Permalink
Browse files

adding roles - NOTE: new migration!

Added Role model and association on User, with default roles of admin, moderator, and member. Please make sure to run the new migration and tests, or your application will break.
  • Loading branch information...
1 parent 145b62e commit 0f6d1e6a0cb5f85f512feadae7320d18d0d72675 Bruno Bornsztein committed Jun 10, 2008
Showing with 157 additions and 52 deletions.
  1. +7 −0 README
  2. +1 −1 about.yml
  3. +8 −2 app/controllers/posts_controller.rb
  4. +10 −1 app/controllers/users_controller.rb
  5. +5 −0 app/models/role.rb
  6. +15 −1 app/models/user.rb
  7. +1 −1 app/views/posts/show.html.haml
  8. +2 −2 app/views/topics/show.html.haml
  9. +2 −0 app/views/users/_profile_user_info_sidebar.html.haml
  10. +28 −0 db/migrate/056_create_roles.rb
  11. +5 −1 lib/authenticated_system.rb
  12. +1 −0 routes.rb
  13. +9 −0 test/fixtures/roles.yml
  14. +13 −10 test/fixtures/users.yml
  15. +1 −1 test/functional/activities_controller_test.rb
  16. +1 −1 test/functional/admin_controller_test.rb
  17. +1 −1 test/functional/ads_controller_test.rb
  18. +1 −1 test/functional/base_controller_test.rb
  19. +1 −1 test/functional/categories_controller_test.rb
  20. +1 −1 test/functional/clippings_controller_test.rb
  21. +1 −1 test/functional/comments_controller_test.rb
  22. +1 −1 test/functional/contests_controller_test.rb
  23. +1 −1 test/functional/events_controller_test.rb
  24. +1 −1 test/functional/favorites_controller_test.rb
  25. +1 −1 test/functional/friendships_controller_test.rb
  26. +1 −1 test/functional/homepage_features_controller_test.rb
  27. +1 −1 test/functional/invitations_controller_test.rb
  28. +1 −1 test/functional/metro_areas_controller_test.rb
  29. +1 −1 test/functional/offerings_controller_test.rb
  30. +1 −1 test/functional/photos_controller_test.rb
  31. +1 −1 test/functional/posts_controller_test.rb
  32. +1 −1 test/functional/sessions_controller_test.rb
  33. +1 −1 test/functional/skills_controller_test.rb
  34. +1 −1 test/functional/statistics_controller_test.rb
  35. +1 −1 test/functional/tags_controller_test.rb
  36. +18 −1 test/functional/users_controller_test.rb
  37. +1 −1 test/functional/votes_controller_test.rb
  38. +1 −1 test/unit/asset_test.rb
  39. +1 −1 test/unit/clipping_image_test.rb
  40. +1 −1 test/unit/clipping_test.rb
  41. +1 −1 test/unit/comment_test.rb
  42. +1 −1 test/unit/favorite_test.rb
  43. +1 −1 test/unit/friendship_test.rb
  44. +1 −1 test/unit/invitation_test.rb
  45. +1 −1 test/unit/post_test.rb
  46. +1 −1 test/unit/user_notifier_test.rb
  47. +1 −1 test/unit/user_test.rb
View
7 README
@@ -110,6 +110,13 @@ Finally, you'll need an S3 account for S3 photo uploading.
CommunityEngine includes the s3.rake tasks for backing up your site to S3. If you plan on using these, you'll need to add a file in RAILS_ROOT/config/s3.yml. (Sample in sample_files/s3.yml)
+## ROLES ##
+CommunityEngine Users have a Role (by default, it's admin, moderator, or member)
+To set a user as an admin, you must manually change his role_id through the database.
+Once logged in as an admin, you'll be able to toggle other users between moderator and member (just go to their profile page and look on the sidebar.)
+Admins and moderators can edit and delete other users posts.
