app/controllers/knitkit/erp_app/desktop/website_controller.rb in knitkit-2.0.0 vs app/controllers/knitkit/erp_app/desktop/website_controller.rb in knitkit-2.0.1
- old
+ new
@@ -40,13 +40,20 @@
:only => [:comment, :id, :version, :created_at, :active],
:methods => [:viewing, :published_by_username])} }"
end
def activate_publication
- @website.set_publication_version(params[:version].to_f, current_user)
+ model = DesktopApplication.find_by_internal_identifier('knitkit')
+ begin
+ current_user.with_capability(model, 'activate', 'Website') do
+ @website.set_publication_version(params[:version].to_f, current_user)
- render :json => {:success => true}
+ render :json => {:success => true}
+ end
+ rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+ render :json => {:success => false, :message => ex.message}
+ end
end
def set_viewing_version
if session[:website_version].blank?
session[:website_version] = []
@@ -58,112 +65,163 @@
render :json => {:success => true}
end
def publish
- @website.publish(params[:comment], current_user)
+ model = DesktopApplication.find_by_internal_identifier('knitkit')
+ begin
+ current_user.with_capability(model, 'publish', 'Website') do
+ @website.publish(params[:comment], current_user)
- render :json => {:success => true}
+ render :json => {:success => true}
+ end
+ rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+ render :json => {:success => false, :message => ex.message}
+ end
end
def new
- result = {}
- website = Website.new
- website.subtitle = params[:subtitle]
- website.title = params[:title]
- website.name = params[:name]
- website.email = params[:email]
- website.auto_activate_publication = params[:auto_activate_publication] == 'yes'
- website.email_inquiries = params[:email_inquiries] == 'yes'
+ model = DesktopApplication.find_by_internal_identifier('knitkit')
+ begin
+ current_user.with_capability(model, 'create', 'Website') do
+ result = {}
+ website = Website.new
+ website.subtitle = params[:subtitle]
+ website.title = params[:title]
+ website.name = params[:name]
+ website.email = params[:email]
+ website.auto_activate_publication = params[:auto_activate_publication] == 'yes'
+ website.email_inquiries = params[:email_inquiries] == 'yes'
- # create homepage
- website_section = WebsiteSection.new
- website_section.title = "Home"
- website_section.in_menu = true
- website.website_sections << website_section
- if website.save
- website.setup_default_pages
+ # create homepage
+ website_section = WebsiteSection.new
+ website_section.title = "Home"
+ website_section.in_menu = true
+ website.website_sections << website_section
+ if website.save
+ website.setup_default_pages
- #set default publication published by user
- first_publication = website.published_websites.first
- first_publication.published_by = current_user
- first_publication.save
+ #set default publication published by user
+ first_publication = website.published_websites.first
+ first_publication.published_by = current_user
+ first_publication.save
- website.hosts << WebsiteHost.create(:host => params[:host])
- website.save
+ website.hosts << WebsiteHost.create(:host => params[:host])
+ website.configurations.first.update_configuration_item(ConfigurationItemType.find_by_internal_identifier('primary_host'), params[:host])
+ website.save
- website.publish("Publish Default Sections", current_user)
- PublishedWebsite.activate(website, 1, current_user)
+ website.publish("Publish Default Sections", current_user)
+ PublishedWebsite.activate(website, 1, current_user)
- result[:success] = true
- else
- result[:success] = false
- end
+ result[:success] = true
+ else
+ result[:success] = false
+ end
- render :json => result
+ render :json => result
+ end
+ rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+ render :json => {:success => false, :message => ex.message}
+ end
end
def update
- @website.email = params[:email]
- @website.name = params[:name]
- @website.title = params[:title]
- @website.subtitle = params[:subtitle]
- @website.auto_activate_publication = params[:auto_activate_publication] == 'yes'
- @website.email_inquiries = params[:email_inquiries] == 'yes'
+ model = DesktopApplication.find_by_internal_identifier('knitkit')
+ begin
+ current_user.with_capability(model, 'edit', 'Website') do
+ @website.email = params[:email]
+ @website.name = params[:name]
+ @website.title = params[:title]
+ @website.subtitle = params[:subtitle]
+ @website.auto_activate_publication = params[:auto_activate_publication] == 'yes'
+ @website.email_inquiries = params[:email_inquiries] == 'yes'
- render :json => @website.save ? {:success => true} : {:success => false}
+ render :json => @website.save ? {:success => true} : {:success => false}
+ end
+ rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+ render :json => {:success => false, :message => ex.message}
+ end
end
def delete
- render :json => @website.destroy ? {:success => true} : {:success => false}
+ model = DesktopApplication.find_by_internal_identifier('knitkit')
+ begin
+ current_user.with_capability(model, 'delete', 'Website') do
+ render :json => @website.destroy ? {:success => true} : {:success => false}
+ end
+ rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+ render :json => {:success => false, :message => ex.message}
+ end
end
def export
zip_path = @website.export
send_file(zip_path.to_s, :stream => false) rescue raise "Error sending #{zip_path} file"
ensure
FileUtils.rm_r File.dirname(zip_path) rescue nil
end
+ # TODO add role restriction to this
def import
result, message = Website.import(params[:website_data], current_user)
render :inline => {:success => result, :message => message}.to_json
ensure
FileUtils.rm_r File.dirname(zip_path) rescue nil
end
def add_host
- website = Website.find(params[:id])
- website_host = WebsiteHost.create(:host => params[:host])
- website.hosts << website_host
- website.save
+ model = DesktopApplication.find_by_internal_identifier('knitkit')
+ begin
+ current_user.with_capability(model, 'create', 'Host') do
+ website = Website.find(params[:id])
+ website_host = WebsiteHost.create(:host => params[:host])
+ website.hosts << website_host
+ website.save
- render :json => {
- :success => true,
- :node => {
- :text => website_host.attributes['host'],
- :websiteHostId => website_host.id,
- :host => website_host.attributes['host'],
- :iconCls => 'icon-globe',
- :url => "http://#{website_host.attributes['host']}",
- :isHost => true,
- :leaf => true,
- :children => []}
- }
+ render :json => {
+ :success => true,
+ :node => {
+ :text => website_host.attributes['host'],
+ :websiteHostId => website_host.id,
+ :host => website_host.attributes['host'],
+ :iconCls => 'icon-globe',
+ :url => "http://#{website_host.attributes['host']}",
+ :isHost => true,
+ :leaf => true,
+ :children => []}
+ }
+ end
+ rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+ render :json => {:success => false, :message => ex.message}
+ end
end
def update_host
- website_host = WebsiteHost.find(params[:id])
- website_host.host = params[:host]
- website_host.save
+ model = DesktopApplication.find_by_internal_identifier('knitkit')
+ begin
+ current_user.with_capability(model, 'edit', 'Host') do
+ website_host = WebsiteHost.find(params[:id])
+ website_host.host = params[:host]
+ website_host.save
- render :json => {:success => true}
+ render :json => {:success => true}
+ end
+ rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+ render :json => {:success => false, :message => ex.message}
+ end
end
def delete_host
- render :json => WebsiteHost.destroy(params[:id]) ? {:success => true} : {:success => false}
+ model = DesktopApplication.find_by_internal_identifier('knitkit')
+ begin
+ current_user.with_capability(model, 'delete', 'Host') do
+ render :json => WebsiteHost.destroy(params[:id]) ? {:success => true} : {:success => false}
+ end
+ rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability=>ex
+ render :json => {:success => false, :message => ex.message}
+ end
end
protected
def set_website