Skip to content
Browse files

Only show draft pages (not @page.live?) when a user is logged in with…

… access to the pages plugin.
  • Loading branch information...
1 parent f24afd7 commit ae7b1a21faf16ceac366990e7cebb2407f724388 @parndt parndt committed Oct 30, 2009
View
4 vendor/plugins/authentication/app/models/user.rb
@@ -86,6 +86,10 @@ def plugins=(plugin_titles)
end
end
end
+
+ def authorized_plugins
+ self.plugins.collect {|p| p.title} | Refinery::Plugins.always_allowed.titles
+ end
def remember_token?
remember_token_expires_at && Time.now.utc < remember_token_expires_at
View
22 vendor/plugins/pages/app/controllers/pages_controller.rb
@@ -1,20 +1,20 @@
class PagesController < ApplicationController
def home
- @page = Page.find_by_link_url("/", :include => [:parts, :slugs])
- error_404 if @page.nil?
+ @page = Page.find_by_link_url("/", :include => [:parts, :slugs])
+ error_404 if @page.nil?
end
- def show
- @page = Page.find(params[:id], :include => [:parts, :slugs])
+ def show
+ @page = Page.find(params[:id], :include => [:parts, :slugs])
- error_404 unless @page.live?
+ error_404 unless @page.live? or (logged_in? and current_user.authorized_plugins.include?("Pages"))
- # if the admin wants this to be a "placeholder" page which goes to its first child, go to that instead.
- if @page.skip_to_first_child
- first_live_child = @page.children.find_by_draft(false, :order => "position ASC")
- redirect_to first_live_child.url unless first_live_child.nil?
- end
- end
+ # if the admin wants this to be a "placeholder" page which goes to its first child, go to that instead.
+ if @page.skip_to_first_child
+ first_live_child = @page.children.find_by_draft(false, :order => "position ASC")
+ redirect_to first_live_child.url unless first_live_child.nil?
+ end
+ end
end
View
7 vendor/plugins/pages/app/views/pages/show.html.erb
@@ -7,4 +7,9 @@
<div id='body_content_right' class='clearfix'>
<%= @page[:side_body] %>
</div>
-</div>
+</div>
+<% unless @page.live? %>
+ <div style='border: 1px solid #A00027;color: #A00027;background: #FFB1B1;padding:3px 9px;font-weight:bold;width:auto'>
+ This page is NOT live for public viewing.
+ </div>
+<% end %>
View
2 vendor/plugins/refinery/lib/refinery/admin_base_controller.rb
@@ -23,7 +23,7 @@ def error_404
end
def restrict_plugins
- Refinery::Plugins.set_active( current_user.plugins.collect {|p| p.title} | Refinery::Plugins.always_allowed.titles ) if current_user.respond_to? :plugins
+ Refinery::Plugins.set_active( current_user.authorized_plugins ) if current_user.respond_to? :plugins
end
def restrict_controller
View
60 vendor/plugins/refinery/lib/refinery/plugins.rb
@@ -4,50 +4,50 @@ class Plugins < Array
def initialize
@plugins = []
end
-
+
def find_by_title(title)
self.reject { |plugin| plugin.title != title }.first
end
-
+
def find_by_model(model)
self.reject { |plugin| plugin.activity.reject {|activity| activity.class != model }.empty? }.first
end
-
+
def find_activity_by_model(model)
plugin = find_by_model(model)
plugin.activity.reject {|activity| activity.class != model}.first unless plugin.nil?
end
-
+
def [](title)
self.find { |plugin| plugin.title == title }
end
- def self.registered
- @registered_plugins ||= self.new
- end
-
- def titles
- self.collect { |p| p.title }
- end
-
- def in_menu
- self.reject{ |p| p.hide_from_menu }
- end
-
- def self.active
- @active_plugins ||= self.new
- end
-
- def self.always_allowed
- registered.reject { |p| !p.always_allow_access }
- end
-
- def self.set_active(titles)
- active.clear
- titles.each do |title|
- active << registered[title] if registered[title]
- end
- end
+ def self.registered
+ @registered_plugins ||= self.new
+ end
+
+ def titles
+ self.collect { |p| p.title }
+ end
+
+ def in_menu
+ self.reject{ |p| p.hide_from_menu }
+ end
+
+ def self.active
+ @active_plugins ||= self.new
+ end
+
+ def self.always_allowed
+ registered.reject { |p| !p.always_allow_access }
+ end
+
+ def self.set_active(titles)
+ active.clear
+ titles.each do |title|
+ active << registered[title] if registered[title]
+ end
+ end
end
end

0 comments on commit ae7b1a2

Please sign in to comment.
Something went wrong with that request. Please try again.