+
+
## THEMES ##
To create a theme:
1. Add a 'themes' directory in RAILS_ROOT with the following structure:
View
@@ -4,4 +4,4 @@ homepage: http://www.missingmethod.com
summary: A social networking engine
description: Adds basic social networking capabilities to your existing application, including users, blogs, photos, clippings, favorites, and more.
license: MIT
-version: 0.10.2
+version: 0.10.3
@@ -11,7 +11,7 @@ def cache_action?(action_name)
before_filter :login_required, :only => [:new, :edit, :update, :destroy, :create, :manage]
before_filter :find_user, :only => [:new, :edit, :index, :show, :update_view, :manage]
- before_filter :require_current_user, :only => [:create, :edit, :update, :destroy, :manage]
+ before_filter :require_ownership_or_moderator, :only => [:create, :edit, :update, :destroy, :manage]
def manage
@posts = @user.posts.find_without_published_as(:all, :page => {:current => params[:page], :size => 10}, :order => 'published_at DESC')
@@ -230,6 +230,12 @@ def category_tips_update
render :partial => "/categories/tips", :locals => {:category => nil}
end
-
+ def require_ownership_or_moderator
+ @user ||= User.find(params[:user_id] || params[:id] )
+ unless admin? || moderator? || (@user && (@user.eql?(current_user)))
+ redirect_to :controller => 'sessions', :action => 'new' and return false
+ end
+ return @user
+ end
end
@@ -22,7 +22,7 @@ def require_invitation
before_filter :require_current_user, :only => [:edit, :update, :update_account,
:edit_pro_details, :update_pro_details,
:welcome_photo, :welcome_about, :welcome_invite]
- before_filter :admin_required, :only => [:assume, :destroy, :featured, :toggle_featured]
+ before_filter :admin_required, :only => [:assume, :destroy, :featured, :toggle_featured, :toggle_moderator]
before_filter :admin_or_current_user_required, :only => [:statistics]
def activate
@@ -78,6 +78,7 @@ def new
def create
@user = User.new(params[:user])
+ @user.role = Role[:member]
@user.save!
create_friendship_with_inviter(@user, params)
flash[:notice] = "Thanks for signing up! You should receive an e-mail confirmation shortly at #{@user.email}"
@@ -307,6 +308,14 @@ def toggle_featured
@user.toggle!(:featured_writer)
redirect_to user_path(@user)
end
+
+ def toggle_moderator
+ @user = User.find(params[:id])
+ @user.role = @user.moderator? ? Role[:member] : Role[:moderator]
+ @user.save!
+ redirect_to user_path(@user)
+ end
+
def statistics
if params[:date]
View
@@ -0,0 +1,5 @@
+class Role < ActiveRecord::Base
+ acts_as_enumerated
+ validates_presence_of :name
+end
+
View
@@ -6,7 +6,8 @@ class User < ActiveRecord::Base
MALE = 'M'
FEMALE = 'F'
- attr_protected :admin, :featured
+ attr_protected :admin, :featured, :role_id
+
before_save :encrypt_password, :whitelist_attributes
before_create :make_activation_code
after_create :update_last_login
@@ -39,6 +40,8 @@ class User < ActiveRecord::Base
has_many :invitations, :dependent => :destroy
has_many :offerings, :dependent => :destroy
+ has_enumerated :role
+
#friends
has_many :friendships, :class_name => "Friendship", :foreign_key => "user_id", :dependent => :destroy
has_many :accepted_friendships, :class_name => "Friendship", :conditions => ['friendship_status_id = ?', 2]
@@ -377,6 +380,17 @@ def recommended_posts(since = 1.week.ago)
def display_name
login
end
+
+ def admin?
+ role && role.eql?(Role[:admin])
+ end
+ def moderator?
+ role && role.eql?(Role[:moderator])
+ end
+ def member?
+ role && role.eql?(Role[:member])
+ end
+
#from savage beast
@@ -24,7 +24,7 @@
%a{:href=>"#", :onclick=>"showSendTo_friend(); return false;", :title=>"E-mail this story to friends"} E-mail to friends
%li.share
%script{:type=>"text/javascript", :src=>"http://w.sharethis.com/widget/?tabs=web&amp;charset=utf-8&amp;style=default&amp;publisher=4488bdef-d776-4c80-93e1-ac1fb8359971&amp;linkfg=%23131358"}
- -if @is_current_user || admin?
+ -if @is_current_user || admin? || moderator?
