From 37d10aa25bc18d340d5559f49fc06d956d478319 Mon Sep 17 00:00:00 2001 From: did Date: Wed, 6 Jul 2011 11:48:04 -0700 Subject: [PATCH] fix bug #104 --- ...nt_sites_controller.rb => current_site_controller.rb} | 2 +- app/controllers/admin/memberships_controller.rb | 1 + ...y_accounts_controller.rb => my_account_controller.rb} | 2 +- app/models/ability.rb | 9 +++++++++ .../{current_sites => current_site}/_form.html.haml | 4 ++-- .../admin/{current_sites => current_site}/edit.html.haml | 0 .../admin/{my_accounts => my_account}/edit.html.haml | 0 config/locales/admin_ui.de.yml | 4 ++-- config/locales/admin_ui.en.yml | 4 ++-- config/locales/admin_ui.es.yml | 4 ++-- config/locales/admin_ui.fr.yml | 4 ++-- config/locales/admin_ui.it.yml | 4 ++-- config/locales/admin_ui.nl.yml | 4 ++-- config/locales/admin_ui.pt-BR.yml | 4 ++-- config/locales/flash.de.yml | 4 ++-- config/locales/flash.en.yml | 4 ++-- config/locales/flash.es.yml | 4 ++-- config/locales/flash.fr.yml | 4 ++-- config/locales/flash.it.yml | 4 ++-- config/locales/flash.nl.yml | 4 ++-- config/locales/flash.pt-BR.yml | 4 ++-- config/routes.rb | 4 ++-- doc/TODO | 1 + features/admin/authorization/current_site.feature | 4 ++-- 24 files changed, 47 insertions(+), 36 deletions(-) rename app/controllers/admin/{current_sites_controller.rb => current_site_controller.rb} (93%) rename app/controllers/admin/{my_accounts_controller.rb => my_account_controller.rb} (89%) rename app/views/admin/{current_sites => current_site}/_form.html.haml (97%) rename app/views/admin/{current_sites => current_site}/edit.html.haml (100%) rename app/views/admin/{my_accounts => my_account}/edit.html.haml (100%) diff --git a/app/controllers/admin/current_sites_controller.rb b/app/controllers/admin/current_site_controller.rb similarity index 93% rename from app/controllers/admin/current_sites_controller.rb rename to app/controllers/admin/current_site_controller.rb index 154fbdae..a54267c7 100644 --- a/app/controllers/admin/current_sites_controller.rb +++ b/app/controllers/admin/current_site_controller.rb @@ -1,5 +1,5 @@ module Admin - class CurrentSitesController < BaseController + class CurrentSiteController < BaseController defaults :instance_name => 'site' diff --git a/app/controllers/admin/memberships_controller.rb b/app/controllers/admin/memberships_controller.rb index d379dad1..702207bc 100644 --- a/app/controllers/admin/memberships_controller.rb +++ b/app/controllers/admin/memberships_controller.rb @@ -5,6 +5,7 @@ module Admin def create @membership = current_site.memberships.build(params[:membership]) + @membership.role = 'author' # force author by default case @membership.process! when :create_account diff --git a/app/controllers/admin/my_accounts_controller.rb b/app/controllers/admin/my_account_controller.rb similarity index 89% rename from app/controllers/admin/my_accounts_controller.rb rename to app/controllers/admin/my_account_controller.rb index dad74354..950cb5c2 100644 --- a/app/controllers/admin/my_accounts_controller.rb +++ b/app/controllers/admin/my_account_controller.rb @@ -1,5 +1,5 @@ module Admin - class MyAccountsController < BaseController + class MyAccountController < BaseController sections 'settings', 'account' diff --git a/app/models/ability.rb b/app/models/ability.rb index 8d824bb4..e888574f 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -60,9 +60,18 @@ class Ability can :point, Site can :manage, Membership + + cannot :change_role, Membership do |membership| + @membership.account_id == membership.account_id || # can not edit myself + membership.admin? # can not modify an administrator + end end def setup_admin_permissions! can :manage, :all + + cannot :change_role, Membership do |membership| + @membership.account_id == membership.account_id # can not edit myself + end end end diff --git a/app/views/admin/current_sites/_form.html.haml b/app/views/admin/current_site/_form.html.haml similarity index 97% rename from app/views/admin/current_sites/_form.html.haml rename to app/views/admin/current_site/_form.html.haml index a8039703..a864df52 100644 --- a/app/views/admin/current_sites/_form.html.haml +++ b/app/views/admin/current_site/_form.html.haml @@ -42,7 +42,7 @@ %button{ :class => 'button light add', :type => 'button' } %span!