added required role for conntrollers. tags has albums. search tags/title/desc in album

This commit is contained in:
Espen Antonsen 2009-06-08 16:16:30 +02:00
parent f29cc5efaf
commit c4966f7bc6
7 changed files with 51 additions and 19 deletions

View file

@ -1,11 +1,5 @@
class Admin::ApplicationController < ApplicationController
before_filter :require_user, :require_role_admin
protected
def require_role_admin
redirect_to(login_path) unless @current_user
end
end

View file

@ -1,8 +1,15 @@
class AlbumsController < ApplicationController
before_filter :require_user, :only => [:new, :create, :edit, :update, :delete, :destroy, :upload]
before_filter :require_role_admin, :only => [:untouched, :upload, :new, :create, :edit, :update, :destroy]
def index
@albums = Album.find(:all)
if params[:tag_id]
@albums = Album.find(:all, :conditions => [ "Id IN ( SELECT DISTINCT Photos.ALbum_id FROM Photos WHERE Photos.Id IN ( SELECT Photo_Id FROM Photo_Tags WHERE Photo_Tags.Tag_Id = :q) )", { :q => Tag.find_by_title( params[:tag_id] ).id } ])
elsif params[:q]
@albums = Album.find(:all, :conditions => [ "Id IN ( SELECT DISTINCT Photos.Album_Id FROM Photos WHERE Photos.description LIKE :q OR Photos.title LIKE :q OR Photos.Id IN ( SELECT Photo_Id FROM Photo_Tags LEFT OUTER JOIN Tags ON Photo_Tags.Tag_Id = Tags.Id WHERE Tags.Title LIKE :q) )", { :q => '%' + params[:q] + '%' } ])
else
@albums = Album.find(:all)
end
respond_to do |format|
format.html
format.json { render :json => @albums }
@ -28,6 +35,10 @@ class AlbumsController < ApplicationController
format.pdf { render :pdf => @album.title }
end
end
def upload
@album = Album.find( params[:id])
end
def new
@album = Album.new
@ -43,7 +54,7 @@ class AlbumsController < ApplicationController
render :action => :new
end
end
def edit
@album = Album.find( params[:id])
end
@ -67,9 +78,4 @@ class AlbumsController < ApplicationController
end
end
def upload
@user = current_user_session
@album = Album.find( params[:id])
end
end

View file

@ -7,8 +7,11 @@ class ApplicationController < ActionController::Base
filter_parameter_logging :password, :password_confirmation
helper_method :current_user, :current_user_session
private
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
@ -19,6 +22,33 @@ class ApplicationController < ActionController::Base
@current_user = current_user_session && current_user_session.user
end
def require_role(roles = [])
unless current_user && current_user.in_role?(*roles)
store_location
flash[:notice] = "You must have permission to access this page"
redirect_to new_user_session_url
return false
end
end
def require_role_admin
unless current_user && current_user.in_role?("admin")
store_location
flash[:notice] = "You must have permission to access this page"
redirect_to new_user_session_url
return false
end
end
def require_permission(permissions = [])
unless current_user && current_user.has_permission?(*permissions)
store_location
flash[:notice] = "You must have permission to access this page"
redirect_to new_user_session_url
return false
end
end
def require_user
unless current_user
store_location

View file

@ -1,5 +1,6 @@
class CollectionsController < ApplicationController
before_filter :require_user, :only => [:new, :create, :edit, :update, :delete, :destroy]
before_filter :require_role_admin, :only => [:new, :create, :edit, :update, :destroy]
def index
@collections = Collection.find(:all)

View file

@ -1,5 +1,6 @@
class PhotosController < ApplicationController
before_filter :require_user, :only => [:new, :create, :edit, :update, :destroy]
before_filter :require_role_admin, :only => [:untouched, :new, :create, :edit, :update, :destroy]
def index
if params[:tag_id]
@ -39,8 +40,6 @@ class PhotosController < ApplicationController
end
def create
respond_to do |format|
@photo = Photo.new(params[:photo])
if params[:Filedata]

View file

@ -2,5 +2,7 @@
<p><%= h @collection.description %></p>
<%= render :partial => @collection.albums %>
<% if current_user && current_user.in_role?("admin") %>
<br /><%= link_to "Update collection", edit_collection_path(@collection) %>
<% end %>
<br /><%= link_to "All collections", collections_path %>

View file

@ -9,7 +9,7 @@ ActionController::Routing::Routes.draw do |map|
map.resources :photos, :collection => { :untouched => :get }
map.resources :albums, :collection => { :untouched => :get }, :member => { :upload => :get}, :has_many => [ :photos ]
map.resources :collections
map.resources :tags, :has_many => [ :photos ]
map.resources :tags, :has_many => [ :photos, :albums ]
map.namespace :admin do |admin|
admin.resources :users