%li.edit= link_to "Edit", edit_user_post_path(@post.user, @post)
%li.delete= link_to "Delete", user_post_path(@post.user, @post), {:method => :delete, :confirm => 'Permanently delete this post?'}
@@ -17,8 +17,8 @@
#monitor_topic
%input#monitor_checkbox{:type=>"checkbox", :checked=> @monitoring, :onclick=>"monitor_click()"}
%label#monitor_label{"for"=>"monitor_checkbox"}
- Watch
- = "ing" if @monitoring
+
+ = "Watch#{@monitoring ? 'ing' : ''}"
= _('topic')
= hidden_field_tag '_method', 'delete' if @monitoring
= submit_tag :Set, :id => 'monitor_submit'
@@ -7,6 +7,8 @@
= link_to( "&raquo; Delete this user", user_path(@user), {:method => :delete, :confirm => 'Are you sure you want to permanently delete this user?'} )
%br/
= link_to( "&raquo; Toggle #{AppConfig.featured_writer_label}", toggle_featured_user_path(@user), {:method => :put} )
+ %br/
+ = link_to( "&raquo; Assign role: #{@user.moderator? ? 'member' : 'moderator'}", toggle_moderator_user_path(@user), {:method => :put} )
#profile_details.box.hentry
%h3
@@ -0,0 +1,28 @@
+class CreateRoles < ActiveRecord::Migration
+ def self.up
+ create_table :roles do |t|
+ t.column :name, :string
+ end
+
+ Role.enumeration_model_updates_permitted = true
+ Role.create(:name => 'admin')
+ Role.create(:name => 'moderator')
+ Role.create(:name => 'member')
+ Role.enumeration_model_updates_permitted = false
+
+ add_column :users, :role_id, :integer
+
+ #set all existing users to 'member'
+ User.update_all("role_id = #{Role[:member].id}", ["admin = ?", false])
+ #set admins to 'admin'
+ User.update_all("role_id = #{Role[:admin].id}", ["admin = ?", true])
+
+ remove_column :users, :admin
+ end
+
+ def self.down
+ drop_table :roles
+ remove_column :users, :role_id
+ add_column :users, :admin, :boolean, :default => false
+ end
+end
@@ -62,6 +62,10 @@ def admin?
logged_in? && current_user.admin?
end
+ def moderator?
+ logged_in? && current_user.moderator?
+ end
+
# Filter method to enforce a login requirement.
#
@@ -128,7 +132,7 @@ def redirect_back_or_default(default)
# Inclusion hook to make #current_user and #logged_in?
# available as ActionView helper methods.
def self.included(base)
- base.send :helper_method, :current_user, :logged_in?, :admin?
+ base.send :helper_method, :current_user, :logged_in?, :admin?, :moderator?
end
# When called with before_filter :login_from_cookie will check for an :auth_token
View
@@ -85,6 +85,7 @@
resources :users, :member_path => '/:id', :nested_member_path => '/:user_id', :member => {
:dashboard => :get,
:assume => :get,
+ :toggle_moderator => :put,
:toggle_featured => :put,
:change_profile_photo => :put,
:return_admin => :get,
View
@@ -0,0 +1,9 @@
+admin:
+ id: 1
+ name: admin
+moderator:
+ id: 2
+ name: moderator
+member:
+ id: 3
+ name: member
View
@@ -8,13 +8,13 @@ quentin:
created_at: <%= 5.days.ago.to_s :db %>
activated_at: <%= 5.days.ago.to_s :db %>
activation_code:
- admin: 0
state_id: 1
metro_area_id: 1
profile_public: true
login_slug: quentin
birthday: <%= 15.years.ago.to_s :db %>
activities_count: 0
+ role_id: 3
aaron:
id: 2
login: aaron
@@ -27,9 +27,9 @@ aaron:
activation_code:
sb_posts_count: 2
sb_last_seen_at: <%= 5.minutes.ago.to_s :db %>
- admin: 0
login_slug: aaron
birthday: <%= 15.years.ago.to_s :db %>
+ role_id: 3
kevin:
id: 3
login: kevin
@@ -40,9 +40,9 @@ kevin:
created_at: <%= 5.days.ago.to_s :db %>
activated_at: <%= 5.days.ago.to_s :db %>
activation_code:
- admin: 0
login_slug: kevin
birthday: <%= 15.years.ago.to_s :db %>
