stupid simple support for a granular permissions system based on a content types table. h@xx

This commit is contained in:
John Bintz 2012-06-22 15:40:15 -04:00
parent 60cb10c4ca
commit 33b3e5a600
2 changed files with 20 additions and 1 deletions

View File

@ -22,26 +22,31 @@ module Locomotive
def show def show
@content_entry = @content_type.entries.find(params[:id]) @content_entry = @content_type.entries.find(params[:id])
authorize! params[:action].to_sym, @content_entry
respond_with @content_entry respond_with @content_entry
end end
def new def new
@content_entry = @content_type.entries.build @content_entry = @content_type.entries.build
authorize! params[:action].to_sym, @content_entry
respond_with @content_entry respond_with @content_entry
end end
def create def create
@content_entry = @content_type.entries.create(params[:content_entry]) @content_entry = @content_type.entries.create(params[:content_entry])
authorize! params[:action].to_sym, @content_entry
respond_with @content_entry, :location => edit_content_entry_url(@content_type.slug, @content_entry._id) respond_with @content_entry, :location => edit_content_entry_url(@content_type.slug, @content_entry._id)
end end
def edit def edit
@content_entry = @content_type.entries.find(params[:id]) @content_entry = @content_type.entries.find(params[:id])
authorize! params[:action].to_sym, @content_entry
respond_with @content_entry respond_with @content_entry
end end
def update def update
@content_entry = @content_type.entries.find(params[:id]) @content_entry = @content_type.entries.find(params[:id])
authorize! params[:action].to_sym, @content_entry
@content_entry.update_attributes(params[:content_entry]) @content_entry.update_attributes(params[:content_entry])
respond_with @content_entry, :location => edit_content_entry_url(@content_type.slug, @content_entry._id) respond_with @content_entry, :location => edit_content_entry_url(@content_type.slug, @content_entry._id)
end end
@ -51,8 +56,10 @@ module Locomotive
respond_with @content_type respond_with @content_type
end end
def destroy def destroy
@content_entry = @content_type.entries.find(params[:id]) @content_entry = @content_type.entries.find(params[:id])
authorize! params[:action].to_sym, @content_entry
@content_entry.destroy @content_entry.destroy
respond_with @content_entry, :location => content_entries_url(@content_type.slug) respond_with @content_entry, :location => content_entries_url(@content_type.slug)
end end

View File

@ -32,7 +32,19 @@ module Locomotive
can :touch, [Page, ThemeAsset] can :touch, [Page, ThemeAsset]
can :sort, Page can :sort, Page
can :manage, [ContentEntry, ContentAsset] can :manage, [ContentEntry, ContentAsset] do |entry|
result = true
if perm_defs = ContentType.where(:slug => 'permissions').first
perms = perm_defs.entries.where(:user_email => @account.email).collect(&:types).collect { |types| types.split(',') }.flatten
if !perms.empty?
result = perms.any? { |perm| perm == entry.content_type.slug }
end
end
result
end
can :touch, Site do |site| can :touch, Site do |site|
site == @site site == @site