Merge branch 'feature/frontend_edit_authentication'

2011-09-04 01:15:52 +08:00 · 2011-09-04 01:15:52 +08:00 · efc843c2d9
commit efc843c2d9
parent 1b86150042 8dbd51734a
4 changed files with 57 additions and 2 deletions
--- a/app/controllers/admin/rendering_controller.rb
+++ b/app/controllers/admin/rendering_controller.rb
@ -6,10 +6,17 @@ module Admin
    include Locomotive::Render

    before_filter :require_site
+    before_filter :authenticate_admin!, :only => [:edit]
+    before_filter :validate_site_membership, :only => [:edit]

    def show
      render_locomotive_page
    end

+    def edit
+      @editing = true
+      render_locomotive_page
+    end
+
  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -65,6 +65,6 @@ Rails.application.routes.draw do

  # magic urls
  match '/' => 'admin/rendering#show'
-  match '*path/edit' => 'admin/rendering#show', :defaults => { :editing => true }
+  match '*path/edit' => 'admin/rendering#edit'
  match '*path' => 'admin/rendering#show'
 end
--- a/features/admin/authorization/inline_front_end_editing.feature
+++ b/features/admin/authorization/inline_front_end_editing.feature
@ -0,0 +1,48 @@
+@javascript
+Feature: Inline frontend editing
+  In order to ensure site content is not tampered with
+  As an admin, designer or author
+  I will be restricted based on my role
+
+  Background:
+    Given I have the site: "test site" set up
+    And I have a designer and an author
+    Given a page named "about" with the template:
+    """
+    <html>
+      <head>{% inline_editor %}</head>
+      <body>Page Content</body>
+    </html>
+    """
+
+  Scenario: As an unauthenticated user
+    Given I am not authenticated
+    When I view the rendered page at "/about"
+    Then I should not see "edit"
+    When I view the rendered page at "/about/edit"
+    Then I should not see "Page Content"
+    And I should see "Log in"
+
+  Scenario: Inline editing as an Admin
+    Given I am an authenticated "admin"
+    When I view the rendered page at "/about"
+    Then I should see "admin"
+    And I should see "edit"
+    When I view the rendered page at "/about/edit"
+    Then I should see "Page Content"
+
+  Scenario: Inline editing as a Designer
+    Given I am an authenticated "designer"
+    When I view the rendered page at "/about"
+    Then I should see "admin"
+    And I should see "edit"
+    When I view the rendered page at "/about/edit"
+    Then I should see "Page Content"
+
+  Scenario: Inline editing as an Author
+    Given I am an authenticated "author"
+    When I view the rendered page at "/about"
+    Then I should see "admin"
+    And I should see "edit"
+    When I view the rendered page at "/about/edit"
+    Then I should see "Page Content"
--- a/lib/locomotive/render.rb
+++ b/lib/locomotive/render.rb
@ -111,7 +111,7 @@ module Locomotive
      end

      def editing_page?
-        self.params[:editing] == true && current_admin
+        @editing
      end

      def page_status