app/controllers/caboose/sites_controller.rb in caboose-cms-0.5.181 vs app/controllers/caboose/sites_controller.rb in caboose-cms-0.5.182
- old
+ new
@@ -9,10 +9,14 @@
end
# GET /admin/sites
def admin_index
return if !user_is_allowed('sites', 'view')
+ if @site.name != 'application'
+ @error = "You are not allowed to manage sites."
+ render :file => 'caboose/extras/error' and return
+ end
@pager = PageBarGenerator.new(params, {
'name_like' => '',
},{
'model' => 'Caboose::Site',
@@ -25,35 +29,66 @@
end
# GET /admin/sites/new
def admin_new
return if !user_is_allowed('sites', 'add')
+ if @site.name != 'application'
+ @error = "You are not allowed to manage sites."
+ render :file => 'caboose/extras/error' and return
+ end
+
@site = Site.new
end
# GET /admin/sites/:id
def admin_edit
return if !user_is_allowed('sites', 'edit')
+ if @site.name != 'application'
+ @error = "You are not allowed to manage sites."
+ render :file => 'caboose/extras/error' and return
+ end
+
@site = Site.find(params[:id])
+
+ # Create an admin user for the account
+ if User.where(:username => 'admin', :site_id => @site.id).exists?
+ admin_user = User.create(:username => 'admin', :site_id => @site.id)
+ admin_role = Role.where(:name => 'Admin').first
+ if admin_role
+ RoleMembership.create(:user_id => admin_user.id, :role_id => admin_role.id)
+ else
+ Caboose.log("Error: no admin role exists.")
+ end
+ end
end
# GET /admin/sites/:id/block-types
def admin_edit_block_types
return if !user_is_allowed('sites', 'edit')
+ if @site.name != 'application'
+ @error = "You are not allowed to manage sites."
+ render :file => 'caboose/extras/error' and return
+ end
+
@site = Site.find(params[:id])
end
# GET /admin/sites/:id/delete
def admin_delete_form
return if !user_is_allowed('sites', 'edit')
+ if @site.name != 'application'
+ @error = "You are not allowed to manage sites."
+ render :file => 'caboose/extras/error' and return
+ end
@site = Site.find(params[:id])
end
# POST /admin/sites
def admin_add
return if !user_is_allowed('sites', 'add')
-
+ render :json => { :error => "You are not allowed to manage sites." } and return if @site.name != 'application'
+
resp = StdClass.new
site = Site.new
site.name = params[:name].strip
if site.name.length == 0
@@ -63,16 +98,28 @@
StoreConfig.create(:site_id => site.id)
SmtpConfig.create( :site_id => site.id)
resp.redirect = "/admin/sites/#{site.id}"
end
+ # Create an admin user for the account
+ if User.where(:username => 'admin', :site_id => site.id).exists?
+ admin_user = User.create(:username => 'admin', :site_id => site.id)
+ admin_role = Role.where(:name => 'Admin').first
+ if admin_role
+ RoleMembership.create(:user_id => admin_user.id, :role_id => admin_role.id)
+ else
+ Caboose.log("Error: no admin role exists.")
+ end
+ end
+
render :json => resp
end
# PUT /admin/sites/:id
def admin_update
return if !user_is_allowed('sites', 'edit')
+ render :json => { :error => "You are not allowed to manage sites." } and return if @site.name != 'application'
resp = StdClass.new
site = Site.find(params[:id])
save = true
@@ -90,10 +137,11 @@
end
# POST /admin/sites/:id/logo
def admin_update_logo
return if !user_is_allowed('sites', 'edit')
+ render :json => { :error => "You are not allowed to manage sites." } and return if @site.name != 'application'
site = Site.find(params[:id])
site.logo = params[:logo]
site.save
@@ -104,10 +152,12 @@
end
# DELETE /admin/sites/:id
def admin_delete
return if !user_is_allowed('sites', 'delete')
+ render :json => { :error => "You are not allowed to manage sites." } and return if @site.name != 'application'
+
site = Site.find(params[:id])
site.destroy
resp = StdClass.new({
'redirect' => '/admin/sites'
@@ -116,26 +166,32 @@
end
# POST /admin/sites/:id/members
def admin_add_member
return if !user_is_allowed('sites', 'edit')
+ render :json => { :error => "You are not allowed to manage sites." } and return if @site.name != 'application'
+
sm = SiteMembership.where(:site_id => params[:id], :user_id => params[:user_id]).first
sm = SiteMembership.create(:site_id => params[:id], :user_id => params[:user_id]) if sm.nil?
sm.role = params[:role]
sm.save
render :json => true
end
# DELETE /admin/sites/:id/members/:user_id
def admin_remove_member
return if !user_is_allowed('sites', 'edit')
+ render :json => { :error => "You are not allowed to manage sites." } and return if @site.name != 'application'
+
SiteMembership.where(:site_id => params[:id], :user_id => params[:user_id]).destroy_all
render :json => true
end
# GET /admin/sites/options
def options
return if !user_is_allowed('sites', 'view')
+ render :json => { :error => "You are not allowed to manage sites." } and return if @site.name != 'application'
+
options = Site.reorder('name').all.collect { |s| { 'value' => s.id, 'text' => s.name }}
render :json => options
end
end