WorkAssignment privacy edition now works for all users

Refactored Cms Controller inheritance on Work Assignment Plugin. Added a new method on Cms controller that is extended on Work Assignment Plugin and can allow a plugin action to by pass the static before filter generated on Cms that denies any other actions outside it's list. Added a before filter on plugin cms controller that allows the visibility edition only for the article author and admins. Signed-off-by Tallys Martins <tallysmartins@gmail.com> Signed-off-by: Arhur Del Esposte <arthurmde@gmail.com> Signed-off-by: Luciano Prestes <lucianopcbr@gmail.com>

WorkAssignment privacy edition now works for all users
Refactored Cms Controller inheritance on Work Assignment Plugin. Added a new method on Cms controller that is extended on Work Assignment Plugin and can allow a plugin action to by pass the static before filter generated on Cms that denies any other actions outside it's list. Added a before filter on plugin cms controller that allows the visibility edition only for the article author and admins. Signed-off-by Tallys Martins <tallysmartins@gmail.com> Signed-off-by: Arhur Del Esposte <arthurmde@gmail.com> Signed-off-by: Luciano Prestes <lucianopcbr@gmail.com>
Tallys Martins
1 parent 1db348b8
Showing 4 changed files with 43 additions and 21 deletions Show diff stats
app/controllers/my_profile/cms_controller.rb
plugins/work_assignment/controllers/myprofile/work_assignment_plugin_cms_controller.rb
plugins/work_assignment/lib/ext/cms_controller.rb
plugins/work_assignment/lib/work_assignment_plugin/helper.rb
@@ -30,9 +30,13 @@ class CmsController &lt; MyProfileController
     (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
   end
  
+  def self.add_as_exception?(action)
+    false 
+  end
+
   action_list = [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new]
   protect_if :except => action_list do |c, user, profile|
-    user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
+    add_as_exception?(c.action_name) || user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
   end
  
   protect_if :only => :new do |c, user, profile|
@@ -1,19 +0,0 @@
-class WorkAssignmentPluginCmsController < CmsController
-
-  def edit_visibility
-    @folder = profile.articles.find(params[:article_id])
-    @back_to = url_for(@folder.parent.url)
-    if request.post?
-      @folder.published = params[:article][:published]
-      unless params[:q].nil?
-        @folder.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
-        @folder.children.each do |c|
-          c.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
-          c.save!
-        end
-      end
-      @folder.save!
-      redirect_to @back_to
-    end
-  end
-end
 \ No newline at end of file
@@ -0,0 +1,37 @@
+require_dependency 'cms_controller'
+
+class CmsController
+
+
+protect_if :only => :edit_visibility do |c,user,profile|
+  profile.articles.find(c.params[:article_id]).author == user || user.has_permission?('view_private_content', profile)
+end
+
+def edit_visibility
+  @folder = profile.articles.find(params[:article_id])
+  @back_to = url_for(@folder.parent.url)
+  if request.post?
+    @folder.published = params[:article][:published]
+    unless params[:q].nil?
+      @folder.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
+      @folder.children.each do |c|
+        c.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
+        c.save!
+      end
+    end
+    @folder.save!
+    redirect_to @back_to
+  end
+ end
+
+def self.add_as_exception?(action)
+    actions = "edit_visibility, search_article_privacy_exceptions"
+
+    if actions.include? action
+      true
+    else
+      false
+    end
+  end
+
+end
 \ No newline at end of file
@@ -83,7 +83,7 @@ module WorkAssignmentPlugin::Helper
                                 m.articles_with_access.include?(@folder)
                               }
                             )
-        colorbox_button :edit, _('Edit'), { :controller => 'work_assignment_plugin_cms', 
+        colorbox_button :edit, _('Edit'), { :controller => 'cms', 
         :action => 'edit_visibility', :article_id => @folder.id, :tokenized_children => @tokenized_children}
       end
     end
...	...	@@ -30,9 +30,13 @@ class CmsController < MyProfileController
30	30	(user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile)))
31	31	end
32	32
	33	+ def self.add_as_exception?(action)
	34	+ false
	35	+ end
	36	+
33	37	action_list = [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new]
34	38	protect_if :except => action_list do \|c, user, profile\|
35		- user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile))
	39	+ add_as_exception?(c.action_name) \|\| user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile))
36	40	end
37	41
38	42	protect_if :only => :new do \|c, user, profile\|
...	...
...	...	@@ -1,19 +0,0 @@
1		-class WorkAssignmentPluginCmsController < CmsController
2		-
3		- def edit_visibility
4		- @folder = profile.articles.find(params[:article_id])
5		- @back_to = url_for(@folder.parent.url)
6		- if request.post?
7		- @folder.published = params[:article][:published]
8		- unless params[:q].nil?
9		- @folder.article_privacy_exceptions = params[:q].split(/,/).map{\|n\| environment.people.find n.to_i}
10		- @folder.children.each do \|c\|
11		- c.article_privacy_exceptions = params[:q].split(/,/).map{\|n\| environment.people.find n.to_i}
12		- c.save!
13		- end
14		- end
15		- @folder.save!
16		- redirect_to @back_to
17		- end
18		- end
19		-end
20	0	\ No newline at end of file
...	...	@@ -0,0 +1,37 @@
	1	+require_dependency 'cms_controller'
	2	+
	3	+class CmsController
	4	+
	5	+
	6	+protect_if :only => :edit_visibility do \|c,user,profile\|
	7	+ profile.articles.find(c.params[:article_id]).author == user \|\| user.has_permission?('view_private_content', profile)
	8	+end
	9	+
	10	+def edit_visibility
	11	+ @folder = profile.articles.find(params[:article_id])
	12	+ @back_to = url_for(@folder.parent.url)
	13	+ if request.post?
	14	+ @folder.published = params[:article][:published]
	15	+ unless params[:q].nil?
	16	+ @folder.article_privacy_exceptions = params[:q].split(/,/).map{\|n\| environment.people.find n.to_i}
	17	+ @folder.children.each do \|c\|
	18	+ c.article_privacy_exceptions = params[:q].split(/,/).map{\|n\| environment.people.find n.to_i}
	19	+ c.save!
	20	+ end
	21	+ end
	22	+ @folder.save!
	23	+ redirect_to @back_to
	24	+ end
	25	+ end
	26	+
	27	+def self.add_as_exception?(action)
	28	+ actions = "edit_visibility, search_article_privacy_exceptions"
	29	+
	30	+ if actions.include? action
	31	+ true
	32	+ else
	33	+ false
	34	+ end
	35	+ end
	36	+
	37	+end
0	38	\ No newline at end of file
...	...
...	...	@@ -83,7 +83,7 @@ module WorkAssignmentPlugin::Helper
83	83	m.articles_with_access.include?(@folder)
84	84	}
85	85	)
86		- colorbox_button :edit, _('Edit'), { :controller => 'work_assignment_plugin_cms',
	86	+ colorbox_button :edit, _('Edit'), { :controller => 'cms',
87	87	:action => 'edit_visibility', :article_id => @folder.id, :tokenized_children => @tokenized_children}
88	88	end
89	89	end
...	...