Download as
Browse Code »

Commit 4d6a766f51ba0564eab793e554d89c7061090760

Authored by MoisesMachado
1 parent cafedbe4
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

ActionItem177: applied access control on the admin controllers and added a new m… 

…igration to add new permissions to the system roles


git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1519 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing 4 changed files with 26 additions and 1 deletions   Show diff stats
app/controllers/admin/edit_template_controller.rb
  Diff comments   View file @4d6a766
1 1 class EditTemplateController < AdminController
2 2  
  3 + protect 'edit_environment_design', :environment
  4 +
3 5 #FIXME
4 6 #design_editor :holder => 'environment', :autosave => true, :block_types => :block_types
5 7  
... ...
app/controllers/admin/environment_design_controller.rb
  Diff comments   View file @4d6a766
1 1 class EnvironmentDesignController < BoxOrganizerController
2 2  
  3 + protect 'edit_environment_design'
  4 +
3 5 def available_blocks
4 6 @available_blocks ||= [ LoginBlock, EnvironmentStatisticsBlock, RecentDocumentsBlock, ProfileListBlock ]
5 7 end
... ...
app/controllers/admin/region_validators_controller.rb
  Diff comments   View file @4d6a766
... ... @@ -2,7 +2,7 @@ class RegionValidatorsController &lt; ApplicationController
2 2  
3 3 before_filter :load_region_and_search, :except => 'index'
4 4  
5   -# protect 'manage_environment_validators', :environment
  5 + protect 'manage_environment_validators', :environment
6 6  
7 7 def index
8 8 @regions = Region.top_level_for(environment)
... ...
db/migrate/024_new_permissions.rb 0 → 100644
  Diff comments   View file @4d6a766
... ... @@ -0,0 +1,21 @@
  1 +class NewPermissions < ActiveRecord::Migration
  2 + def self.up
  3 + admin = Role.find_by_key('profile_admin')
  4 + admin.permissions += ['manage_friends', 'validate_enterprise', 'peform_task']
  5 + admin.save
  6 +
  7 + moderator = Role.find_by_key('profile_moderator')
  8 + moderator.permissions += ['manage_friends', 'peform_task']
  9 + moderator.save
  10 + end
  11 +
  12 + def self.down
  13 + admin = Role.find_by_key('profile_admin')
  14 + admin.permissions -= ['manage_friends', 'validate_enterprise', 'peform_task']
  15 + admin.save
  16 +
  17 + moderator = Role.find_by_key('profile_moderator')
  18 + moderator.permissions -= ['manage_friends', 'peform_task']
  19 + moderator.save
  20 + end
  21 +end
... ...