added required role for conntrollers. tags has albums. search tags/title/desc in album
This commit is contained in:
parent
f29cc5efaf
commit
c4966f7bc6
|
@ -2,10 +2,4 @@ class Admin::ApplicationController < ApplicationController
|
||||||
|
|
||||||
before_filter :require_user, :require_role_admin
|
before_filter :require_user, :require_role_admin
|
||||||
|
|
||||||
protected
|
|
||||||
|
|
||||||
def require_role_admin
|
|
||||||
redirect_to(login_path) unless @current_user
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,8 +1,15 @@
|
||||||
class AlbumsController < ApplicationController
|
class AlbumsController < ApplicationController
|
||||||
before_filter :require_user, :only => [:new, :create, :edit, :update, :delete, :destroy, :upload]
|
|
||||||
|
before_filter :require_role_admin, :only => [:untouched, :upload, :new, :create, :edit, :update, :destroy]
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@albums = Album.find(:all)
|
if params[:tag_id]
|
||||||
|
@albums = Album.find(:all, :conditions => [ "Id IN ( SELECT DISTINCT Photos.ALbum_id FROM Photos WHERE Photos.Id IN ( SELECT Photo_Id FROM Photo_Tags WHERE Photo_Tags.Tag_Id = :q) )", { :q => Tag.find_by_title( params[:tag_id] ).id } ])
|
||||||
|
elsif params[:q]
|
||||||
|
@albums = Album.find(:all, :conditions => [ "Id IN ( SELECT DISTINCT Photos.Album_Id FROM Photos WHERE Photos.description LIKE :q OR Photos.title LIKE :q OR Photos.Id IN ( SELECT Photo_Id FROM Photo_Tags LEFT OUTER JOIN Tags ON Photo_Tags.Tag_Id = Tags.Id WHERE Tags.Title LIKE :q) )", { :q => '%' + params[:q] + '%' } ])
|
||||||
|
else
|
||||||
|
@albums = Album.find(:all)
|
||||||
|
end
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html
|
format.html
|
||||||
format.json { render :json => @albums }
|
format.json { render :json => @albums }
|
||||||
|
@ -29,6 +36,10 @@ class AlbumsController < ApplicationController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def upload
|
||||||
|
@album = Album.find( params[:id])
|
||||||
|
end
|
||||||
|
|
||||||
def new
|
def new
|
||||||
@album = Album.new
|
@album = Album.new
|
||||||
end
|
end
|
||||||
|
@ -67,9 +78,4 @@ class AlbumsController < ApplicationController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def upload
|
|
||||||
@user = current_user_session
|
|
||||||
@album = Album.find( params[:id])
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,7 +8,10 @@ class ApplicationController < ActionController::Base
|
||||||
filter_parameter_logging :password, :password_confirmation
|
filter_parameter_logging :password, :password_confirmation
|
||||||
helper_method :current_user, :current_user_session
|
helper_method :current_user, :current_user_session
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def current_user_session
|
def current_user_session
|
||||||
return @current_user_session if defined?(@current_user_session)
|
return @current_user_session if defined?(@current_user_session)
|
||||||
@current_user_session = UserSession.find
|
@current_user_session = UserSession.find
|
||||||
|
@ -19,6 +22,33 @@ class ApplicationController < ActionController::Base
|
||||||
@current_user = current_user_session && current_user_session.user
|
@current_user = current_user_session && current_user_session.user
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def require_role(roles = [])
|
||||||
|
unless current_user && current_user.in_role?(*roles)
|
||||||
|
store_location
|
||||||
|
flash[:notice] = "You must have permission to access this page"
|
||||||
|
redirect_to new_user_session_url
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def require_role_admin
|
||||||
|
unless current_user && current_user.in_role?("admin")
|
||||||
|
store_location
|
||||||
|
flash[:notice] = "You must have permission to access this page"
|
||||||
|
redirect_to new_user_session_url
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def require_permission(permissions = [])
|
||||||
|
unless current_user && current_user.has_permission?(*permissions)
|
||||||
|
store_location
|
||||||
|
flash[:notice] = "You must have permission to access this page"
|
||||||
|
redirect_to new_user_session_url
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def require_user
|
def require_user
|
||||||
unless current_user
|
unless current_user
|
||||||
store_location
|
store_location
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
class CollectionsController < ApplicationController
|
class CollectionsController < ApplicationController
|
||||||
before_filter :require_user, :only => [:new, :create, :edit, :update, :delete, :destroy]
|
|
||||||
|
before_filter :require_role_admin, :only => [:new, :create, :edit, :update, :destroy]
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@collections = Collection.find(:all)
|
@collections = Collection.find(:all)
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
class PhotosController < ApplicationController
|
class PhotosController < ApplicationController
|
||||||
before_filter :require_user, :only => [:new, :create, :edit, :update, :destroy]
|
|
||||||
|
before_filter :require_role_admin, :only => [:untouched, :new, :create, :edit, :update, :destroy]
|
||||||
|
|
||||||
def index
|
def index
|
||||||
if params[:tag_id]
|
if params[:tag_id]
|
||||||
|
@ -39,8 +40,6 @@ class PhotosController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
|
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
@photo = Photo.new(params[:photo])
|
@photo = Photo.new(params[:photo])
|
||||||
if params[:Filedata]
|
if params[:Filedata]
|
||||||
|
|
|
@ -2,5 +2,7 @@
|
||||||
<p><%= h @collection.description %></p>
|
<p><%= h @collection.description %></p>
|
||||||
<%= render :partial => @collection.albums %>
|
<%= render :partial => @collection.albums %>
|
||||||
|
|
||||||
|
<% if current_user && current_user.in_role?("admin") %>
|
||||||
<br /><%= link_to "Update collection", edit_collection_path(@collection) %>
|
<br /><%= link_to "Update collection", edit_collection_path(@collection) %>
|
||||||
|
<% end %>
|
||||||
<br /><%= link_to "All collections", collections_path %>
|
<br /><%= link_to "All collections", collections_path %>
|
|
@ -9,7 +9,7 @@ ActionController::Routing::Routes.draw do |map|
|
||||||
map.resources :photos, :collection => { :untouched => :get }
|
map.resources :photos, :collection => { :untouched => :get }
|
||||||
map.resources :albums, :collection => { :untouched => :get }, :member => { :upload => :get}, :has_many => [ :photos ]
|
map.resources :albums, :collection => { :untouched => :get }, :member => { :upload => :get}, :has_many => [ :photos ]
|
||||||
map.resources :collections
|
map.resources :collections
|
||||||
map.resources :tags, :has_many => [ :photos ]
|
map.resources :tags, :has_many => [ :photos, :albums ]
|
||||||
|
|
||||||
map.namespace :admin do |admin|
|
map.namespace :admin do |admin|
|
||||||
admin.resources :users
|
admin.resources :users
|
||||||
|
|
Loading…
Reference in a new issue