stupid simple support for a granular permissions system based on a content types table. h@xx

app/controllers/locomotive/content_entries_controller.rb

@@ -22,26 +22,31 @@ module Locomotive
 
     def show
       @content_entry = @content_type.entries.find(params[:id])
+      authorize! params[:action].to_sym, @content_entry
       respond_with @content_entry
     end
 
     def new
       @content_entry = @content_type.entries.build
+      authorize! params[:action].to_sym, @content_entry
       respond_with @content_entry
     end
 
     def create
       @content_entry = @content_type.entries.create(params[:content_entry])
+      authorize! params[:action].to_sym, @content_entry
       respond_with @content_entry, :location => edit_content_entry_url(@content_type.slug, @content_entry._id)
     end
 
     def edit
       @content_entry = @content_type.entries.find(params[:id])
+      authorize! params[:action].to_sym, @content_entry
       respond_with @content_entry
     end
 
     def update
       @content_entry = @content_type.entries.find(params[:id])
+      authorize! params[:action].to_sym, @content_entry
       @content_entry.update_attributes(params[:content_entry])
       respond_with @content_entry, :location => edit_content_entry_url(@content_type.slug, @content_entry._id)
     end
@@ -51,8 +56,10 @@ module Locomotive
       respond_with @content_type
     end
 
+
     def destroy
       @content_entry = @content_type.entries.find(params[:id])
+      authorize! params[:action].to_sym, @content_entry
       @content_entry.destroy
       respond_with @content_entry, :location => content_entries_url(@content_type.slug)
     end

app/models/locomotive/ability.rb

@@ -32,7 +32,19 @@ module Locomotive
       can :touch, [Page, ThemeAsset]
       can :sort, Page
 
-      can :manage, [ContentEntry, ContentAsset]
+      can :manage, [ContentEntry, ContentAsset] do |entry|
+        result = true
+
+        if perm_defs = ContentType.where(:slug => 'permissions').first
+          perms = perm_defs.entries.where(:user_email => @account.email).collect(&:types).collect { |types| types.split(',') }.flatten
+
+          if !perms.empty?
+            result = perms.any? { |perm| perm == entry.content_type.slug }
+          end
+        end
+
+        result
+      end
 
       can :touch, Site do |site|
         site == @site

app/views/locomotive/pages/edit.html.haml

@@ -7,7 +7,7 @@
   = render 'locomotive/shared/actions/contents'
 
 - content_for :buttons do
-  = local_action_button :show, "/#{@page.fullpath}", :class => 'show'
+  = local_action_button :show, current_site_public_url + '/' + @page.fullpath, :class => 'show'
 
 %p!= t('.help')
 

lib/locomotive.rb

@@ -123,7 +123,16 @@ module Locomotive
   end
 
   def self.mounted_on
-    Rails.application.routes.named_routes[:locomotive].path.spec.to_s
+    url_for(Rails.application.routes.named_routes[:locomotive].path.spec.to_s)
+  end
+
+  def self.url_for(path)
+    result = path
+    if config.base_uri && !path[%r{^#{config.base_uri}}]
+      result = "#{config.base_uri}/#{path.gsub(%r{^/}, '')}"
+    end
+    result = "/#{result}" if result[0..0] != '/'
+    result
   end
 
   protected

lib/locomotive/action_controller/url_helpers.rb

@@ -9,7 +9,7 @@ module Locomotive
       end
 
       def current_site_public_url
-        request.protocol + request.host_with_port
+        request.protocol + request.host_with_port + (Locomotive.config.base_uri || '')
       end
 
       def switch_to_site_url(site, options = {})

lib/locomotive/configuration.rb

@@ -13,6 +13,7 @@ module Locomotive
       :enable_logs            => false,
       :delayed_job            => false,
       :default_locale         => :en,
+      :base_uri               => nil,
       :mailer_sender          => 'support@example.com',
       :manage_subdomain       => false,
       :manage_manage_domains  => false,