a

Please sign in to comment.