= t('admin.buttons.new_item') -- if can?(:manage, Membership) +- if can?(:index, Membership) = f.foldable_inputs :name => :memberships, :class => 'memberships off' do = f.semantic_fields_for :memberships do |fm| @@ -54,7 +54,7 @@ %em.email= account.email - - if current_admin != account + - if can?(:change_role, membership) .role %em.editable= t("admin.memberships.roles.#{membership.role}") diff --git a/app/views/admin/current_sites/edit.html.haml b/app/views/admin/current_site/edit.html.haml similarity index 100% rename from app/views/admin/current_sites/edit.html.haml rename to app/views/admin/current_site/edit.html.haml diff --git a/app/views/admin/my_accounts/edit.html.haml b/app/views/admin/my_account/edit.html.haml similarity index 100% rename from app/views/admin/my_accounts/edit.html.haml rename to app/views/admin/my_account/edit.html.haml diff --git a/config/locales/admin_ui.de.yml b/config/locales/admin_ui.de.yml index 22054fca..4990445a 100644 --- a/config/locales/admin_ui.de.yml +++ b/config/locales/admin_ui.de.yml @@ -136,7 +136,7 @@ de: title: Neue Webseite help: "Fülle das folgende Formular aus, um eine neue Webseite zu erstellen." - current_sites: + current_site: edit: import: Importieren new_membership: Account hinzufügen @@ -153,7 +153,7 @@ de: title: Neuer Account help: "Fülle das folgende Formular aus, um einen neuen Account anzulegen." - my_accounts: + my_account: edit: help: "Deinen Namen kannst du durch darauf klicken ändern." new_site: Neue Webseite diff --git a/config/locales/admin_ui.en.yml b/config/locales/admin_ui.en.yml index 136c1f08..a0ab8da7 100644 --- a/config/locales/admin_ui.en.yml +++ b/config/locales/admin_ui.en.yml @@ -139,7 +139,7 @@ en: title: New site help: "Fill in the form below to create your new site." - current_sites: + current_site: edit: export: export import: import @@ -161,7 +161,7 @@ en: title: New account help: "Fill in the form below to add a new account." - my_accounts: + my_account: edit: help: "Your name can be updated by clicking it. To apply your changes, click on the \"Update\" button." new_site: new site diff --git a/config/locales/admin_ui.es.yml b/config/locales/admin_ui.es.yml index 67cf166e..220c16de 100644 --- a/config/locales/admin_ui.es.yml +++ b/config/locales/admin_ui.es.yml @@ -133,7 +133,7 @@ es: title: Nuevo sitio help: "Rellene el siguiente formulario para crear su nuevo sitio." - current_sites: + current_site: edit: import: importar new_membership: añadir cuenta @@ -150,7 +150,7 @@ es: title: Nueva cuenta help: "Rellene el siguiente formulario para añadir una nueva cuenta." - my_accounts: + my_account: edit: help: "Para cambiar su nombre, haga click en él." new_site: nuevo sitio diff --git a/config/locales/admin_ui.fr.yml b/config/locales/admin_ui.fr.yml index 9329231d..b21752dc 100644 --- a/config/locales/admin_ui.fr.yml +++ b/config/locales/admin_ui.fr.yml @@ -140,7 +140,7 @@ fr: title: "Nouveau site" help: "Remplissez le formulaire ci-dessous pour créer votre nouveau site." - current_sites: + current_site: edit: export: exporter import: importer @@ -162,7 +162,7 @@ fr: title: Nouveau compte help: "Remplissez le formulaire ci-dessous pour ajouter un nouveau compte." - my_accounts: + my_account: edit: help: "Votre nom est modifiable en cliquant dessus. Pour appliquer votre modification, cliquez après sur le bouton \"Modifier\"" new_site: nouveau site diff --git