added required role for conntrollers. tags has albums. search tags/title/desc in album

2009-06-08 16:16:30 +02:00 · 2009-06-08 16:16:30 +02:00 · c4966f7bc6
parent f29cc5efaf
commit c4966f7bc6
7 changed files with 51 additions and 19 deletions
--- a/app/controllers/admin/application_controller.rb
+++ b/app/controllers/admin/application_controller.rb
@ -1,11 +1,5 @@
 class Admin::ApplicationController < ApplicationController
  
 	before_filter :require_user, :require_role_admin
-  
-  protected 
-  
-  def require_role_admin
-    redirect_to(login_path) unless @current_user
-  end

 end
--- a/app/controllers/albums_controller.rb
+++ b/app/controllers/albums_controller.rb
@ -1,8 +1,15 @@
 class AlbumsController < ApplicationController
-  before_filter :require_user, :only => [:new, :create, :edit, :update, :delete, :destroy, :upload]
+
+  before_filter :require_role_admin, :only => [:untouched, :upload, :new, :create, :edit, :update, :destroy]
  
  def index
-    @albums = Album.find(:all)
+    if params[:tag_id]
+      @albums = Album.find(:all, :conditions => [ "Id IN ( SELECT DISTINCT Photos.ALbum_id FROM Photos WHERE Photos.Id IN ( SELECT Photo_Id FROM Photo_Tags WHERE Photo_Tags.Tag_Id = :q) )", { :q => Tag.find_by_title( params[:tag_id] ).id } ])
+    elsif params[:q]
+      @albums = Album.find(:all, :conditions => [ "Id IN ( SELECT DISTINCT Photos.Album_Id FROM Photos WHERE Photos.description LIKE :q OR Photos.title LIKE :q OR Photos.Id IN ( SELECT Photo_Id FROM Photo_Tags LEFT OUTER JOIN Tags ON Photo_Tags.Tag_Id = Tags.Id WHERE Tags.Title LIKE :q) )", { :q => '%' + params[:q] + '%' } ])
+    else
+      @albums = Album.find(:all)
+    end
    respond_to do |format|
      format.html
      format.json  { render :json => @albums }
@ -28,6 +35,10 @@ class AlbumsController < ApplicationController
      format.pdf { render :pdf => @album.title }
    end
  end
+
+  def upload
+    @album = Album.find( params[:id])
+  end
    
  def new
    @album = Album.new
@ -43,7 +54,7 @@ class AlbumsController < ApplicationController
      render :action => :new
    end
  end
-  
+
  def edit
    @album = Album.find( params[:id])
  end
@ -67,9 +78,4 @@ class AlbumsController < ApplicationController
    end
  end
  
-  def upload
-    @user = current_user_session
-    @album = Album.find( params[:id])
-  end
-  
 end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -7,8 +7,11 @@ class ApplicationController < ActionController::Base

  filter_parameter_logging :password, :password_confirmation
  helper_method :current_user, :current_user_session
+
+
  
  private
+
    def current_user_session
      return @current_user_session if defined?(@current_user_session)
      @current_user_session = UserSession.find
@ -19,6 +22,33 @@ class ApplicationController < ActionController::Base
      @current_user = current_user_session && current_user_session.user
    end

+    def require_role(roles = [])
+      unless current_user && current_user.in_role?(*roles)
+        store_location
+        flash[:notice] = "You must have permission to access this page"
+        redirect_to new_user_session_url
+        return false
+      end
+    end
+
+    def require_role_admin
+      unless current_user && current_user.in_role?("admin")
+        store_location
+        flash[:notice] = "You must have permission to access this page"
+        redirect_to new_user_session_url
+        return false
+      end
+    end
+    
+    def require_permission(permissions = [])
+      unless current_user && current_user.has_permission?(*permissions)
+        store_location
+        flash[:notice] = "You must have permission to access this page"
+        redirect_to new_user_session_url
+        return false
+      end
+    end
+
    def require_user
      unless current_user
        store_location
--- a/app/controllers/collections_controller.rb
+++ b/app/controllers/collections_controller.rb
@ -1,5 +1,6 @@
 class CollectionsController < ApplicationController
-  before_filter :require_user, :only => [:new, :create, :edit, :update, :delete, :destroy]
+  
+  before_filter :require_role_admin, :only => [:new, :create, :edit, :update, :destroy]
  
  def index
    @collections = Collection.find(:all)
--- a/app/controllers/photos_controller.rb
+++ b/app/controllers/photos_controller.rb
@ -1,5 +1,6 @@
 class PhotosController < ApplicationController
-  before_filter :require_user, :only => [:new, :create, :edit, :update, :destroy]
+
+  before_filter :require_role_admin, :only => [:untouched, :new, :create, :edit, :update, :destroy]

  def index
    if params[:tag_id]
@ -39,8 +40,6 @@ class PhotosController < ApplicationController
  end

  def create
-    
-
    respond_to do |format|
      @photo = Photo.new(params[:photo])
      if params[:Filedata]
--- a/app/views/collections/show.html.erb
+++ b/app/views/collections/show.html.erb
@ -2,5 +2,7 @@
 <p><%= h @collection.description %></p>
 <%= render :partial => @collection.albums %>

+<% if current_user && current_user.in_role?("admin") %>
 <br /><%= link_to "Update collection", edit_collection_path(@collection) %>
+<% end %>
 <br /><%= link_to "All collections", collections_path %>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -9,7 +9,7 @@ ActionController::Routing::Routes.draw do |map|
  map.resources :photos, :collection => { :untouched => :get }
  map.resources :albums, :collection => { :untouched => :get }, :member => { :upload => :get}, :has_many => [ :photos ]
  map.resources :collections
-  map.resources :tags, :has_many => [ :photos ]
+  map.resources :tags, :has_many => [ :photos, :albums ]
  
 	map.namespace :admin do |admin|
    admin.resources :users