diff --git a/app/controllers/admin/application_controller.rb b/app/controllers/admin/application_controller.rb index 5d04632..09de35b 100644 --- a/app/controllers/admin/application_controller.rb +++ b/app/controllers/admin/application_controller.rb @@ -1,11 +1,5 @@ class Admin::ApplicationController < ApplicationController before_filter :require_user, :require_role_admin - - protected - - def require_role_admin - redirect_to(login_path) unless @current_user - end end diff --git a/app/controllers/albums_controller.rb b/app/controllers/albums_controller.rb index 5f47405..27092b2 100644 --- a/app/controllers/albums_controller.rb +++ b/app/controllers/albums_controller.rb @@ -1,8 +1,15 @@ class AlbumsController < ApplicationController - before_filter :require_user, :only => [:new, :create, :edit, :update, :delete, :destroy, :upload] + + before_filter :require_role_admin, :only => [:untouched, :upload, :new, :create, :edit, :update, :destroy] def index - @albums = Album.find(:all) + if params[:tag_id] + @albums = Album.find(:all, :conditions => [ "Id IN ( SELECT DISTINCT Photos.ALbum_id FROM Photos WHERE Photos.Id IN ( SELECT Photo_Id FROM Photo_Tags WHERE Photo_Tags.Tag_Id = :q) )", { :q => Tag.find_by_title( params[:tag_id] ).id } ]) + elsif params[:q] + @albums = Album.find(:all, :conditions => [ "Id IN ( SELECT DISTINCT Photos.Album_Id FROM Photos WHERE Photos.description LIKE :q OR Photos.title LIKE :q OR Photos.Id IN ( SELECT Photo_Id FROM Photo_Tags LEFT OUTER JOIN Tags ON Photo_Tags.Tag_Id = Tags.Id WHERE Tags.Title LIKE :q) )", { :q => '%' + params[:q] + '%' } ]) + else + @albums = Album.find(:all) + end respond_to do |format| format.html format.json { render :json => @albums } @@ -28,6 +35,10 @@ class AlbumsController < ApplicationController format.pdf { render :pdf => @album.title } end end + + def upload + @album = Album.find( params[:id]) + end def new @album = Album.new @@ -43,7 +54,7 @@ class AlbumsController < ApplicationController render :action => :new end end - + def edit @album = Album.find( params[:id]) end @@ -67,9 +78,4 @@ class AlbumsController < ApplicationController end end - def upload - @user = current_user_session - @album = Album.find( params[:id]) - end - end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 51686da..88d4520 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -7,8 +7,11 @@ class ApplicationController < ActionController::Base filter_parameter_logging :password, :password_confirmation helper_method :current_user, :current_user_session + + private + def current_user_session return @current_user_session if defined?(@current_user_session) @current_user_session = UserSession.find @@ -19,6 +22,33 @@ class ApplicationController < ActionController::Base @current_user = current_user_session && current_user_session.user end + def require_role(roles = []) + unless current_user && current_user.in_role?(*roles) + store_location + flash[:notice] = "You must have permission to access this page" + redirect_to new_user_session_url + return false + end + end + + def require_role_admin + unless current_user && current_user.in_role?("admin") + store_location + flash[:notice] = "You must have permission to access this page" + redirect_to new_user_session_url + return false + end + end + + def require_permission(permissions = []) + unless current_user && current_user.has_permission?(*permissions) + store_location + flash[:notice] = "You must have permission to access this page" + redirect_to new_user_session_url + return false + end + end + def require_user unless current_user store_location diff --git a/app/controllers/collections_controller.rb b/app/controllers/collections_controller.rb index d5b6ef2..3a22ad3 100644 --- a/app/controllers/collections_controller.rb +++ b/app/controllers/collections_controller.rb @@ -1,5 +1,6 @@ class CollectionsController < ApplicationController - before_filter :require_user, :only => [:new, :create, :edit, :update, :delete, :destroy] + + before_filter :require_role_admin, :only => [:new, :create, :edit, :update, :destroy] def index @collections = Collection.find(:all) diff --git a/app/controllers/photos_controller.rb b/app/controllers/photos_controller.rb index 787db43..1aa2087 100644 --- a/app/controllers/photos_controller.rb +++ b/app/controllers/photos_controller.rb @@ -1,5 +1,6 @@ class PhotosController < ApplicationController - before_filter :require_user, :only => [:new, :create, :edit, :update, :destroy] + + before_filter :require_role_admin, :only => [:untouched, :new, :create, :edit, :update, :destroy] def index if params[:tag_id] @@ -39,8 +40,6 @@ class PhotosController < ApplicationController end def create - - respond_to do |format| @photo = Photo.new(params[:photo]) if params[:Filedata] diff --git a/app/views/collections/show.html.erb b/app/views/collections/show.html.erb index b4585a7..70b9510 100644 --- a/app/views/collections/show.html.erb +++ b/app/views/collections/show.html.erb @@ -2,5 +2,7 @@
<%= h @collection.description %>
<%= render :partial => @collection.albums %> +<% if current_user && current_user.in_role?("admin") %>