a/config/locales/admin_ui.it.yml b/config/locales/admin_ui.it.yml index d23ba958..971a7b74 100644 --- a/config/locales/admin_ui.it.yml +++ b/config/locales/admin_ui.it.yml @@ -134,7 +134,7 @@ it: title: Nuovo sito help: "Compila il modulo sottostante per creare il nuovo sito." - current_sites: + current_site: edit: import: importa new_membership: aggiungi account @@ -151,7 +151,7 @@ it: title: Nuovo account help: "Compila il modulo sottostante per aggiugere un nuovo account." - my_accounts: + my_account: edit: help: "Puoi modificare il tuo nome cliccandoci sopra." new_site: nuovo sito diff --git a/config/locales/admin_ui.nl.yml b/config/locales/admin_ui.nl.yml index b1d8cec6..14f53486 100644 --- a/config/locales/admin_ui.nl.yml +++ b/config/locales/admin_ui.nl.yml @@ -132,7 +132,7 @@ nl: title: Nieuwe website help: "Vul onderstaande formulier in om uw nieuwe website aan te maken." - current_sites: + current_site: edit: import: importeren new_membership: voeg account toe @@ -149,7 +149,7 @@ nl: title: Nieuw account help: "Vul onderstaande formulier in om een nieuw account aan te maken" - my_accounts: + my_account: edit: help: "Uw naam kan gewijzigd worden door het aan te klikken" new_site: nieuwe website diff --git a/config/locales/admin_ui.pt-BR.yml b/config/locales/admin_ui.pt-BR.yml index 8d938b24..5f5a186d 100644 --- a/config/locales/admin_ui.pt-BR.yml +++ b/config/locales/admin_ui.pt-BR.yml @@ -131,7 +131,7 @@ pt-BR: title: Novo site help: "Preencha o formulário a seguir para criar um novo site." - current_sites: + current_site: edit: import: importar new_membership: adicionar conta @@ -148,7 +148,7 @@ pt-BR: title: Nova conta help: "Preencha o formulário a seguir para criar uma nova conta." - my_accounts: + my_account: edit: help: "Seu nome pode ser atualizado clicando nele." new_site: novo site diff --git a/config/locales/flash.de.yml b/config/locales/flash.de.yml index 1b42a981..543650d0 100644 --- a/config/locales/flash.de.yml +++ b/config/locales/flash.de.yml @@ -35,7 +35,7 @@ de: destroy: notice: "Baustein wurde erfolgreich gelöscht." - current_sites: + current_site: update: notice: "Meine Webseite wurde erfolreich aktualisiert." alert: "Meine Webseite wurde nicht aktualisiert." @@ -55,7 +55,7 @@ de: notice: "Account wurde erfolgreich erstellt." alert: "Account wurde nicht erstellt." - my_accounts: + my_account: update: notice: "Mein Account wurde erfolreich aktualisiert." alert: "Mein Account wurde nicht aktualisiert." diff --git a/config/locales/flash.en.yml b/config/locales/flash.en.yml index bb7ec3a3..8772b9a2 100644 --- a/config/locales/flash.en.yml +++ b/config/locales/flash.en.yml @@ -35,7 +35,7 @@ en: destroy: notice: "Model was successfully deleted." - current_sites: + current_site: update: notice: "My site was successfully updated." alert: "My site was not updated." @@ -55,7 +55,7 @@ en: notice: "Account was successfully created." alert: "Account was not created." - my_accounts: + my_account: update: notice: "My account was successfully updated." alert: "My account was not updated." diff --git a/config/locales/flash.es.yml b/config/locales/flash.es.yml index 95a86452..926a251a 100644 --- a/config/locales/flash.es.yml +++ b/config/locales/flash.es.yml @@ -35,7 +35,7 @@ es: destroy: notice: "Modelo eliminado con éxito." - current_sites: + current_site: update: notice: "Sitio actualizado con éxito." alert: "El sitio se pudo actualizar." @@ -55,7 +55,7 @@ es: notice: "Cuenta creada con éxito." alert: "La cuenta no se pudo crear." - my_accounts: + my_account: update: notice: "Información de cuenta actualizada con éxito." alert: "Mi información de cuenta no se pudo actualizar." diff --git a/config/locales/flash.fr.yml b/config/locales/flash.fr.yml index c50fdff5..8addfb2b 100644 --- a/config/locales/flash.fr.yml +++ b/config/locales/flash.fr.yml @@ -35,7 +35,7 @@ fr: destroy: notice: "Le modèle a été supprimé avec succès." - current_sites: + current_site: update: notice: "Mon site a été mis à jour avec succès." alert: "Mon site n'a pas été mis à jour." @@ -55,7 +55,7 @@ fr: notice: "Le compte a été crée avec succès." alert: "Le compte n'a pas été crée." - my_accounts: + my_account: update: notice: "Mon compte a été mis à jour avec succès." alert: "Mon compte n'a pas été mis à jour." diff --git a/config/locales/flash.it.yml b/config/locales/flash.it.yml index 051f8759..a1ea1841 100644 --- a/config/locales/flash.it.yml +++ b/config/locales/flash.it.yml @@ -35,7 +35,7 @@ it: destroy: notice: "Il modello è stato eliminato con successo." - current_sites: + current_site: update: notice: "Il mio sito è stato modificato con successo." alert: "Il mio sito non è stato modificato." @@ -55,7 +55,7 @@ it: notice: "L'account è stato creato con successo." alert: "L'account non è stato creato." - my_accounts: + my_account: update: notice: "Il mio acccount è stato modificato con successo." alert: "Il mio account non è stato modificato." diff --git a/config/locales/flash.nl.yml b/config/locales/flash.nl.yml index 5ab7a323..6296aacb 100644 --- a/config/locales/flash.nl.yml +++ b/config/locales/flash.nl.yml @@ -35,7 +35,7 @@ nl: destroy: notice: "Model is verwijderd." - current_sites: + current_site: update: notice: "Mijn website is gewijzigd." alert: "Mijn website gewijzigd." @@ -55,7 +55,7 @@ nl: notice: "Account is gemaakt." alert: "Account is niet gemaakt." - my_accounts: + my_account: update: notice: "Mijn account is gewijzigd." alert: "Mijn account is niet gewijzigd." diff --git a/config/locales/flash.pt-BR.yml b/config/locales/flash.pt-BR.yml index 9843d9eb..e693b8ee 100644 --- a/config/locales/flash.pt-BR.yml +++ b/config/locales/flash.pt-BR.yml @@ -35,7 +35,7 @@ pt-BR: destroy: notice: "Modelo foi apagado com sucesso." - current_sites: + current_site: update: notice: "Meu site foi atualizado com sucesso." alert: "Meu site não foi atualizado." @@ -55,7 +55,7 @@ pt-BR: notice: "Conta foi criada com sucesso." alert: "Conta não foi criada." - my_accounts: + my_account: update: notice: "Minha conta foi atualizada com sucesso." alert: "Minha conta não foi atualizada." diff --git a/config/routes.rb b/config/routes.rb index f1953dbb..b186b5c3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -21,11 +21,11 @@ Rails.application.routes.draw do resources :sites - resource :current_site + resource :current_site, :controller => 'current_site' resources :accounts - resource :my_account + resource :my_account, :controller => 'my_account' resources :memberships diff --git a/doc/TODO b/doc/TODO index f46befff..22642185 100644 --- a/doc/TODO +++ b/doc/TODO @@ -67,6 +67,7 @@ x MERGE x remove withelist for assets since we've got now roles x admin role is not correctly set when creating a new website x the required star for file field is not shown +x Rights to set roles (ticket #104) - test and/or convert existing templates (the 2 of the themes section) - tooltip to explain the difference between 1.) Admin 2.) Author 3.) Designer? diff --git a/features/admin/authorization/current_site.feature b/features/admin/authorization/current_site.feature index 8cfdcb6a..ce61e589 100644 --- a/features/admin/authorization/current_site.feature +++ b/features/admin/authorization/current_site.feature @@ -34,9 +34,9 @@ Background: And I should see "SEO settings" And I should see "Access points" And I should not see the role dropdown on myself - And I should see the role dropdown on the "admin" + And I should not see the role dropdown on the "admin" And I should see the role dropdown on the "author" - And I should see delete on the "admin" + And I should not see delete on the "admin" And I should not see delete on myself And I should see delete on the "author"