stupid simple support for a granular permissions system based on a content types table. h@xx

2012-06-22 15:40:15 -04:00 · 2012-06-22 15:40:15 -04:00 · 33b3e5a600
commit 33b3e5a600
parent 60cb10c4ca
2 changed files with 20 additions and 1 deletions
--- a/app/controllers/locomotive/content_entries_controller.rb
+++ b/app/controllers/locomotive/content_entries_controller.rb
@ -22,26 +22,31 @@ module Locomotive

    def show
      @content_entry = @content_type.entries.find(params[:id])
+      authorize! params[:action].to_sym, @content_entry
      respond_with @content_entry
    end

    def new
      @content_entry = @content_type.entries.build
+      authorize! params[:action].to_sym, @content_entry
      respond_with @content_entry
    end

    def create
      @content_entry = @content_type.entries.create(params[:content_entry])
+      authorize! params[:action].to_sym, @content_entry
      respond_with @content_entry, :location => edit_content_entry_url(@content_type.slug, @content_entry._id)
    end

    def edit
      @content_entry = @content_type.entries.find(params[:id])
+      authorize! params[:action].to_sym, @content_entry
      respond_with @content_entry
    end

    def update
      @content_entry = @content_type.entries.find(params[:id])
+      authorize! params[:action].to_sym, @content_entry
      @content_entry.update_attributes(params[:content_entry])
      respond_with @content_entry, :location => edit_content_entry_url(@content_type.slug, @content_entry._id)
    end
@ -51,8 +56,10 @@ module Locomotive
      respond_with @content_type
    end

+
    def destroy
      @content_entry = @content_type.entries.find(params[:id])
+      authorize! params[:action].to_sym, @content_entry
      @content_entry.destroy
      respond_with @content_entry, :location => content_entries_url(@content_type.slug)
    end
--- a/app/models/locomotive/ability.rb
+++ b/app/models/locomotive/ability.rb
@ -32,7 +32,19 @@ module Locomotive
      can :touch, [Page, ThemeAsset]
      can :sort, Page

-      can :manage, [ContentEntry, ContentAsset]
+      can :manage, [ContentEntry, ContentAsset] do |entry|
+        result = true
+
+        if perm_defs = ContentType.where(:slug => 'permissions').first
+          perms = perm_defs.entries.where(:user_email => @account.email).collect(&:types).collect { |types| types.split(',') }.flatten
+
+          if !perms.empty?
+            result = perms.any? { |perm| perm == entry.content_type.slug }
+          end
+        end
+
+        result
+      end

      can :touch, Site do |site|
        site == @site