+ role_id: 3
admin:
id: 4
login: admin
@@ -53,9 +53,9 @@ admin:
created_at: <%= 1.days.ago.to_s :db %>
activated_at: <%= 30.minutes.ago.to_s :db %>
activation_code:
- admin: 1
login_slug: admin
birthday: <%= 15.years.ago.to_s :db %>
+ role_id: 1
dwr:
id: 5
login: dwreach
@@ -66,10 +66,10 @@ dwr:
created_at: <%= 1.days.ago.to_s :db %>
activated_at: <%= 30.minutes.ago.to_s :db %>
activation_code:
- admin: 0
vendor: 1
login_slug: dwreach
birthday: <%= 15.years.ago.to_s :db %>
+ role_id: 3
leopoldo:
id: 6
login: leopoldo
@@ -81,9 +81,9 @@ leopoldo:
activated_at: <%= 5.days.ago.to_s :db %>
metro_area_id: 4
activation_code:
- admin: 0
login_slug: leopoldo
birthday: <%= 15.years.ago.to_s :db %>
+ role_id: 3
florian:
id: 7
login: florian
@@ -95,9 +95,9 @@ florian:
activated_at: <%= 10.minutes.ago.to_s :db %>
metro_area_id: 5
activation_code:
- admin: 0
login_slug: florian
birthday: <%= 15.years.ago.to_s :db %>
+ role_id: 3
super_writer:
id: 8
login: superwriter
@@ -109,10 +109,10 @@ super_writer:
activated_at: <%= 10.minutes.ago.to_s :db %>
metro_area_id: 5
activation_code:
- admin: 0
featured_writer: 1
login_slug: superwriter
birthday: <%= 15.years.ago.to_s :db %>
+ role_id: 3
plumberbob:
id: 9
login: plumberbob
@@ -123,10 +123,10 @@ plumberbob:
created_at: <%= 1.days.ago.to_s :db %>
activated_at: <%= 30.minutes.ago.to_s :db %>
activation_code:
- admin: 0
vendor: 1
login_slug: plumberbob
birthday: <%= 15.years.ago.to_s :db %>
+ role_id: 3
privateuser:
id: 10
login: privateuser
@@ -137,11 +137,11 @@ privateuser:
created_at: <%= 1.days.ago.to_s :db %>
activated_at: <%= 30.minutes.ago.to_s :db %>
activation_code:
- admin: 0
vendor: 0
login_slug: privateuser
profile_public: 0
birthday: <%= 15.years.ago.to_s :db %>
+ role_id: 3
sam:
id: 11
login: sam
@@ -152,6 +152,7 @@ sam:
sb_last_seen_at: <%= 4.minutes.ago.to_s :db %>
activated_at: <%= 5.days.ago.to_s :db %>
activation_code:
+ role_id: 3
joe:
id: 12
login: joe
@@ -162,6 +163,7 @@ joe:
sb_last_seen_at: <%= 4.minutes.ago.to_s :db %>
activated_at: <%= 5.days.ago.to_s :db %>
activation_code:
+ role_id: 3
kyle:
id: 13
login: kyle
@@ -171,4 +173,5 @@ kyle:
sb_posts_count: 0
activated_at: <%= 5.days.ago.to_s :db %>
activation_code:
+ role_id: 3
@@ -5,7 +5,7 @@
class ActivitiesController; def rescue_action(e) raise e end; end
class ActivitiesControllerTest < Test::Unit::TestCase
- fixtures :users, :categories, :posts, :comments
+ fixtures :users, :categories, :posts, :comments, :roles
def setup
@controller = ActivitiesController.new
@@ -5,7 +5,7 @@
class AdminController; def rescue_action(e) raise e end; end
class AdminControllerTest < Test::Unit::TestCase
- fixtures :users, :categories
+ fixtures :users, :categories, :roles
def setup
@controller = AdminController.new
@@ -5,7 +5,7 @@
class AdsController; def rescue_action(e) raise e end; end
class AdsControllerTest < Test::Unit::TestCase
- fixtures :ads, :users, :categories
+ fixtures :ads, :users, :categories, :roles
def setup
@controller = AdsController.new
@@ -7,7 +7,7 @@
# class BaseController < ApplicationController; def rescue_action(e) raise e end; end
class BaseControllerTest < Test::Unit::TestCase
- fixtures :clippings, :users, :photos, :homepage_features, :taggings, :tags, :posts, :categories
+ fixtures :clippings, :users, :photos, :homepage_features, :taggings, :tags, :posts, :categories, :roles
def setup
@controller = BaseController.new
Oops, something went wrong.

0 comments on commit 0f6d1e6

Please sign in to comment.