Diff
Modified: trunk/app/controllers/content_types_controller.rb (2490 => 2491)
--- trunk/app/controllers/content_types_controller.rb 2010-08-02 16:03:46 UTC (rev 2490)
+++ trunk/app/controllers/content_types_controller.rb 2010-08-04 14:54:22 UTC (rev 2491)
@@ -5,7 +5,7 @@
class ContentTypesController < ApplicationController
- before_filter :find_content_type, : [ :show ]
+ before_filter :find_content_type, : [ :show, :edit, :update ]
# GET /content_types
def index
@@ -43,6 +43,30 @@
end
end
+ # GET /content_types/1
+ def edit
+ end
+
+ # PUT /content_types/1
+ def update
+
+ if !Authorization.check(:action ="" 'edit', :object => @content_type, :user => current_user)
+ error("You do not have the authorisation to edit.", "is unauthorised")
+ return
+ end
+
+ @content_type.title = params[:content_type][:title]
+ @content_type.description = params[:content_type][:description]
+
+ if @content_type.valid?
+ @content_type.save
+ redirect_to :action ="" 'show'
+ else
+ flash[:error] = "Failed to update Content Type."
+ render :action ="" :edit
+ end
+ end
+
private
def find_content_type
Modified: trunk/app/views/content_types/show.rhtml (2490 => 2491)
--- trunk/app/views/content_types/show.rhtml 2010-08-02 16:03:46 UTC (rev 2490)
+++ trunk/app/views/content_types/show.rhtml 2010-08-04 14:54:22 UTC (rev 2491)
@@ -2,6 +2,9 @@
<ul class="sectionIcons">
<li><%= icon('workflow', content_types_path, nil, nil, 'All Types')%></li>
+ <% if Authorization.check(:action ="" 'edit', :object => @content_type, :user => current_user) %>
+ <li><%= icon('manage', edit_content_type_path(@content_type), nil, nil, 'Manage Content Type Entry')%></li>
+ <% end -%>
</ul>
<h1><%= visible_name(@content_type.category) -%> Type: <%= h @content_type.title %></h1>
Modified: trunk/lib/authorization.rb (2490 => 2491)
--- trunk/lib/authorization.rb 2010-08-02 16:03:46 UTC (rev 2490)
+++ trunk/lib/authorization.rb 2010-08-04 14:54:22 UTC (rev 2491)
@@ -442,6 +442,23 @@
# "action_name" used to work with original action name, rather than classification made inside the module
is_authorized = Authorization.job_authorized?(thing_instance, action_name, user)
+ when "ContentType"
+
+ case action
+
+ when "view"
+ # anyone can view content types
+ is_authorized = true
+
+ when "edit"
+ # the owner of the content type can edit
+ is_authorized = !user.nil? && thing_instance.user_id == user_id
+
+ when "destroy"
+ # noone can destroy them yet - they just fade away from view
+ is_authorized = false
+ end
+
else
# don't recognise the kind of "thing" that is being authorized, so
# we don't specifically know that it needs to be blocked;
@@ -507,6 +524,8 @@
when "Runner"
# the line below doesn't have a typo - "runners" should really be searched in "TavernaEnactor" model
found_instance = TavernaEnactor.find(thing_id)
+ when "ContentType"
+ found_instance = ContentType.find(thing_id)
end
rescue ActiveRecord::RecordNotFound
# do nothing; makes sure that app won't crash when the required object is not found;