From dfed60056c9e3f6162e9e7f28a9da4a9de605f02 Mon Sep 17 00:00:00 2001
From: Tallys Martins <tallysmartins@yahoo.com.br>
Date: Thu, 18 Dec 2014 20:59:36 -0200
Subject: [PATCH] WorkAssignment privacy edition now works for all users

---
 app/controllers/my_profile/cms_controller.rb                                           |  6 +++++-
 plugins/work_assignment/controllers/myprofile/work_assignment_plugin_cms_controller.rb | 19 -------------------
 plugins/work_assignment/lib/ext/cms_controller.rb                                      | 37 +++++++++++++++++++++++++++++++++++++
 plugins/work_assignment/lib/work_assignment_plugin/helper.rb                           |  2 +-
 4 files changed, 43 insertions(+), 21 deletions(-)
 delete mode 100644 plugins/work_assignment/controllers/myprofile/work_assignment_plugin_cms_controller.rb
 create mode 100644 plugins/work_assignment/lib/ext/cms_controller.rb

diff --git a/app/controllers/my_profile/cms_controller.rb b/app/controllers/my_profile/cms_controller.rb
index 6d1494b..c660c0a 100644
--- a/app/controllers/my_profile/cms_controller.rb
+++ b/app/controllers/my_profile/cms_controller.rb
@@ -30,9 +30,13 @@ class CmsController < MyProfileController
     (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
   end
 
+  def self.add_as_exception?(action)
+    false 
+  end
+
   action_list = [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new]
   protect_if :except => action_list do |c, user, profile|
-    user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
+    add_as_exception?(c.action_name) || user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
   end
 
   protect_if :only => :new do |c, user, profile|
diff --git a/plugins/work_assignment/controllers/myprofile/work_assignment_plugin_cms_controller.rb b/plugins/work_assignment/controllers/myprofile/work_assignment_plugin_cms_controller.rb
deleted file mode 100644
index 3bbf79d..0000000
--- a/plugins/work_assignment/controllers/myprofile/work_assignment_plugin_cms_controller.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-class WorkAssignmentPluginCmsController < CmsController
-
-  def edit_visibility
-    @folder = profile.articles.find(params[:article_id])
-    @back_to = url_for(@folder.parent.url)
-    if request.post?
-      @folder.published = params[:article][:published]
-      unless params[:q].nil?
-        @folder.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
-        @folder.children.each do |c|
-          c.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
-          c.save!
-        end
-      end
-      @folder.save!
-      redirect_to @back_to
-    end
-  end
-end
\ No newline at end of file
diff --git a/plugins/work_assignment/lib/ext/cms_controller.rb b/plugins/work_assignment/lib/ext/cms_controller.rb
new file mode 100644
index 0000000..b591bb2
--- /dev/null
+++ b/plugins/work_assignment/lib/ext/cms_controller.rb
@@ -0,0 +1,37 @@
+require_dependency 'cms_controller'
+
+class CmsController
+
+
+protect_if :only => :edit_visibility do |c,user,profile|
+  profile.articles.find(c.params[:article_id]).author == user || user.has_permission?('view_private_content', profile)
+end
+
+def edit_visibility
+  @folder = profile.articles.find(params[:article_id])
+  @back_to = url_for(@folder.parent.url)
+  if request.post?
+    @folder.published = params[:article][:published]
+    unless params[:q].nil?
+      @folder.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
+      @folder.children.each do |c|
+        c.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
+        c.save!
+      end
+    end
+    @folder.save!
+    redirect_to @back_to
+  end
+ end
+
+def self.add_as_exception?(action)
+    actions = "edit_visibility, search_article_privacy_exceptions"
+
+    if actions.include? action
+      true
+    else
+      false
+    end
+  end
+
+end
\ No newline at end of file
diff --git a/plugins/work_assignment/lib/work_assignment_plugin/helper.rb b/plugins/work_assignment/lib/work_assignment_plugin/helper.rb
index dc181fb..bd40de4 100644
--- a/plugins/work_assignment/lib/work_assignment_plugin/helper.rb
+++ b/plugins/work_assignment/lib/work_assignment_plugin/helper.rb
@@ -83,7 +83,7 @@ module WorkAssignmentPlugin::Helper
                                 m.articles_with_access.include?(@folder)
                               }
                             )
-        colorbox_button :edit, _('Edit'), { :controller => 'work_assignment_plugin_cms', 
+        colorbox_button :edit, _('Edit'), { :controller => 'cms', 
         :action => 'edit_visibility', :article_id => @folder.id, :tokenized_children => @tokenized_children}
       end
     end
--
libgit2 0.21.2